Azure Classic v6.2.0, Sep 27 24

We recommend using Azure Native.

Azure Classic v6.2.0 published on Friday, Sep 27, 2024 by Pulumi

pulumi/pulumi-azure

azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v6.2.0 published on Friday, Sep 27, 2024 by Pulumi

pulumi/pulumi-azure

Example Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

Coming soon!

resources:
  example:
    type: azure:keyvault:ManagedHardwareSecurityModule
    properties:
      name: example
      resourceGroupName: ${exampleAzurermResourceGroup.name}
      location: ${exampleAzurermResourceGroup.location}
      skuName: Standard_B1
      tenantId: ${current.tenantId}
      adminObjectIds:
        - ${current.objectId}
      purgeProtectionEnabled: false
      activeConfig:
        - securityDomainCertificate:
            - ${cert[0].id}
            - ${cert[1].id}
            - ${cert[2].id}
          securityDomainQuorum: 2
  exampleManagedHardwareSecurityModuleRoleDefinition:
    type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
    name: example
    properties:
      name: 7d206142-bf01-11ed-80bc-00155d61ee9e
      vaultBaseUrl: ${example.hsmUri}
      description: desc foo
      permissions:
        - dataActions:
            - Microsoft.KeyVault/managedHsm/keys/read/action

Create ManagedHardwareSecurityModuleRoleDefinition Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ManagedHardwareSecurityModuleRoleDefinition(name: string, args: ManagedHardwareSecurityModuleRoleDefinitionArgs, opts?: CustomResourceOptions);

@overload
def ManagedHardwareSecurityModuleRoleDefinition(resource_name: str,
                                                args: ManagedHardwareSecurityModuleRoleDefinitionArgs,
                                                opts: Optional[ResourceOptions] = None)

@overload
def ManagedHardwareSecurityModuleRoleDefinition(resource_name: str,
                                                opts: Optional[ResourceOptions] = None,
                                                managed_hsm_id: Optional[str] = None,
                                                description: Optional[str] = None,
                                                name: Optional[str] = None,
                                                permissions: Optional[Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]] = None,
                                                role_name: Optional[str] = None)

func NewManagedHardwareSecurityModuleRoleDefinition(ctx *Context, name string, args ManagedHardwareSecurityModuleRoleDefinitionArgs, opts ...ResourceOption) (*ManagedHardwareSecurityModuleRoleDefinition, error)

public ManagedHardwareSecurityModuleRoleDefinition(string name, ManagedHardwareSecurityModuleRoleDefinitionArgs args, CustomResourceOptions? opts = null)

public ManagedHardwareSecurityModuleRoleDefinition(String name, ManagedHardwareSecurityModuleRoleDefinitionArgs args)
public ManagedHardwareSecurityModuleRoleDefinition(String name, ManagedHardwareSecurityModuleRoleDefinitionArgs args, CustomResourceOptions options)

type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ManagedHardwareSecurityModuleRoleDefinitionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ManagedHardwareSecurityModuleRoleDefinitionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ManagedHardwareSecurityModuleRoleDefinitionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ManagedHardwareSecurityModuleRoleDefinitionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ManagedHardwareSecurityModuleRoleDefinitionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var managedHardwareSecurityModuleRoleDefinitionResource = new Azure.KeyVault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", new()
{
    ManagedHsmId = "string",
    Description = "string",
    Name = "string",
    Permissions = new[]
    {
        new Azure.KeyVault.Inputs.ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs
        {
            Actions = new[]
            {
                "string",
            },
            DataActions = new[]
            {
                "string",
            },
            NotActions = new[]
            {
                "string",
            },
            NotDataActions = new[]
            {
                "string",
            },
        },
    },
    RoleName = "string",
});

example, err := keyvault.NewManagedHardwareSecurityModuleRoleDefinition(ctx, "managedHardwareSecurityModuleRoleDefinitionResource", &keyvault.ManagedHardwareSecurityModuleRoleDefinitionArgs{
	ManagedHsmId: pulumi.String("string"),
	Description:  pulumi.String("string"),
	Name:         pulumi.String("string"),
	Permissions: keyvault.ManagedHardwareSecurityModuleRoleDefinitionPermissionArray{
		&keyvault.ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs{
			Actions: pulumi.StringArray{
				pulumi.String("string"),
			},
			DataActions: pulumi.StringArray{
				pulumi.String("string"),
			},
			NotActions: pulumi.StringArray{
				pulumi.String("string"),
			},
			NotDataActions: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	RoleName: pulumi.String("string"),
})

var managedHardwareSecurityModuleRoleDefinitionResource = new ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", ManagedHardwareSecurityModuleRoleDefinitionArgs.builder()
    .managedHsmId("string")
    .description("string")
    .name("string")
    .permissions(ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs.builder()
        .actions("string")
        .dataActions("string")
        .notActions("string")
        .notDataActions("string")
        .build())
    .roleName("string")
    .build());

managed_hardware_security_module_role_definition_resource = azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource",
    managed_hsm_id="string",
    description="string",
    name="string",
    permissions=[{
        "actions": ["string"],
        "dataActions": ["string"],
        "notActions": ["string"],
        "notDataActions": ["string"],
    }],
    role_name="string")

const managedHardwareSecurityModuleRoleDefinitionResource = new azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition("managedHardwareSecurityModuleRoleDefinitionResource", {
    managedHsmId: "string",
    description: "string",
    name: "string",
    permissions: [{
        actions: ["string"],
        dataActions: ["string"],
        notActions: ["string"],
        notDataActions: ["string"],
    }],
    roleName: "string",
});

type: azure:keyvault:ManagedHardwareSecurityModuleRoleDefinition
properties:
    description: string
    managedHsmId: string
    name: string
    permissions:
        - actions:
            - string
          dataActions:
            - string
          notActions:
            - string
          notDataActions:
            - string
    roleName: string

ManagedHardwareSecurityModuleRoleDefinition Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ManagedHardwareSecurityModuleRoleDefinition resource accepts the following input properties:

ManagedHsmId string
Description string: Specifies a text description about this KeyVault Role Definition.
Name string: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
Permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>: One or more permission blocks as defined below.
RoleName string: Specify a name for this KeyVault Role Definition.

ManagedHsmId string
Description string: Specifies a text description about this KeyVault Role Definition.
Name string: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
Permissions []ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs: One or more permission blocks as defined below.
RoleName string: Specify a name for this KeyVault Role Definition.

managedHsmId String
description String: Specifies a text description about this KeyVault Role Definition.
name String: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>: One or more permission blocks as defined below.
roleName String: Specify a name for this KeyVault Role Definition.

managedHsmId string
description string: Specifies a text description about this KeyVault Role Definition.
name string: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions ManagedHardwareSecurityModuleRoleDefinitionPermission[]: One or more permission blocks as defined below.
roleName string: Specify a name for this KeyVault Role Definition.

managed_hsm_id str
description str: Specifies a text description about this KeyVault Role Definition.
name str: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]: One or more permission blocks as defined below.
role_name str: Specify a name for this KeyVault Role Definition.

managedHsmId String
description String: Specifies a text description about this KeyVault Role Definition.
name String: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions List<Property Map>: One or more permission blocks as defined below.
roleName String: Specify a name for this KeyVault Role Definition.

Outputs

All input properties are implicitly available as output properties. Additionally, the ManagedHardwareSecurityModuleRoleDefinition resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
ResourceManagerId string: The ID of the role definition resource without Key Vault base URL.
RoleType string: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

Id string: The provider-assigned unique ID for this managed resource.
ResourceManagerId string: The ID of the role definition resource without Key Vault base URL.
RoleType string: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

id String: The provider-assigned unique ID for this managed resource.
resourceManagerId String: The ID of the role definition resource without Key Vault base URL.
roleType String: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

id string: The provider-assigned unique ID for this managed resource.
resourceManagerId string: The ID of the role definition resource without Key Vault base URL.
roleType string: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

id str: The provider-assigned unique ID for this managed resource.
resource_manager_id str: The ID of the role definition resource without Key Vault base URL.
role_type str: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

id String: The provider-assigned unique ID for this managed resource.
resourceManagerId String: The ID of the role definition resource without Key Vault base URL.
roleType String: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

Look up Existing ManagedHardwareSecurityModuleRoleDefinition Resource

Get an existing ManagedHardwareSecurityModuleRoleDefinition resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ManagedHardwareSecurityModuleRoleDefinitionState, opts?: CustomResourceOptions): ManagedHardwareSecurityModuleRoleDefinition

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        description: Optional[str] = None,
        managed_hsm_id: Optional[str] = None,
        name: Optional[str] = None,
        permissions: Optional[Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]] = None,
        resource_manager_id: Optional[str] = None,
        role_name: Optional[str] = None,
        role_type: Optional[str] = None) -> ManagedHardwareSecurityModuleRoleDefinition

func GetManagedHardwareSecurityModuleRoleDefinition(ctx *Context, name string, id IDInput, state *ManagedHardwareSecurityModuleRoleDefinitionState, opts ...ResourceOption) (*ManagedHardwareSecurityModuleRoleDefinition, error)

public static ManagedHardwareSecurityModuleRoleDefinition Get(string name, Input<string> id, ManagedHardwareSecurityModuleRoleDefinitionState? state, CustomResourceOptions? opts = null)

public static ManagedHardwareSecurityModuleRoleDefinition get(String name, Output<String> id, ManagedHardwareSecurityModuleRoleDefinitionState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: Specifies a text description about this KeyVault Role Definition.
ManagedHsmId string
Name string: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
Permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>: One or more permission blocks as defined below.
ResourceManagerId string: The ID of the role definition resource without Key Vault base URL.
RoleName string: Specify a name for this KeyVault Role Definition.
RoleType string: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

Description string: Specifies a text description about this KeyVault Role Definition.
ManagedHsmId string
Name string: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
Permissions []ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs: One or more permission blocks as defined below.
ResourceManagerId string: The ID of the role definition resource without Key Vault base URL.
RoleName string: Specify a name for this KeyVault Role Definition.
RoleType string: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

description String: Specifies a text description about this KeyVault Role Definition.
managedHsmId String
name String: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions List<ManagedHardwareSecurityModuleRoleDefinitionPermission>: One or more permission blocks as defined below.
resourceManagerId String: The ID of the role definition resource without Key Vault base URL.
roleName String: Specify a name for this KeyVault Role Definition.
roleType String: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

description string: Specifies a text description about this KeyVault Role Definition.
managedHsmId string
name string: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions ManagedHardwareSecurityModuleRoleDefinitionPermission[]: One or more permission blocks as defined below.
resourceManagerId string: The ID of the role definition resource without Key Vault base URL.
roleName string: Specify a name for this KeyVault Role Definition.
roleType string: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

description str: Specifies a text description about this KeyVault Role Definition.
managed_hsm_id str
name str: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions Sequence[ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs]: One or more permission blocks as defined below.
resource_manager_id str: The ID of the role definition resource without Key Vault base URL.
role_name str: Specify a name for this KeyVault Role Definition.
role_type str: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

description String: Specifies a text description about this KeyVault Role Definition.
managedHsmId String
name String: The name which should be used for this KeyVault Role Definition. Changing this forces a new KeyVault Role Definition to be created.
permissions List<Property Map>: One or more permission blocks as defined below.
resourceManagerId String: The ID of the role definition resource without Key Vault base URL.
roleName String: Specify a name for this KeyVault Role Definition.
roleType String: The type of the role definition. Possible values are AKVBuiltInRole and CustomRole.

Supporting Types

ManagedHardwareSecurityModuleRoleDefinitionPermission, ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs

Actions List<string>: One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
DataActions List<string>: Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
NotActions List<string>: One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
NotDataActions List<string>: Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

Actions []string: One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
DataActions []string: Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
NotActions []string: One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
NotDataActions []string: Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

actions List<String>: One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
dataActions List<String>: Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
notActions List<String>: One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
notDataActions List<String>: Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

actions string[]: One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
dataActions string[]: Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
notActions string[]: One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
notDataActions string[]: Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

actions Sequence[str]: One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
data_actions Sequence[str]: Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
not_actions Sequence[str]: One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
not_data_actions Sequence[str]: Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

actions List<String>: One or more Allowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
dataActions List<String>: Specifies a list of data action permission to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.
notActions List<String>: One or more Disallowed Actions, such as *, Microsoft.Resources/subscriptions/resourceGroups/read. See 'Azure Resource Manager resource provider operations' for details.
notDataActions List<String>: Specifies a list of data action permission not to grant. Possible values are Microsoft.KeyVault/managedHsm/keys/read/action, Microsoft.KeyVault/managedHsm/keys/write/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action, Microsoft.KeyVault/managedHsm/keys/backup/action, Microsoft.KeyVault/managedHsm/keys/restore/action, Microsoft.KeyVault/managedHsm/roleAssignments/delete/action, Microsoft.KeyVault/managedHsm/roleAssignments/read/action, Microsoft.KeyVault/managedHsm/roleAssignments/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/read/action, Microsoft.KeyVault/managedHsm/roleDefinitions/write/action, Microsoft.KeyVault/managedHsm/roleDefinitions/delete/action, Microsoft.KeyVault/managedHsm/keys/encrypt/action, Microsoft.KeyVault/managedHsm/keys/decrypt/action, Microsoft.KeyVault/managedHsm/keys/wrap/action, Microsoft.KeyVault/managedHsm/keys/unwrap/action, Microsoft.KeyVault/managedHsm/keys/sign/action, Microsoft.KeyVault/managedHsm/keys/verify/action, Microsoft.KeyVault/managedHsm/keys/create, Microsoft.KeyVault/managedHsm/keys/delete, Microsoft.KeyVault/managedHsm/keys/export/action, Microsoft.KeyVault/managedHsm/keys/release/action, Microsoft.KeyVault/managedHsm/keys/import/action, Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete, Microsoft.KeyVault/managedHsm/securitydomain/download/action, Microsoft.KeyVault/managedHsm/securitydomain/download/read, Microsoft.KeyVault/managedHsm/securitydomain/upload/action, Microsoft.KeyVault/managedHsm/securitydomain/upload/read, Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read, Microsoft.KeyVault/managedHsm/backup/start/action, Microsoft.KeyVault/managedHsm/restore/start/action, Microsoft.KeyVault/managedHsm/backup/status/action, Microsoft.KeyVault/managedHsm/restore/status/action and Microsoft.KeyVault/managedHsm/rng/action.

Import

KeyVaults can be imported using the resource id, e.g.

$ pulumi import azure:keyvault/managedHardwareSecurityModuleRoleDefinition:ManagedHardwareSecurityModuleRoleDefinition example https://0000.managedhsm.azure.net///RoleDefinition/00000000-0000-0000-0000-000000000000

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure Classic v6.2.0 published on Friday, Sep 27, 2024 by Pulumi

pulumi/pulumi-azure

azure.keyvault.ManagedHardwareSecurityModuleRoleDefinition

On this page

On this page

Example Usage

Create ManagedHardwareSecurityModuleRoleDefinition Resource

Constructor syntax

Parameters

Constructor example

ManagedHardwareSecurityModuleRoleDefinition Resource Properties

Inputs

Outputs

Look up Existing ManagedHardwareSecurityModuleRoleDefinition Resource

Supporting Types

ManagedHardwareSecurityModuleRoleDefinitionPermission, ManagedHardwareSecurityModuleRoleDefinitionPermissionArgs

Import

Package Details

On this page

On this page