ekm_connections
Creates, updates, deletes, gets or lists a ekm_connections resource.
Overview
| Name | ekm_connections |
| Type | Resource |
| Id | google.cloudkms.ekm_connections |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name for the EkmConnection in the format projects/*/locations/*/ekmConnections/*. |
createTime | string | Output only. The time at which the EkmConnection was created. |
cryptoSpacePath | string | Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. |
etag | string | Optional. Etag of the currently stored EkmConnection. |
keyManagementMode | string | Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL. |
serviceResolvers | array | Optional. A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | ekmConnectionsId, locationsId, projectsId | Returns metadata for a given EkmConnection. |
list | SELECT | locationsId, projectsId | Lists EkmConnections. |
create | INSERT | locationsId, projectsId | Creates a new EkmConnection in a given Project and Location. |
patch | UPDATE | ekmConnectionsId, locationsId, projectsId | Updates an EkmConnection's metadata. |
verify_connectivity | EXEC | ekmConnectionsId, locationsId, projectsId | Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors. |
SELECT examples
Lists EkmConnections.
SELECT
name,
createTime,
cryptoSpacePath,
etag,
keyManagementMode,
serviceResolvers
FROM google.cloudkms.ekm_connections
WHERE locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';
INSERT example
Use the following StackQL query and manifest file to create a new ekm_connections resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.cloudkms.ekm_connections (
locationsId,
projectsId,
serviceResolvers,
etag,
keyManagementMode,
cryptoSpacePath
)
SELECT
'{{ locationsId }}',
'{{ projectsId }}',
'{{ serviceResolvers }}',
'{{ etag }}',
'{{ keyManagementMode }}',
'{{ cryptoSpacePath }}'
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: createTime
value: string
- name: serviceResolvers
value:
- - name: serviceDirectoryService
value: string
- name: endpointFilter
value: string
- name: hostname
value: string
- name: serverCertificates
value:
- - name: rawDer
value: string
- name: parsed
value: boolean
- name: issuer
value: string
- name: subject
value: string
- name: subjectAlternativeDnsNames
value:
- string
- name: notBeforeTime
value: string
- name: notAfterTime
value: string
- name: serialNumber
value: string
- name: sha256Fingerprint
value: string
- name: etag
value: string
- name: keyManagementMode
value: string
- name: cryptoSpacePath
value: string
UPDATE example
Updates a ekm_connections resource.
/*+ update */
UPDATE google.cloudkms.ekm_connections
SET
serviceResolvers = '{{ serviceResolvers }}',
etag = '{{ etag }}',
keyManagementMode = '{{ keyManagementMode }}',
cryptoSpacePath = '{{ cryptoSpacePath }}'
WHERE
ekmConnectionsId = '{{ ekmConnectionsId }}'
AND locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';