pulumi-gcp 7.30.2__py3-none-any.whl → 7.31.0__py3-none-any.whl

pulumi_gcp/kms/crypto_key.py

@@ -41,7 +41,7 @@ class CryptoKeyArgs:
         :param pulumi.Input[str] crypto_key_backend: The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
                The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
         :param pulumi.Input[str] destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-               If not specified at creation time, the default duration is 24 hours.
+               If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels with user-defined metadata to apply to this resource.
                
@@ -116,7 +116,7 @@ class CryptoKeyArgs:
     def destroy_scheduled_duration(self) -> Optional[pulumi.Input[str]]:
         """
         The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-        If not specified at creation time, the default duration is 24 hours.
+        If not specified at creation time, the default duration is 30 days.
         """
         return pulumi.get(self, "destroy_scheduled_duration")
 
@@ -242,7 +242,7 @@ class _CryptoKeyState:
         :param pulumi.Input[str] crypto_key_backend: The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
                The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
         :param pulumi.Input[str] destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-               If not specified at creation time, the default duration is 24 hours.
+               If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
         :param pulumi.Input[str] key_ring: The KeyRing that this key belongs to.
@@ -319,7 +319,7 @@ class _CryptoKeyState:
     def destroy_scheduled_duration(self) -> Optional[pulumi.Input[str]]:
         """
         The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-        If not specified at creation time, the default duration is 24 hours.
+        If not specified at creation time, the default duration is 30 days.
         """
         return pulumi.get(self, "destroy_scheduled_duration")
 
@@ -568,7 +568,7 @@ class CryptoKey(pulumi.CustomResource):
         :param pulumi.Input[str] crypto_key_backend: The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
                The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
         :param pulumi.Input[str] destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-               If not specified at creation time, the default duration is 24 hours.
+               If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
         :param pulumi.Input[str] key_ring: The KeyRing that this key belongs to.
                Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
@@ -752,7 +752,7 @@ class CryptoKey(pulumi.CustomResource):
         :param pulumi.Input[str] crypto_key_backend: The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
                The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
         :param pulumi.Input[str] destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-               If not specified at creation time, the default duration is 24 hours.
+               If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
         :param pulumi.Input[str] key_ring: The KeyRing that this key belongs to.
@@ -817,7 +817,7 @@ class CryptoKey(pulumi.CustomResource):
     def destroy_scheduled_duration(self) -> pulumi.Output[str]:
         """
         The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
-        If not specified at creation time, the default duration is 24 hours.
+        If not specified at creation time, the default duration is 30 days.
         """
         return pulumi.get(self, "destroy_scheduled_duration")
 

pulumi_gcp/kms/get_crypto_keys.py

@@ -0,0 +1,143 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+
+__all__ = [
+    'GetCryptoKeysResult',
+    'AwaitableGetCryptoKeysResult',
+    'get_crypto_keys',
+    'get_crypto_keys_output',
+]
+
+@pulumi.output_type
+class GetCryptoKeysResult:
+    """
+    A collection of values returned by getCryptoKeys.
+    """
+    def __init__(__self__, filter=None, id=None, key_ring=None, keys=None):
+        if filter and not isinstance(filter, str):
+            raise TypeError("Expected argument 'filter' to be a str")
+        pulumi.set(__self__, "filter", filter)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if key_ring and not isinstance(key_ring, str):
+            raise TypeError("Expected argument 'key_ring' to be a str")
+        pulumi.set(__self__, "key_ring", key_ring)
+        if keys and not isinstance(keys, list):
+            raise TypeError("Expected argument 'keys' to be a list")
+        pulumi.set(__self__, "keys", keys)
+
+    @property
+    @pulumi.getter
+    def filter(self) -> Optional[str]:
+        return pulumi.get(self, "filter")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="keyRing")
+    def key_ring(self) -> str:
+        return pulumi.get(self, "key_ring")
+
+    @property
+    @pulumi.getter
+    def keys(self) -> Sequence['outputs.GetCryptoKeysKeyResult']:
+        """
+        A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
+        """
+        return pulumi.get(self, "keys")
+
+
+class AwaitableGetCryptoKeysResult(GetCryptoKeysResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetCryptoKeysResult(
+            filter=self.filter,
+            id=self.id,
+            key_ring=self.key_ring,
+            keys=self.keys)
+
+
+def get_crypto_keys(filter: Optional[str] = None,
+                    key_ring: Optional[str] = None,
+                    opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetCryptoKeysResult:
+    """
+    Provides access to all Google Cloud Platform KMS CryptoKeys in a given KeyRing. For more information see
+    [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
+    and
+    [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
+
+    A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
+    Google Cloud KMS KeyRing.
+
+
+    :param str filter: The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
+           
+           Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.
+           
+           * `"name:my-key-"` will retrieve keys that contain "my-key-" anywhere in their name.
+           * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1"` will only retrieve a key with that exact name.
+           
+           [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
+    :param str key_ring: The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
+    """
+    __args__ = dict()
+    __args__['filter'] = filter
+    __args__['keyRing'] = key_ring
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('gcp:kms/getCryptoKeys:getCryptoKeys', __args__, opts=opts, typ=GetCryptoKeysResult).value
+
+    return AwaitableGetCryptoKeysResult(
+        filter=pulumi.get(__ret__, 'filter'),
+        id=pulumi.get(__ret__, 'id'),
+        key_ring=pulumi.get(__ret__, 'key_ring'),
+        keys=pulumi.get(__ret__, 'keys'))
+
+
+@_utilities.lift_output_func(get_crypto_keys)
+def get_crypto_keys_output(filter: Optional[pulumi.Input[Optional[str]]] = None,
+                           key_ring: Optional[pulumi.Input[str]] = None,
+                           opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetCryptoKeysResult]:
+    """
+    Provides access to all Google Cloud Platform KMS CryptoKeys in a given KeyRing. For more information see
+    [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
+    and
+    [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
+
+    A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
+    Google Cloud KMS KeyRing.
+
+
+    :param str filter: The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.
+           
+           Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.
+           
+           * `"name:my-key-"` will retrieve keys that contain "my-key-" anywhere in their name.
+           * `"name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1"` will only retrieve a key with that exact name.
+           
+           [See the documentation about using filters](https://cloud.google.com/kms/docs/sorting-and-filtering)
+    :param str key_ring: The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
+    """
+    ...

pulumi_gcp/kms/get_key_rings.py

@@ -0,0 +1,119 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+from . import outputs
+
+__all__ = [
+    'GetKeyRingsResult',
+    'AwaitableGetKeyRingsResult',
+    'get_key_rings',
+    'get_key_rings_output',
+]
+
+@pulumi.output_type
+class GetKeyRingsResult:
+    """
+    A collection of values returned by getKeyRings.
+    """
+    def __init__(__self__, filter=None, id=None, key_rings=None, location=None, project=None):
+        if filter and not isinstance(filter, str):
+            raise TypeError("Expected argument 'filter' to be a str")
+        pulumi.set(__self__, "filter", filter)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if key_rings and not isinstance(key_rings, list):
+            raise TypeError("Expected argument 'key_rings' to be a list")
+        pulumi.set(__self__, "key_rings", key_rings)
+        if location and not isinstance(location, str):
+            raise TypeError("Expected argument 'location' to be a str")
+        pulumi.set(__self__, "location", location)
+        if project and not isinstance(project, str):
+            raise TypeError("Expected argument 'project' to be a str")
+        pulumi.set(__self__, "project", project)
+
+    @property
+    @pulumi.getter
+    def filter(self) -> Optional[str]:
+        return pulumi.get(self, "filter")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="keyRings")
+    def key_rings(self) -> Sequence['outputs.GetKeyRingsKeyRingResult']:
+        return pulumi.get(self, "key_rings")
+
+    @property
+    @pulumi.getter
+    def location(self) -> str:
+        return pulumi.get(self, "location")
+
+    @property
+    @pulumi.getter
+    def project(self) -> Optional[str]:
+        return pulumi.get(self, "project")
+
+
+class AwaitableGetKeyRingsResult(GetKeyRingsResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetKeyRingsResult(
+            filter=self.filter,
+            id=self.id,
+            key_rings=self.key_rings,
+            location=self.location,
+            project=self.project)
+
+
+def get_key_rings(filter: Optional[str] = None,
+                  location: Optional[str] = None,
+                  project: Optional[str] = None,
+                  opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetKeyRingsResult:
+    """
+    Use this data source to access information about an existing resource.
+    """
+    __args__ = dict()
+    __args__['filter'] = filter
+    __args__['location'] = location
+    __args__['project'] = project
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('gcp:kms/getKeyRings:getKeyRings', __args__, opts=opts, typ=GetKeyRingsResult).value
+
+    return AwaitableGetKeyRingsResult(
+        filter=pulumi.get(__ret__, 'filter'),
+        id=pulumi.get(__ret__, 'id'),
+        key_rings=pulumi.get(__ret__, 'key_rings'),
+        location=pulumi.get(__ret__, 'location'),
+        project=pulumi.get(__ret__, 'project'))
+
+
+@_utilities.lift_output_func(get_key_rings)
+def get_key_rings_output(filter: Optional[pulumi.Input[Optional[str]]] = None,
+                         location: Optional[pulumi.Input[str]] = None,
+                         project: Optional[pulumi.Input[Optional[str]]] = None,
+                         opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetKeyRingsResult]:
+    """
+    Use this data source to access information about an existing resource.
+    """
+    ...

pulumi_gcp/kms/outputs.py

@@ -30,9 +30,13 @@ __all__ = [
     'KeyRingIAMMemberCondition',
     'KeyRingImportJobAttestation',
     'KeyRingImportJobPublicKey',
+    'GetCryptoKeysKeyResult',
+    'GetCryptoKeysKeyPrimaryResult',
+    'GetCryptoKeysKeyVersionTemplateResult',
     'GetKMSCryptoKeyPrimaryResult',
     'GetKMSCryptoKeyVersionPublicKeyResult',
     'GetKMSCryptoKeyVersionTemplateResult',
+    'GetKeyRingsKeyRingResult',
 ]
 
 @pulumi.output_type
@@ -860,6 +864,253 @@ class KeyRingImportJobPublicKey(dict):
         return pulumi.get(self, "pem")
 
 
+@pulumi.output_type
+class GetCryptoKeysKeyResult(dict):
+    def __init__(__self__, *,
+                 crypto_key_backend: str,
+                 destroy_scheduled_duration: str,
+                 effective_labels: Mapping[str, str],
+                 id: str,
+                 import_only: bool,
+                 labels: Mapping[str, str],
+                 primaries: Sequence['outputs.GetCryptoKeysKeyPrimaryResult'],
+                 pulumi_labels: Mapping[str, str],
+                 purpose: str,
+                 rotation_period: str,
+                 skip_initial_version_creation: bool,
+                 version_templates: Sequence['outputs.GetCryptoKeysKeyVersionTemplateResult'],
+                 key_ring: Optional[str] = None,
+                 name: Optional[str] = None):
+        """
+        :param str crypto_key_backend: The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
+               The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
+        :param str destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
+               If not specified at creation time, the default duration is 30 days.
+        :param bool import_only: Whether this key may contain imported versions only.
+        :param Mapping[str, str] labels: Labels with user-defined metadata to apply to this resource.
+               
+               
+               **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
+               Please refer to the field 'effective_labels' for all of the labels present on the resource.
+        :param Sequence['GetCryptoKeysKeyPrimaryArgs'] primaries: A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
+               Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
+        :param Mapping[str, str] pulumi_labels: The combination of labels configured directly on the resource
+                and default labels configured on the provider.
+        :param str purpose: The immutable purpose of this CryptoKey. See the
+               [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
+               for possible inputs.
+               Default value is "ENCRYPT_DECRYPT".
+        :param str rotation_period: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
+               The first rotation will take place after the specified period. The rotation period has
+               the format of a decimal number with up to 9 fractional digits, followed by the
+               letter 's' (seconds). It must be greater than a day (ie, 86400).
+        :param bool skip_initial_version_creation: If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
+               You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion
+               or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
+        :param Sequence['GetCryptoKeysKeyVersionTemplateArgs'] version_templates: A template describing settings for new crypto key versions.
+        :param str key_ring: The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
+        :param str name: The resource name for the CryptoKey.
+        """
+        pulumi.set(__self__, "crypto_key_backend", crypto_key_backend)
+        pulumi.set(__self__, "destroy_scheduled_duration", destroy_scheduled_duration)
+        pulumi.set(__self__, "effective_labels", effective_labels)
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "import_only", import_only)
+        pulumi.set(__self__, "labels", labels)
+        pulumi.set(__self__, "primaries", primaries)
+        pulumi.set(__self__, "pulumi_labels", pulumi_labels)
+        pulumi.set(__self__, "purpose", purpose)
+        pulumi.set(__self__, "rotation_period", rotation_period)
+        pulumi.set(__self__, "skip_initial_version_creation", skip_initial_version_creation)
+        pulumi.set(__self__, "version_templates", version_templates)
+        if key_ring is not None:
+            pulumi.set(__self__, "key_ring", key_ring)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+
+    @property
+    @pulumi.getter(name="cryptoKeyBackend")
+    def crypto_key_backend(self) -> str:
+        """
+        The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.
+        The resource name is in the format "projects/*/locations/*/ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
+        """
+        return pulumi.get(self, "crypto_key_backend")
+
+    @property
+    @pulumi.getter(name="destroyScheduledDuration")
+    def destroy_scheduled_duration(self) -> str:
+        """
+        The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
+        If not specified at creation time, the default duration is 30 days.
+        """
+        return pulumi.get(self, "destroy_scheduled_duration")
+
+    @property
+    @pulumi.getter(name="effectiveLabels")
+    def effective_labels(self) -> Mapping[str, str]:
+        return pulumi.get(self, "effective_labels")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="importOnly")
+    def import_only(self) -> bool:
+        """
+        Whether this key may contain imported versions only.
+        """
+        return pulumi.get(self, "import_only")
+
+    @property
+    @pulumi.getter
+    def labels(self) -> Mapping[str, str]:
+        """
+        Labels with user-defined metadata to apply to this resource.
+
+
+        **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
+        Please refer to the field 'effective_labels' for all of the labels present on the resource.
+        """
+        return pulumi.get(self, "labels")
+
+    @property
+    @pulumi.getter
+    def primaries(self) -> Sequence['outputs.GetCryptoKeysKeyPrimaryResult']:
+        """
+        A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
+        Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
+        """
+        return pulumi.get(self, "primaries")
+
+    @property
+    @pulumi.getter(name="pulumiLabels")
+    def pulumi_labels(self) -> Mapping[str, str]:
+        """
+        The combination of labels configured directly on the resource
+         and default labels configured on the provider.
+        """
+        return pulumi.get(self, "pulumi_labels")
+
+    @property
+    @pulumi.getter
+    def purpose(self) -> str:
+        """
+        The immutable purpose of this CryptoKey. See the
+        [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)
+        for possible inputs.
+        Default value is "ENCRYPT_DECRYPT".
+        """
+        return pulumi.get(self, "purpose")
+
+    @property
+    @pulumi.getter(name="rotationPeriod")
+    def rotation_period(self) -> str:
+        """
+        Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.
+        The first rotation will take place after the specified period. The rotation period has
+        the format of a decimal number with up to 9 fractional digits, followed by the
+        letter 's' (seconds). It must be greater than a day (ie, 86400).
+        """
+        return pulumi.get(self, "rotation_period")
+
+    @property
+    @pulumi.getter(name="skipInitialVersionCreation")
+    def skip_initial_version_creation(self) -> bool:
+        """
+        If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
+        You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion
+        or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
+        """
+        return pulumi.get(self, "skip_initial_version_creation")
+
+    @property
+    @pulumi.getter(name="versionTemplates")
+    def version_templates(self) -> Sequence['outputs.GetCryptoKeysKeyVersionTemplateResult']:
+        """
+        A template describing settings for new crypto key versions.
+        """
+        return pulumi.get(self, "version_templates")
+
+    @property
+    @pulumi.getter(name="keyRing")
+    def key_ring(self) -> Optional[str]:
+        """
+        The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
+        """
+        return pulumi.get(self, "key_ring")
+
+    @property
+    @pulumi.getter
+    def name(self) -> Optional[str]:
+        """
+        The resource name for the CryptoKey.
+        """
+        return pulumi.get(self, "name")
+
+
+@pulumi.output_type
+class GetCryptoKeysKeyPrimaryResult(dict):
+    def __init__(__self__, *,
+                 name: str,
+                 state: str):
+        """
+        :param str name: The resource name for this CryptoKeyVersion.
+        :param str state: The current state of the CryptoKeyVersion.
+        """
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "state", state)
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        The resource name for this CryptoKeyVersion.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter
+    def state(self) -> str:
+        """
+        The current state of the CryptoKeyVersion.
+        """
+        return pulumi.get(self, "state")
+
+
+@pulumi.output_type
+class GetCryptoKeysKeyVersionTemplateResult(dict):
+    def __init__(__self__, *,
+                 algorithm: str,
+                 protection_level: str):
+        """
+        :param str algorithm: The algorithm to use when creating a version based on this template.
+               See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
+        :param str protection_level: The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
+        """
+        pulumi.set(__self__, "algorithm", algorithm)
+        pulumi.set(__self__, "protection_level", protection_level)
+
+    @property
+    @pulumi.getter
+    def algorithm(self) -> str:
+        """
+        The algorithm to use when creating a version based on this template.
+        See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
+        """
+        return pulumi.get(self, "algorithm")
+
+    @property
+    @pulumi.getter(name="protectionLevel")
+    def protection_level(self) -> str:
+        """
+        The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
+        """
+        return pulumi.get(self, "protection_level")
+
+
 @pulumi.output_type
 class GetKMSCryptoKeyPrimaryResult(dict):
     def __init__(__self__, *,
@@ -951,3 +1202,22 @@ class GetKMSCryptoKeyVersionTemplateResult(dict):
         return pulumi.get(self, "protection_level")
 
 
+@pulumi.output_type
+class GetKeyRingsKeyRingResult(dict):
+    def __init__(__self__, *,
+                 id: str,
+                 name: str):
+        pulumi.set(__self__, "id", id)
+        pulumi.set(__self__, "name", name)
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        return pulumi.get(self, "name")
+
+