KMSImportJob
| Property | Value |
|---|---|
| Google Cloud Service Name | Cloud Key Management Service |
| Google Cloud Service Documentation | /kms/docs/ |
| Google Cloud REST Resource Name | projects.locations.keyRings.importJobs |
| Google Cloud REST Resource Documentation | /kms/docs/reference/rest/v1/projects.locations.keyRings.importJobs |
| Config Connector Resource Short Names | gcpkmsimportjob gcpkmsimportjobs kmsimportjob |
| Config Connector Service Name | cloudkms.googleapis.com |
| Config Connector Resource Fully Qualified Name | kmsimportjobs.kms.cnrm.cloud.google.com |
| Can Be Referenced by IAMPolicy/IAMPolicyMember | No |
| Config Connector Default Average Reconcile Interval In Seconds | 600 |
Custom Resource Definition Properties
Spec
Schema
importMethod: string
kmsKeyRingRef:
external: string
name: string
namespace: string
protectionLevel: string
resourceID: string
| Fields | |
|---|---|
|
Required |
Required. Immutable. The wrapping method to be used for incoming key material. |
|
Required |
KMSKeyRingRef defines the resource reference to KMSKeyRing, which "External" field holds the Google Cloud identifier for the KRM object. |
|
Optional |
A reference to an externally managed KMSKeyRing. Should be in the format `projects/{{projectId}}/locations/{{location}}/keyRings/{{keyRingId}}`. |
|
Optional |
The `name` of a `KMSKeyRing` resource. |
|
Optional |
The `namespace` of a `KMSKeyRing` resource. |
|
Required |
Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you attempt to import into. |
|
Optional |
The KMSImportJob name. If not given, the metadata.name will be used. |
Status
Schema
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
externalRef: string
observedGeneration: integer
observedState:
attestation:
certChains:
caviumCerts:
- string
googleCardCerts:
- string
googlePartitionCerts:
- string
content: string
format: string
createTime: string
expireEventTime: string
expireTime: string
generateTime: string
publicKey:
pem: string
state: string
| Fields | |
|---|---|
conditions |
Conditions represent the latest available observations of the object's current state. |
conditions[] |
|
conditions[].lastTransitionTime |
Last time the condition transitioned from one status to another. |
conditions[].message |
Human-readable message indicating details about last transition. |
conditions[].reason |
Unique, one-word, CamelCase reason for the condition's last transition. |
conditions[].status |
Status is the status of the condition. Can be True, False, Unknown. |
conditions[].type |
Type is the type of the condition. |
externalRef |
A unique specifier for the KMSImportJob resource in Google Cloud. |
observedGeneration |
ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. |
observedState |
ObservedState is the state of the resource as most recently observed in Google Cloud. |
observedState.attestation |
Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. |
observedState.attestation.certChains |
Output only. The certificate chains needed to validate the attestation |
observedState.attestation.certChains.caviumCerts |
Cavium certificate chain corresponding to the attestation. |
observedState.attestation.certChains.caviumCerts[] |
|
observedState.attestation.certChains.googleCardCerts |
Google card certificate chain corresponding to the attestation. |
observedState.attestation.certChains.googleCardCerts[] |
|
observedState.attestation.certChains.googlePartitionCerts |
Google partition certificate chain corresponding to the attestation. |
observedState.attestation.certChains.googlePartitionCerts[] |
|
observedState.attestation.content |
Output only. The attestation data provided by the HSM when the key operation was performed. |
observedState.attestation.format |
Output only. The format of the attestation data. |
observedState.createTime |
Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created. |
observedState.expireEventTime |
Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. |
observedState.expireTime |
Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for expiration and can no longer be used to import key material. |
observedState.generateTime |
Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated. |
observedState.publicKey |
Output only. The public key with which to wrap key material prior to import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]. |
observedState.publicKey.pem |
The public key, encoded in PEM format. For more information, see the RFC 7468 https://tools.ietf.org/html/rfc7468 sections for General Considerations https://tools.ietf.org/html/rfc7468#section-2 and Textual Encoding of Subject Public Key Info https://tools.ietf.org/html/rfc7468#section-13. |
observedState.state |
Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used. |