diff --git a/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch b/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch index f5228bd710..514366a237 100644 --- a/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch +++ b/patches/0002-Add-nil-checks-for-sql-database-instance-flattening.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Add nil checks for sql database instance flattening diff --git a/google-beta/services/sql/resource_sql_database_instance.go b/google-beta/services/sql/resource_sql_database_instance.go -index f4b874dc3..7d6b2c6e0 100644 +index b0c5b32c7..94ae4dc64 100644 --- a/google-beta/services/sql/resource_sql_database_instance.go +++ b/google-beta/services/sql/resource_sql_database_instance.go @@ -2180,6 +2180,10 @@ func resourceSqlDatabaseInstanceImport(d *schema.ResourceData, meta interface{}) @@ -19,7 +19,7 @@ index f4b874dc3..7d6b2c6e0 100644 data := map[string]interface{}{ "version": settings.SettingsVersion, "tier": settings.Tier, -@@ -2270,6 +2274,10 @@ func flattenDataCacheConfig(d *sqladmin.DataCacheConfig) []map[string]interface{ +@@ -2280,6 +2284,10 @@ func flattenDataCacheConfig(d *sqladmin.DataCacheConfig) []map[string]interface{ } func flattenBackupConfiguration(backupConfiguration *sqladmin.BackupConfiguration) []map[string]interface{} { @@ -30,7 +30,7 @@ index f4b874dc3..7d6b2c6e0 100644 data := map[string]interface{}{ "binary_log_enabled": backupConfiguration.BinaryLogEnabled, "enabled": backupConfiguration.Enabled, -@@ -2362,6 +2370,10 @@ func flattenDatabaseFlags(databaseFlags []*sqladmin.DatabaseFlags) []map[string] +@@ -2372,6 +2380,10 @@ func flattenDatabaseFlags(databaseFlags []*sqladmin.DatabaseFlags) []map[string] } func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration, d *schema.ResourceData) interface{} { @@ -41,7 +41,7 @@ index f4b874dc3..7d6b2c6e0 100644 data := map[string]interface{}{ "ipv4_enabled": ipConfiguration.Ipv4Enabled, "private_network": ipConfiguration.PrivateNetwork, -@@ -2424,6 +2436,10 @@ func flattenAuthorizedNetworks(entries []*sqladmin.AclEntry) interface{} { +@@ -2434,6 +2446,10 @@ func flattenAuthorizedNetworks(entries []*sqladmin.AclEntry) interface{} { } func flattenLocationPreference(locationPreference *sqladmin.LocationPreference) interface{} { @@ -52,7 +52,7 @@ index f4b874dc3..7d6b2c6e0 100644 data := map[string]interface{}{ "follow_gae_application": locationPreference.FollowGaeApplication, "zone": locationPreference.Zone, -@@ -2434,6 +2450,10 @@ func flattenLocationPreference(locationPreference *sqladmin.LocationPreference) +@@ -2444,6 +2460,10 @@ func flattenLocationPreference(locationPreference *sqladmin.LocationPreference) } func flattenMaintenanceWindow(maintenanceWindow *sqladmin.MaintenanceWindow) interface{} { @@ -63,7 +63,7 @@ index f4b874dc3..7d6b2c6e0 100644 data := map[string]interface{}{ "day": maintenanceWindow.Day, "hour": maintenanceWindow.Hour, -@@ -2509,6 +2529,10 @@ func flattenServerCaCerts(caCerts []*sqladmin.SslCert) []map[string]interface{} +@@ -2519,6 +2539,10 @@ func flattenServerCaCerts(caCerts []*sqladmin.SslCert) []map[string]interface{} } func flattenInsightsConfig(insightsConfig *sqladmin.InsightsConfig) interface{} { diff --git a/patches/0005-docs-patching.patch b/patches/0005-docs-patching.patch index 9b2edbcb5a..abc4687924 100644 --- a/patches/0005-docs-patching.patch +++ b/patches/0005-docs-patching.patch @@ -1581,7 +1581,7 @@ index f18c91533..924ad4cc0 100644
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown -index 1407d6340..bccdf8ed6 100644 +index b69680f24..9f39e369e 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -13,15 +13,12 @@ To get more information about GKE clusters, see: @@ -1984,7 +1984,7 @@ index 98421f823..dfd01911a 100644 * `zone` - (Optional) The zone in which the created job should run. If it is not provided, the provider zone is used. * `region` - (Optional) The region in which the created job should run. diff --git a/website/docs/r/dataproc_cluster.html.markdown b/website/docs/r/dataproc_cluster.html.markdown -index fcfb4bdbf..fa1cc53be 100644 +index 28e215e4e..34636c6b7 100644 --- a/website/docs/r/dataproc_cluster.html.markdown +++ b/website/docs/r/dataproc_cluster.html.markdown @@ -146,7 +146,7 @@ resource "google_dataproc_cluster" "accelerated_cluster" { @@ -2135,7 +2135,7 @@ index c4477a93e..8ca08942a 100644 * `enable_inbound_forwarding` - (Optional) diff --git a/website/docs/r/firebase_project.html.markdown b/website/docs/r/firebase_project.html.markdown -index ee2473892..55ff70854 100644 +index 0c766edb5..5180b6f21 100644 --- a/website/docs/r/firebase_project.html.markdown +++ b/website/docs/r/firebase_project.html.markdown @@ -24,9 +24,6 @@ Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses u @@ -3558,7 +3558,7 @@ index b6e4a06bd..a775c628e 100644 The `encryption_config` block supports: diff --git a/website/docs/r/sql_database_instance.html.markdown b/website/docs/r/sql_database_instance.html.markdown -index 5c70a7a4c..97dd2c486 100644 +index edcfd4544..c645159d5 100644 --- a/website/docs/r/sql_database_instance.html.markdown +++ b/website/docs/r/sql_database_instance.html.markdown @@ -10,12 +10,12 @@ Creates a new Google SQL Database Instance. For more information, see the [offic diff --git a/patches/0008-Fix-794-with-an-unconditional-read.patch b/patches/0008-Fix-794-with-an-unconditional-read.patch index f9b04b52d8..847814a79e 100644 --- a/patches/0008-Fix-794-with-an-unconditional-read.patch +++ b/patches/0008-Fix-794-with-an-unconditional-read.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Fix #794 with an unconditional read. diff --git a/google-beta/services/sql/resource_sql_database_instance.go b/google-beta/services/sql/resource_sql_database_instance.go -index 7d6b2c6e0..697785180 100644 +index 94ae4dc64..b20e756d1 100644 --- a/google-beta/services/sql/resource_sql_database_instance.go +++ b/google-beta/services/sql/resource_sql_database_instance.go @@ -2009,10 +2009,11 @@ func resourceSqlDatabaseInstanceUpdate(d *schema.ResourceData, meta interface{}) diff --git a/provider/cmd/pulumi-resource-gcp/bridge-metadata.json b/provider/cmd/pulumi-resource-gcp/bridge-metadata.json index 890f16696e..d5c56640ef 100644 --- a/provider/cmd/pulumi-resource-gcp/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-gcp/bridge-metadata.json @@ -18255,6 +18255,9 @@ "maxItemsOne": true, "elem": { "fields": { + "headers": { + "maxItemsOne": false + }, "redirects": { "maxItemsOne": false }, @@ -22711,6 +22714,156 @@ } } }, + "google_network_security_authz_policy": { + "current": "gcp:networksecurity/authzPolicy:AuthzPolicy", + "majorVersion": 8, + "fields": { + "custom_provider": { + "maxItemsOne": true, + "elem": { + "fields": { + "authz_extension": { + "maxItemsOne": true, + "elem": { + "fields": { + "resources": { + "maxItemsOne": false + } + } + } + }, + "cloud_iap": { + "maxItemsOne": true + } + } + } + }, + "http_rules": { + "maxItemsOne": false, + "elem": { + "fields": { + "from": { + "maxItemsOne": true, + "elem": { + "fields": { + "not_sources": { + "maxItemsOne": false, + "elem": { + "fields": { + "principals": { + "maxItemsOne": false + }, + "resources": { + "maxItemsOne": false, + "elem": { + "fields": { + "iam_service_account": { + "maxItemsOne": true + }, + "tag_value_id_set": { + "maxItemsOne": true, + "elem": { + "fields": { + "ids": { + "maxItemsOne": false + } + } + } + } + } + } + } + } + } + }, + "sources": { + "maxItemsOne": false, + "elem": { + "fields": { + "principals": { + "maxItemsOne": false + }, + "resources": { + "maxItemsOne": false, + "elem": { + "fields": { + "iam_service_account": { + "maxItemsOne": true + }, + "tag_value_id_set": { + "maxItemsOne": true, + "elem": { + "fields": { + "ids": { + "maxItemsOne": false + } + } + } + } + } + } + } + } + } + } + } + } + }, + "to": { + "maxItemsOne": true, + "elem": { + "fields": { + "operations": { + "maxItemsOne": false, + "elem": { + "fields": { + "header_set": { + "maxItemsOne": true, + "elem": { + "fields": { + "headers": { + "maxItemsOne": false, + "elem": { + "fields": { + "value": { + "maxItemsOne": true + } + } + } + } + } + } + }, + "hosts": { + "maxItemsOne": false + }, + "methods": { + "maxItemsOne": false + }, + "paths": { + "maxItemsOne": false + } + } + } + } + } + } + } + } + } + }, + "target": { + "maxItemsOne": true, + "elem": { + "fields": { + "resources": { + "maxItemsOne": false + } + } + } + } + } + }, "google_network_security_client_tls_policy": { "current": "gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy", "majorVersion": 8, @@ -22764,6 +22917,19 @@ "current": "gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule", "majorVersion": 8 }, + "google_network_security_intercept_deployment": { + "current": "gcp:networksecurity/interceptDeployment:InterceptDeployment", + "majorVersion": 8 + }, + "google_network_security_intercept_deployment_group": { + "current": "gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", + "majorVersion": 8, + "fields": { + "connected_endpoint_groups": { + "maxItemsOne": false + } + } + }, "google_network_security_mirroring_deployment": { "current": "gcp:networksecurity/mirroringDeployment:MirroringDeployment", "majorVersion": 8 @@ -22870,6 +23036,15 @@ } } }, + "google_network_services_authz_extension": { + "current": "gcp:networkservices/authzExtension:AuthzExtension", + "majorVersion": 8, + "fields": { + "forward_headers": { + "maxItemsOne": false + } + } + }, "google_network_services_edge_cache_keyset": { "current": "gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset", "majorVersion": 8, @@ -27657,6 +27832,9 @@ "gcs_data_source": { "maxItemsOne": true }, + "hdfs_data_source": { + "maxItemsOne": true + }, "http_data_source": { "maxItemsOne": true }, @@ -27801,6 +27979,9 @@ "network_config": { "maxItemsOne": true }, + "network_configs": { + "maxItemsOne": false + }, "network_endpoints": { "maxItemsOne": false, "elem": { @@ -36409,6 +36590,10 @@ "effective_labels", "terraform_labels" ], + "google_network_security_authz_policy": [ + "effective_labels", + "terraform_labels" + ], "google_network_security_client_tls_policy": [ "effective_labels", "terraform_labels" @@ -36421,6 +36606,14 @@ "effective_labels", "terraform_labels" ], + "google_network_security_intercept_deployment": [ + "effective_labels", + "terraform_labels" + ], + "google_network_security_intercept_deployment_group": [ + "effective_labels", + "terraform_labels" + ], "google_network_security_mirroring_deployment": [ "effective_labels", "terraform_labels" @@ -36449,6 +36642,10 @@ "effective_labels", "terraform_labels" ], + "google_network_services_authz_extension": [ + "effective_labels", + "terraform_labels" + ], "google_network_services_edge_cache_keyset": [ "effective_labels", "terraform_labels" @@ -37647,11 +37844,14 @@ "gcp:networksecurity/addressGroupIamMember:AddressGroupIamMember": 0, "gcp:networksecurity/addressGroupIamPolicy:AddressGroupIamPolicy": 0, "gcp:networksecurity/authorizationPolicy:AuthorizationPolicy": 0, + "gcp:networksecurity/authzPolicy:AuthzPolicy": 0, "gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy": 0, "gcp:networksecurity/firewallEndpoint:FirewallEndpoint": 0, "gcp:networksecurity/firewallEndpointAssociation:FirewallEndpointAssociation": 0, "gcp:networksecurity/gatewaySecurityPolicy:GatewaySecurityPolicy": 0, "gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule": 0, + "gcp:networksecurity/interceptDeployment:InterceptDeployment": 0, + "gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup": 0, "gcp:networksecurity/mirroringDeployment:MirroringDeployment": 0, "gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup": 0, "gcp:networksecurity/mirroringEndpointGroup:MirroringEndpointGroup": 0, @@ -37661,6 +37861,7 @@ "gcp:networksecurity/serverTlsPolicy:ServerTlsPolicy": 0, "gcp:networksecurity/tlsInspectionPolicy:TlsInspectionPolicy": 0, "gcp:networksecurity/urlList:UrlList": 0, + "gcp:networkservices/authzExtension:AuthzExtension": 0, "gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset": 0, "gcp:networkservices/edgeCacheOrigin:EdgeCacheOrigin": 0, "gcp:networkservices/edgeCacheService:EdgeCacheService": 0, diff --git a/provider/cmd/pulumi-resource-gcp/schema.json b/provider/cmd/pulumi-resource-gcp/schema.json index 356deff75f..f9394bda1e 100644 --- a/provider/cmd/pulumi-resource-gcp/schema.json +++ b/provider/cmd/pulumi-resource-gcp/schema.json @@ -2243,10 +2243,6 @@ "type": "string", "description": "Description of the ServicePerimeter and its use. Does not affect\nbehavior.\n" }, - "etag": { - "type": "string", - "description": "(Output)\nAn opaque identifier for the current version of the ServicePerimeter. This\nidentifier does not follow any specific format. If an etag is not provided, the\noperation will be performed as if a valid etag is provided.\n" - }, "name": { "type": "string", "description": "Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}\n", @@ -2287,7 +2283,6 @@ "nodejs": { "requiredOutputs": [ "createTime", - "etag", "name", "title", "updateTime" @@ -32562,8 +32557,7 @@ "properties": { "autoDelete": { "type": "boolean", - "description": "Whether the disk will be auto-deleted when the instance\nis deleted. Defaults to true.\n", - "willReplaceOnChanges": true + "description": "Whether the disk will be auto-deleted when the instance\nis deleted. Defaults to true.\n" }, "deviceName": { "type": "string", @@ -32796,8 +32790,7 @@ "properties": { "autoDelete": { "type": "boolean", - "description": "Whether the disk will be auto-deleted when the instance is deleted.\n", - "willReplaceOnChanges": true + "description": "Whether the disk will be auto-deleted when the instance is deleted.\n" }, "deviceName": { "type": "string", @@ -33601,8 +33594,7 @@ "properties": { "autoDelete": { "type": "boolean", - "description": "Whether the disk will be auto-deleted when the instance is deleted.\n", - "willReplaceOnChanges": true + "description": "Whether the disk will be auto-deleted when the instance is deleted.\n" }, "deviceName": { "type": "string", @@ -87781,6 +87773,14 @@ }, "gcp:firebase/HostingVersionConfig:HostingVersionConfig": { "properties": { + "headers": { + "type": "array", + "items": { + "$ref": "#/types/gcp:firebase/HostingVersionConfigHeader:HostingVersionConfigHeader" + }, + "description": "An array of objects, where each object specifies a URL pattern that, if matched to the request URL path,\ntriggers Hosting to apply the specified custom response headers.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, "redirects": { "type": "array", "items": { @@ -87800,6 +87800,32 @@ }, "type": "object" }, + "gcp:firebase/HostingVersionConfigHeader:HostingVersionConfigHeader": { + "properties": { + "glob": { + "type": "string", + "description": "The user-supplied glob to match against the request URL path.\n", + "willReplaceOnChanges": true + }, + "headers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The additional headers to add to the response. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n", + "willReplaceOnChanges": true + }, + "regex": { + "type": "string", + "description": "The user-supplied RE2 regular expression to match against the request URL path.\n", + "willReplaceOnChanges": true + } + }, + "type": "object", + "required": [ + "headers" + ] + }, "gcp:firebase/HostingVersionConfigRedirect:HostingVersionConfigRedirect": { "properties": { "glob": { @@ -95234,7 +95260,7 @@ "properties": { "signUpQuotaConfig": { "$ref": "#/types/gcp:identityplatform/ConfigQuotaSignUpQuotaConfig:ConfigQuotaSignUpQuotaConfig", - "description": "Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.\nStructure is documented below.\n" + "description": "Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped.\nStructure is documented below.\n" } }, "type": "object" @@ -95243,7 +95269,7 @@ "properties": { "quota": { "type": "integer", - "description": "A sign up APIs quota that customers can override temporarily.\n" + "description": "A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000.\n" }, "quotaDuration": { "type": "string", @@ -100715,7 +100741,11 @@ "willReplaceOnChanges": true } }, - "type": "object" + "type": "object", + "required": [ + "ipAddress", + "virtualMachine" + ] }, "gcp:networkconnectivity/SpokeLinkedVpcNetwork:SpokeLinkedVpcNetwork": { "properties": { @@ -100961,6 +100991,431 @@ }, "type": "object" }, + "gcp:networksecurity/AuthzPolicyCustomProvider:AuthzPolicyCustomProvider": { + "properties": { + "authzExtension": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyCustomProviderAuthzExtension:AuthzPolicyCustomProviderAuthzExtension", + "description": "Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified.\nStructure is documented below.\n" + }, + "cloudIap": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyCustomProviderCloudIap:AuthzPolicyCustomProviderCloudIap", + "description": "Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyCustomProviderAuthzExtension:AuthzPolicyCustomProviderAuthzExtension": { + "properties": { + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.\n" + } + }, + "type": "object", + "required": [ + "resources" + ] + }, + "gcp:networksecurity/AuthzPolicyCustomProviderCloudIap:AuthzPolicyCustomProviderCloudIap": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable Cloud IAP at the AuthzPolicy level.\n" + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "gcp:networksecurity/AuthzPolicyHttpRule:AuthzPolicyHttpRule": { + "properties": { + "from": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFrom:AuthzPolicyHttpRuleFrom", + "description": "Describes properties of one or more sources of a request.\nStructure is documented below.\n" + }, + "to": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleTo:AuthzPolicyHttpRuleTo", + "description": "Describes properties of one or more targets of a request\nStructure is documented below.\n" + }, + "when": { + "type": "string", + "description": "CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFrom:AuthzPolicyHttpRuleFrom": { + "properties": { + "notSources": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromNotSource:AuthzPolicyHttpRuleFromNotSource" + }, + "description": "Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.\nStructure is documented below.\n" + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromSource:AuthzPolicyHttpRuleFromSource" + }, + "description": "Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromNotSource:AuthzPolicyHttpRuleFromNotSource": { + "properties": { + "principals": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourcePrincipal:AuthzPolicyHttpRuleFromNotSourcePrincipal" + }, + "description": "A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.\nLimited to 5 principals.\nStructure is documented below.\n" + }, + "resources": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourceResource:AuthzPolicyHttpRuleFromNotSourceResource" + }, + "description": "A list of resources to match against the resource of the source VM of a request.\nLimited to 5 resources.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourcePrincipal:AuthzPolicyHttpRuleFromNotSourcePrincipal": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourceResource:AuthzPolicyHttpRuleFromNotSourceResource": { + "properties": { + "iamServiceAccount": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount:AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount", + "description": "An IAM service account to match against the source service account of the VM sending the request.\nStructure is documented below.\n" + }, + "tagValueIdSet": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet:AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet", + "description": "A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount:AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet:AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet": { + "properties": { + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.\nLimited to 5 matches.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromSource:AuthzPolicyHttpRuleFromSource": { + "properties": { + "principals": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromSourcePrincipal:AuthzPolicyHttpRuleFromSourcePrincipal" + }, + "description": "A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.\nLimited to 5 principals.\nStructure is documented below.\n" + }, + "resources": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromSourceResource:AuthzPolicyHttpRuleFromSourceResource" + }, + "description": "A list of resources to match against the resource of the source VM of a request.\nLimited to 5 resources.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromSourcePrincipal:AuthzPolicyHttpRuleFromSourcePrincipal": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromSourceResource:AuthzPolicyHttpRuleFromSourceResource": { + "properties": { + "iamServiceAccount": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount:AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount", + "description": "An IAM service account to match against the source service account of the VM sending the request.\nStructure is documented below.\n" + }, + "tagValueIdSet": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet:AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet", + "description": "A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount:AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet:AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet": { + "properties": { + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.\nLimited to 5 matches.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleTo:AuthzPolicyHttpRuleTo": { + "properties": { + "operations": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleToOperation:AuthzPolicyHttpRuleToOperation" + }, + "description": "Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleToOperation:AuthzPolicyHttpRuleToOperation": { + "properties": { + "headerSet": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleToOperationHeaderSet:AuthzPolicyHttpRuleToOperationHeaderSet", + "description": "A list of headers to match against in http header.\nStructure is documented below.\n" + }, + "hosts": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleToOperationHost:AuthzPolicyHttpRuleToOperationHost" + }, + "description": "A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.\nLimited to 5 matches.\nStructure is documented below.\n" + }, + "methods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.\n" + }, + "paths": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleToOperationPath:AuthzPolicyHttpRuleToOperationPath" + }, + "description": "A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.\nLimited to 5 matches.\nNote that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleToOperationHeaderSet:AuthzPolicyHttpRuleToOperationHeaderSet": { + "properties": { + "headers": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleToOperationHeaderSetHeader:AuthzPolicyHttpRuleToOperationHeaderSetHeader" + }, + "description": "A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleToOperationHeaderSetHeader:AuthzPolicyHttpRuleToOperationHeaderSetHeader": { + "properties": { + "name": { + "type": "string", + "description": "Specifies the name of the header in the request.\n" + }, + "value": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue:AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue", + "description": "Specifies how the header match will be performed.\nStructure is documented below.\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue:AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleToOperationHost:AuthzPolicyHttpRuleToOperationHost": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyHttpRuleToOperationPath:AuthzPolicyHttpRuleToOperationPath": { + "properties": { + "contains": { + "type": "string", + "description": "The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc.def\n" + }, + "exact": { + "type": "string", + "description": "The input string must match exactly the string specified here.\nExamples:\n* abc only matches the value abc.\n" + }, + "ignoreCase": { + "type": "boolean", + "description": "If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.\n" + }, + "prefix": { + "type": "string", + "description": "The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value abc.xyz\n" + }, + "suffix": { + "type": "string", + "description": "The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.\nExamples:\n* abc matches the value xyz.abc\n" + } + }, + "type": "object" + }, + "gcp:networksecurity/AuthzPolicyTarget:AuthzPolicyTarget": { + "properties": { + "loadBalancingScheme": { + "type": "string", + "description": "All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme.\nFor more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).\nPossible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`.\n" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of references to the Forwarding Rules on which this policy will be applied.\n\n- - -\n" + } + }, + "type": "object", + "required": [ + "loadBalancingScheme" + ] + }, "gcp:networksecurity/ClientTlsPolicyClientCertificate:ClientTlsPolicyClientCertificate": { "properties": { "certificateProviderInstance": { @@ -101035,6 +101490,22 @@ "targetUri" ] }, + "gcp:networksecurity/InterceptDeploymentGroupConnectedEndpointGroup:InterceptDeploymentGroupConnectedEndpointGroup": { + "properties": { + "name": { + "type": "string", + "description": "(Output)\nOutput only. A connected intercept endpoint group.\n" + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "name" + ] + } + } + }, "gcp:networksecurity/MirroringDeploymentGroupConnectedEndpointGroup:MirroringDeploymentGroupConnectedEndpointGroup": { "properties": { "name": { @@ -107839,6 +108310,10 @@ "type": "string", "description": "If `\"TRUE\"`, then the `Policy` is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.\n" }, + "parameters": { + "type": "string", + "description": "Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\\"allowedLocations\\\" : [\\\"us-east1\\\", \\\"us-west1\\\"], \\\"allowAll\\\" : true }\n" + }, "values": { "$ref": "#/types/gcp:orgpolicy/PolicyDryRunSpecRuleValues:PolicyDryRunSpecRuleValues", "description": "List of values to be used for this policy rule. This field can be set only in policies for list constraints.\nStructure is documented below.\n" @@ -107940,6 +108415,10 @@ "type": "string", "description": "If `\"TRUE\"`, then the `Policy` is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.\n" }, + "parameters": { + "type": "string", + "description": "Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\\"allowedLocations\\\" : [\\\"us-east1\\\", \\\"us-west1\\\"], \\\"allowAll\\\" : true }\n" + }, "values": { "$ref": "#/types/gcp:orgpolicy/PolicySpecRuleValues:PolicySpecRuleValues", "description": "List of values to be used for this policy rule. This field can be set only in policies for list constraints.\nStructure is documented below.\n" @@ -116779,7 +117258,7 @@ }, "connectorEnforcement": { "type": "string", - "description": "Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.\n" + "description": "Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected.\n" }, "dataCacheConfig": { "$ref": "#/types/gcp:sql/DatabaseInstanceSettingsDataCacheConfig:DatabaseInstanceSettingsDataCacheConfig", @@ -120059,6 +120538,10 @@ "$ref": "#/types/gcp:storage/TransferJobTransferSpecGcsDataSource:TransferJobTransferSpecGcsDataSource", "description": "A Google Cloud Storage data source. Structure documented below.\n" }, + "hdfsDataSource": { + "$ref": "#/types/gcp:storage/TransferJobTransferSpecHdfsDataSource:TransferJobTransferSpecHdfsDataSource", + "description": "An HDFS data source. Structure documented below.\n" + }, "httpDataSource": { "$ref": "#/types/gcp:storage/TransferJobTransferSpecHttpDataSource:TransferJobTransferSpecHttpDataSource", "description": "A HTTP URL data source. Structure documented below.\n" @@ -120242,6 +120725,18 @@ } } }, + "gcp:storage/TransferJobTransferSpecHdfsDataSource:TransferJobTransferSpecHdfsDataSource": { + "properties": { + "path": { + "type": "string", + "description": "Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.\n" + } + }, + "type": "object", + "required": [ + "path" + ] + }, "gcp:storage/TransferJobTransferSpecHttpDataSource:TransferJobTransferSpecHttpDataSource": { "properties": { "listUrl": { @@ -120305,7 +120800,7 @@ "properties": { "rootDirectory": { "type": "string", - "description": "Root directory path to the filesystem.\n\n\u003ca name=\"nested_aws_s3_data_source\"\u003e\u003c/a\u003eThe `aws_s3_data_source` block supports:\n" + "description": "Root directory path to the filesystem.\n" } }, "type": "object", @@ -121209,12 +121704,17 @@ }, "network": { "type": "string", - "description": "The name of the network for the TPU node. It must be a preexisting Google Compute Engine\nnetwork. If both network and subnetwork are specified, the given subnetwork must belong\nto the given network. If network is not specified, it will be looked up from the\nsubnetwork if one is provided, or otherwise use \"default\".\n", + "description": "The name of the network for the TPU node. It must be a preexisting Google Compute Engine\nnetwork. If none is provided, \"default\" will be used.\n", + "willReplaceOnChanges": true + }, + "queueCount": { + "type": "integer", + "description": "Specifies networking queue count for TPU VM instance's network interface.\n", "willReplaceOnChanges": true }, "subnetwork": { "type": "string", - "description": "The name of the subnetwork for the TPU node. It must be a preexisting Google Compute\nEngine subnetwork. If both network and subnetwork are specified, the given subnetwork\nmust belong to the given network. If subnetwork is not specified, the subnetwork with the\nsame name as the network will be used.\n", + "description": "The name of the subnetwork for the TPU node. It must be a preexisting Google Compute\nEngine subnetwork. If none is provided, \"default\" will be used.\n", "willReplaceOnChanges": true } }, @@ -128552,10 +129052,6 @@ "type": "string", "description": "Description of the ServicePerimeter and its use. Does not affect\nbehavior.\n" }, - "etag": { - "type": "string", - "description": "An opaque identifier for the current version of the ServicePerimeter. This\nidentifier does not follow any specific format. If an etag is not provided, the\noperation will be performed as if a valid etag is provided.\n" - }, "name": { "type": "string", "description": "Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}\n\n\n- - -\n" @@ -128591,7 +129087,6 @@ }, "required": [ "createTime", - "etag", "name", "parent", "title", @@ -128649,10 +129144,6 @@ "type": "string", "description": "Description of the ServicePerimeter and its use. Does not affect\nbehavior.\n" }, - "etag": { - "type": "string", - "description": "An opaque identifier for the current version of the ServicePerimeter. This\nidentifier does not follow any specific format. If an etag is not provided, the\noperation will be performed as if a valid etag is provided.\n" - }, "name": { "type": "string", "description": "Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}\n\n\n- - -\n", @@ -137627,7 +138118,7 @@ } }, "gcp:artifactregistry/repository:Repository": { - "description": "A repository for storing artifacts\n\n\nTo get more information about Repository, see:\n\n* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)\n\n## Example Usage\n\n### Artifact Registry Repository Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n dockerConfig: {\n immutableTags: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\",\n docker_config={\n \"immutable_tags\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n DockerConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryDockerConfigArgs\n {\n ImmutableTags = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tDockerConfig: \u0026artifactregistry.RepositoryDockerConfigArgs{\n\t\t\t\tImmutableTags: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryDockerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .dockerConfig(RepositoryDockerConfigArgs.builder()\n .immutableTags(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n dockerConfig:\n immutableTags: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cmek\",\n format: \"DOCKER\",\n kmsKeyName: \"kms-key\",\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cmek\",\n format=\"DOCKER\",\n kms_key_name=\"kms-key\",\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cmek\",\n Format = \"DOCKER\",\n KmsKeyName = \"kms-key\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cmek\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cmek\")\n .format(\"DOCKER\")\n .kmsKeyName(\"kms-key\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cmek\n format: DOCKER\n kmsKeyName: kms-key\n options:\n dependsOn:\n - ${cryptoKey}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Virtual\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo_upstream_1 = new gcp.artifactregistry.Repository(\"my-repo-upstream-1\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-1\",\n description: \"example docker repository (upstream source) 1\",\n format: \"DOCKER\",\n});\nconst my_repo_upstream_2 = new gcp.artifactregistry.Repository(\"my-repo-upstream-2\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-2\",\n description: \"example docker repository (upstream source) 2\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example virtual docker repository\",\n format: \"DOCKER\",\n mode: \"VIRTUAL_REPOSITORY\",\n virtualRepositoryConfig: {\n upstreamPolicies: [\n {\n id: \"my-repository-upstream-1\",\n repository: my_repo_upstream_1.id,\n priority: 20,\n },\n {\n id: \"my-repository-upstream-2\",\n repository: my_repo_upstream_2.id,\n priority: 10,\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo_upstream_1 = gcp.artifactregistry.Repository(\"my-repo-upstream-1\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-1\",\n description=\"example docker repository (upstream source) 1\",\n format=\"DOCKER\")\nmy_repo_upstream_2 = gcp.artifactregistry.Repository(\"my-repo-upstream-2\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-2\",\n description=\"example docker repository (upstream source) 2\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example virtual docker repository\",\n format=\"DOCKER\",\n mode=\"VIRTUAL_REPOSITORY\",\n virtual_repository_config={\n \"upstream_policies\": [\n {\n \"id\": \"my-repository-upstream-1\",\n \"repository\": my_repo_upstream_1.id,\n \"priority\": 20,\n },\n {\n \"id\": \"my-repository-upstream-2\",\n \"repository\": my_repo_upstream_2.id,\n \"priority\": 10,\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo_upstream_1 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-1\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-1\",\n Description = \"example docker repository (upstream source) 1\",\n Format = \"DOCKER\",\n });\n\n var my_repo_upstream_2 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-2\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-2\",\n Description = \"example docker repository (upstream source) 2\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example virtual docker repository\",\n Format = \"DOCKER\",\n Mode = \"VIRTUAL_REPOSITORY\",\n VirtualRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigArgs\n {\n UpstreamPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-1\",\n Repository = my_repo_upstream_1.Id,\n Priority = 20,\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-2\",\n Repository = my_repo_upstream_2.Id,\n Priority = 10,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo-upstream-1\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 1\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo-upstream-2\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 2\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example virtual docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"VIRTUAL_REPOSITORY\"),\n\t\t\tVirtualRepositoryConfig: \u0026artifactregistry.RepositoryVirtualRepositoryConfigArgs{\n\t\t\t\tUpstreamPolicies: artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArray{\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_1.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(20),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_2.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryVirtualRepositoryConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo_upstream_1 = new Repository(\"my-repo-upstream-1\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-1\")\n .description(\"example docker repository (upstream source) 1\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo_upstream_2 = new Repository(\"my-repo-upstream-2\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-2\")\n .description(\"example docker repository (upstream source) 2\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example virtual docker repository\")\n .format(\"DOCKER\")\n .mode(\"VIRTUAL_REPOSITORY\")\n .virtualRepositoryConfig(RepositoryVirtualRepositoryConfigArgs.builder()\n .upstreamPolicies( \n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-1\")\n .repository(my_repo_upstream_1.id())\n .priority(20)\n .build(),\n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-2\")\n .repository(my_repo_upstream_2.id())\n .priority(10)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo-upstream-1:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-1\n description: example docker repository (upstream source) 1\n format: DOCKER\n my-repo-upstream-2:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-2\n description: example docker repository (upstream source) 2\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example virtual docker repository\n format: DOCKER\n mode: VIRTUAL_REPOSITORY\n virtualRepositoryConfig:\n upstreamPolicies:\n - id: my-repository-upstream-1\n repository: ${[\"my-repo-upstream-1\"].id}\n priority: 20\n - id: my-repository-upstream-2\n repository: ${[\"my-repo-upstream-2\"].id}\n priority: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example remote docker repository\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub\",\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example remote docker repository\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub\",\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example remote docker repository\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub\",\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example remote docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub\"),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example remote docker repository\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub\")\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example remote docker repository\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub\n dockerRepository:\n publicRepository: DOCKER_HUB\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Apt\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"debian-buster\",\n description: \"example remote apt repository\",\n format: \"APT\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Debian buster remote repository\",\n aptRepository: {\n publicRepository: {\n repositoryBase: \"DEBIAN\",\n repositoryPath: \"debian/dists/buster\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"debian-buster\",\n description=\"example remote apt repository\",\n format=\"APT\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Debian buster remote repository\",\n \"apt_repository\": {\n \"public_repository\": {\n \"repository_base\": \"DEBIAN\",\n \"repository_path\": \"debian/dists/buster\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"debian-buster\",\n Description = \"example remote apt repository\",\n Format = \"APT\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Debian buster remote repository\",\n AptRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"DEBIAN\",\n RepositoryPath = \"debian/dists/buster\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"debian-buster\"),\n\t\t\tDescription: pulumi.String(\"example remote apt repository\"),\n\t\t\tFormat: pulumi.String(\"APT\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Debian buster remote repository\"),\n\t\t\t\tAptRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"DEBIAN\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"debian/dists/buster\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"debian-buster\")\n .description(\"example remote apt repository\")\n .format(\"APT\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Debian buster remote repository\")\n .aptRepository(RepositoryRemoteRepositoryConfigAptRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"DEBIAN\")\n .repositoryPath(\"debian/dists/buster\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: debian-buster\n description: example remote apt repository\n format: APT\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Debian buster remote repository\n aptRepository:\n publicRepository:\n repositoryBase: DEBIAN\n repositoryPath: debian/dists/buster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Yum\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"rocky-9\",\n description: \"example remote yum repository\",\n format: \"YUM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Rocky 9 remote repository\",\n yumRepository: {\n publicRepository: {\n repositoryBase: \"ROCKY\",\n repositoryPath: \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"rocky-9\",\n description=\"example remote yum repository\",\n format=\"YUM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Rocky 9 remote repository\",\n \"yum_repository\": {\n \"public_repository\": {\n \"repository_base\": \"ROCKY\",\n \"repository_path\": \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"rocky-9\",\n Description = \"example remote yum repository\",\n Format = \"YUM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Rocky 9 remote repository\",\n YumRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"ROCKY\",\n RepositoryPath = \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"rocky-9\"),\n\t\t\tDescription: pulumi.String(\"example remote yum repository\"),\n\t\t\tFormat: pulumi.String(\"YUM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Rocky 9 remote repository\"),\n\t\t\t\tYumRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"ROCKY\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"pub/rocky/9/BaseOS/x86_64/os\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"rocky-9\")\n .description(\"example remote yum repository\")\n .format(\"YUM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Rocky 9 remote repository\")\n .yumRepository(RepositoryRemoteRepositoryConfigYumRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"ROCKY\")\n .repositoryPath(\"pub/rocky/9/BaseOS/x86_64/os\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: rocky-9\n description: example remote yum repository\n format: YUM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Rocky 9 remote repository\n yumRepository:\n publicRepository:\n repositoryBase: ROCKY\n repositoryPath: pub/rocky/9/BaseOS/x86_64/os\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cleanup\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cleanup policies\",\n format: \"DOCKER\",\n cleanupPolicyDryRun: false,\n cleanupPolicies: [\n {\n id: \"delete-prerelease\",\n action: \"DELETE\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\n \"alpha\",\n \"v0\",\n ],\n olderThan: \"2592000s\",\n },\n },\n {\n id: \"keep-tagged-release\",\n action: \"KEEP\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\"release\"],\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n id: \"keep-minimum-versions\",\n action: \"KEEP\",\n mostRecentVersions: {\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n keepCount: 5,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cleanup policies\",\n format=\"DOCKER\",\n cleanup_policy_dry_run=False,\n cleanup_policies=[\n {\n \"id\": \"delete-prerelease\",\n \"action\": \"DELETE\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\n \"alpha\",\n \"v0\",\n ],\n \"older_than\": \"2592000s\",\n },\n },\n {\n \"id\": \"keep-tagged-release\",\n \"action\": \"KEEP\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\"release\"],\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n \"id\": \"keep-minimum-versions\",\n \"action\": \"KEEP\",\n \"most_recent_versions\": {\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n \"keep_count\": 5,\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cleanup policies\",\n Format = \"DOCKER\",\n CleanupPolicyDryRun = false,\n CleanupPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"delete-prerelease\",\n Action = \"DELETE\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"alpha\",\n \"v0\",\n },\n OlderThan = \"2592000s\",\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-tagged-release\",\n Action = \"KEEP\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"release\",\n },\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n },\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-minimum-versions\",\n Action = \"KEEP\",\n MostRecentVersions = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyMostRecentVersionsArgs\n {\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n },\n KeepCount = 5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cleanup policies\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tCleanupPolicyDryRun: pulumi.Bool(false),\n\t\t\tCleanupPolicies: artifactregistry.RepositoryCleanupPolicyArray{\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"delete-prerelease\"),\n\t\t\t\t\tAction: pulumi.String(\"DELETE\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"alpha\"),\n\t\t\t\t\t\t\tpulumi.String(\"v0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tOlderThan: pulumi.String(\"2592000s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-tagged-release\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"release\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-minimum-versions\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tMostRecentVersions: \u0026artifactregistry.RepositoryCleanupPolicyMostRecentVersionsArgs{\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t\tpulumi.String(\"sandbox\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tKeepCount: pulumi.Int(5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyConditionArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyMostRecentVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cleanup policies\")\n .format(\"DOCKER\")\n .cleanupPolicyDryRun(false)\n .cleanupPolicies( \n RepositoryCleanupPolicyArgs.builder()\n .id(\"delete-prerelease\")\n .action(\"DELETE\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes( \n \"alpha\",\n \"v0\")\n .olderThan(\"2592000s\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-tagged-release\")\n .action(\"KEEP\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes(\"release\")\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-minimum-versions\")\n .action(\"KEEP\")\n .mostRecentVersions(RepositoryCleanupPolicyMostRecentVersionsArgs.builder()\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\",\n \"sandbox\")\n .keepCount(5)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cleanup policies\n format: DOCKER\n cleanupPolicyDryRun: false\n cleanupPolicies:\n - id: delete-prerelease\n action: DELETE\n condition:\n tagState: TAGGED\n tagPrefixes:\n - alpha\n - v0\n olderThan: 2592000s\n - id: keep-tagged-release\n action: KEEP\n condition:\n tagState: TAGGED\n tagPrefixes:\n - release\n packageNamePrefixes:\n - webapp\n - mobile\n - id: keep-minimum-versions\n action: KEEP\n mostRecentVersions:\n packageNamePrefixes:\n - webapp\n - mobile\n - sandbox\n keepCount: 5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Dockerhub Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-dockerhub-remote\",\n description: \"example remote dockerhub repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub with custom credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-dockerhub-remote\",\n description=\"example remote dockerhub repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub with custom credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-dockerhub-remote\",\n Description = \"example remote dockerhub repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub with custom credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-dockerhub-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote dockerhub repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub with custom credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-dockerhub-remote\")\n .description(\"example remote dockerhub repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub with custom credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-dockerhub-remote\n description: example remote dockerhub repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub with custom credentials\n disableUpstreamValidation: true\n dockerRepository:\n publicRepository: DOCKER_HUB\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Docker Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-docker-custom-remote\",\n description: \"example remote custom docker repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom docker remote with credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n customRepository: {\n uri: \"https://registry-1.docker.io\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-docker-custom-remote\",\n description=\"example remote custom docker repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom docker remote with credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://registry-1.docker.io\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-docker-custom-remote\",\n Description = \"example remote custom docker repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom docker remote with credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs\n {\n Uri = \"https://registry-1.docker.io\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-docker-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom docker repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom docker remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://registry-1.docker.io\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-docker-custom-remote\")\n .description(\"example remote custom docker repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom docker remote with credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://registry-1.docker.io\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-docker-custom-remote\n description: example remote custom docker repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom docker remote with credentials\n disableUpstreamValidation: true\n dockerRepository:\n customRepository:\n uri: https://registry-1.docker.io\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Maven Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-maven-custom-remote\",\n description: \"example remote custom maven repository with credentials\",\n format: \"MAVEN\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom maven remote with credentials\",\n disableUpstreamValidation: true,\n mavenRepository: {\n customRepository: {\n uri: \"https://my.maven.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-maven-custom-remote\",\n description=\"example remote custom maven repository with credentials\",\n format=\"MAVEN\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom maven remote with credentials\",\n \"disable_upstream_validation\": True,\n \"maven_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.maven.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-maven-custom-remote\",\n Description = \"example remote custom maven repository with credentials\",\n Format = \"MAVEN\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom maven remote with credentials\",\n DisableUpstreamValidation = true,\n MavenRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.maven.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-maven-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom maven repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"MAVEN\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom maven remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tMavenRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.maven.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-maven-custom-remote\")\n .description(\"example remote custom maven repository with credentials\")\n .format(\"MAVEN\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom maven remote with credentials\")\n .disableUpstreamValidation(true)\n .mavenRepository(RepositoryRemoteRepositoryConfigMavenRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.maven.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-maven-custom-remote\n description: example remote custom maven repository with credentials\n format: MAVEN\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom maven remote with credentials\n disableUpstreamValidation: true\n mavenRepository:\n customRepository:\n uri: https://my.maven.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Npm Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-npm-custom-remote\",\n description: \"example remote custom npm repository with credentials\",\n format: \"NPM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n npmRepository: {\n customRepository: {\n uri: \"https://my.npm.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-npm-custom-remote\",\n description=\"example remote custom npm repository with credentials\",\n format=\"NPM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"npm_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.npm.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-npm-custom-remote\",\n Description = \"example remote custom npm repository with credentials\",\n Format = \"NPM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n NpmRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.npm.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-npm-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom npm repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"NPM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tNpmRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.npm.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-npm-custom-remote\")\n .description(\"example remote custom npm repository with credentials\")\n .format(\"NPM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .npmRepository(RepositoryRemoteRepositoryConfigNpmRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.npm.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-npm-custom-remote\n description: example remote custom npm repository with credentials\n format: NPM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n npmRepository:\n customRepository:\n uri: https://my.npm.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Python Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-python-custom-remote\",\n description: \"example remote custom python repository with credentials\",\n format: \"PYTHON\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n pythonRepository: {\n customRepository: {\n uri: \"https://my.python.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-python-custom-remote\",\n description=\"example remote custom python repository with credentials\",\n format=\"PYTHON\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"python_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.python.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-python-custom-remote\",\n Description = \"example remote custom python repository with credentials\",\n Format = \"PYTHON\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n PythonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.python.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-python-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom python repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"PYTHON\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tPythonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.python.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-python-custom-remote\")\n .description(\"example remote custom python repository with credentials\")\n .format(\"PYTHON\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .pythonRepository(RepositoryRemoteRepositoryConfigPythonRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.python.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-python-custom-remote\n description: example remote custom python repository with credentials\n format: PYTHON\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n pythonRepository:\n customRepository:\n uri: https://my.python.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst upstreamRepo = new gcp.artifactregistry.Repository(\"upstream_repo\", {\n location: \"us-central1\",\n repositoryId: \"example-upstream-repo\",\n description: \"example upstream repository\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-common-remote\",\n description: \"example remote common repository with docker upstream\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"pull-through cache of another Artifact Registry repository\",\n commonRepository: {\n uri: upstreamRepo.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nupstream_repo = gcp.artifactregistry.Repository(\"upstream_repo\",\n location=\"us-central1\",\n repository_id=\"example-upstream-repo\",\n description=\"example upstream repository\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-common-remote\",\n description=\"example remote common repository with docker upstream\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"pull-through cache of another Artifact Registry repository\",\n \"common_repository\": {\n \"uri\": upstream_repo.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var upstreamRepo = new Gcp.ArtifactRegistry.Repository(\"upstream_repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-upstream-repo\",\n Description = \"example upstream repository\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-common-remote\",\n Description = \"example remote common repository with docker upstream\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"pull-through cache of another Artifact Registry repository\",\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = upstreamRepo.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tupstreamRepo, err := artifactregistry.NewRepository(ctx, \"upstream_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-upstream-repo\"),\n\t\t\tDescription: pulumi.String(\"example upstream repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-common-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote common repository with docker upstream\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"pull-through cache of another Artifact Registry repository\"),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: upstreamRepo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var upstreamRepo = new Repository(\"upstreamRepo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-upstream-repo\")\n .description(\"example upstream repository\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-common-remote\")\n .description(\"example remote common repository with docker upstream\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"pull-through cache of another Artifact Registry repository\")\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(upstreamRepo.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n upstreamRepo:\n type: gcp:artifactregistry:Repository\n name: upstream_repo\n properties:\n location: us-central1\n repositoryId: example-upstream-repo\n description: example upstream repository\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-common-remote\n description: example remote common repository with docker upstream\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: pull-through cache of another Artifact Registry repository\n commonRepository:\n uri: ${upstreamRepo.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Artifact Registry Uri\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst upstreamRepo = new gcp.artifactregistry.Repository(\"upstream_repo\", {\n location: \"us-central1\",\n repositoryId: \"example-upstream-repo\",\n description: \"example upstream repository\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-common-remote\",\n description: \"example remote common repository with docker upstream\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"pull-through cache of another Artifact Registry repository by URL\",\n commonRepository: {\n uri: \"https://us-central1-docker.pkg.dev//example-upstream-repo\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nupstream_repo = gcp.artifactregistry.Repository(\"upstream_repo\",\n location=\"us-central1\",\n repository_id=\"example-upstream-repo\",\n description=\"example upstream repository\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-common-remote\",\n description=\"example remote common repository with docker upstream\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"pull-through cache of another Artifact Registry repository by URL\",\n \"common_repository\": {\n \"uri\": \"https://us-central1-docker.pkg.dev//example-upstream-repo\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var upstreamRepo = new Gcp.ArtifactRegistry.Repository(\"upstream_repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-upstream-repo\",\n Description = \"example upstream repository\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-common-remote\",\n Description = \"example remote common repository with docker upstream\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"pull-through cache of another Artifact Registry repository by URL\",\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = \"https://us-central1-docker.pkg.dev//example-upstream-repo\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"upstream_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-upstream-repo\"),\n\t\t\tDescription: pulumi.String(\"example upstream repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-common-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote common repository with docker upstream\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"pull-through cache of another Artifact Registry repository by URL\"),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: pulumi.String(\"https://us-central1-docker.pkg.dev//example-upstream-repo\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var upstreamRepo = new Repository(\"upstreamRepo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-upstream-repo\")\n .description(\"example upstream repository\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-common-remote\")\n .description(\"example remote common repository with docker upstream\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"pull-through cache of another Artifact Registry repository by URL\")\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(\"https://us-central1-docker.pkg.dev//example-upstream-repo\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n upstreamRepo:\n type: gcp:artifactregistry:Repository\n name: upstream_repo\n properties:\n location: us-central1\n repositoryId: example-upstream-repo\n description: example upstream repository\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-common-remote\n description: example remote common repository with docker upstream\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: pull-through cache of another Artifact Registry repository by URL\n commonRepository:\n uri: https://us-central1-docker.pkg.dev//example-upstream-repo\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Custom Upstream\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-docker-custom-remote\",\n description: \"example remote custom docker repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom common docker remote with credentials\",\n disableUpstreamValidation: true,\n commonRepository: {\n uri: \"https://registry-1.docker.io\",\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-docker-custom-remote\",\n description=\"example remote custom docker repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom common docker remote with credentials\",\n \"disable_upstream_validation\": True,\n \"common_repository\": {\n \"uri\": \"https://registry-1.docker.io\",\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-docker-custom-remote\",\n Description = \"example remote custom docker repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom common docker remote with credentials\",\n DisableUpstreamValidation = true,\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = \"https://registry-1.docker.io\",\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-docker-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom docker repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom common docker remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: pulumi.String(\"https://registry-1.docker.io\"),\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-docker-custom-remote\")\n .description(\"example remote custom docker repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom common docker remote with credentials\")\n .disableUpstreamValidation(true)\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(\"https://registry-1.docker.io\")\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-docker-custom-remote\n description: example remote custom docker repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom common docker remote with credentials\n disableUpstreamValidation: true\n commonRepository:\n uri: https://registry-1.docker.io\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}`\n\n* `{{project}}/{{location}}/{{repository_id}}`\n\n* `{{location}}/{{repository_id}}`\n\n* `{{repository_id}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{project}}/{{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}}\n```\n\n", + "description": "A repository for storing artifacts\n\n\nTo get more information about Repository, see:\n\n* [API documentation](https://cloud.google.com/artifact-registry/docs/reference/rest/v1/projects.locations.repositories)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/artifact-registry/docs/overview)\n\n## Example Usage\n\n### Artifact Registry Repository Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Multi Region\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n location: \"us\",\n format: \"DOCKER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n location=\"us\",\n format=\"DOCKER\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Location = \"us\",\n Format = \"DOCKER\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tLocation: pulumi.String(\"us\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .location(\"us\")\n .format(\"DOCKER\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n repositoryId: my-repository\n description: example docker repository\n location: us\n format: DOCKER\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository\",\n format: \"DOCKER\",\n dockerConfig: {\n immutableTags: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository\",\n format=\"DOCKER\",\n docker_config={\n \"immutable_tags\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository\",\n Format = \"DOCKER\",\n DockerConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryDockerConfigArgs\n {\n ImmutableTags = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tDockerConfig: \u0026artifactregistry.RepositoryDockerConfigArgs{\n\t\t\t\tImmutableTags: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryDockerConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository\")\n .format(\"DOCKER\")\n .dockerConfig(RepositoryDockerConfigArgs.builder()\n .immutableTags(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository\n format: DOCKER\n dockerConfig:\n immutableTags: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cmek\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst cryptoKey = new gcp.kms.CryptoKeyIAMMember(\"crypto_key\", {\n cryptoKeyId: \"kms-key\",\n role: \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cmek\",\n format: \"DOCKER\",\n kmsKeyName: \"kms-key\",\n}, {\n dependsOn: [cryptoKey],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\ncrypto_key = gcp.kms.CryptoKeyIAMMember(\"crypto_key\",\n crypto_key_id=\"kms-key\",\n role=\"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cmek\",\n format=\"DOCKER\",\n kms_key_name=\"kms-key\",\n opts = pulumi.ResourceOptions(depends_on=[crypto_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember(\"crypto_key\", new()\n {\n CryptoKeyId = \"kms-key\",\n Role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cmek\",\n Format = \"DOCKER\",\n KmsKeyName = \"kms-key\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n cryptoKey,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, \"crypto_key\", \u0026kms.CryptoKeyIAMMemberArgs{\n\t\t\tCryptoKeyId: pulumi.String(\"kms-key\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cmek\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tKmsKeyName: pulumi.String(\"kms-key\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tcryptoKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMember;\nimport com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var cryptoKey = new CryptoKeyIAMMember(\"cryptoKey\", CryptoKeyIAMMemberArgs.builder()\n .cryptoKeyId(\"kms-key\")\n .role(\"roles/cloudkms.cryptoKeyEncrypterDecrypter\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cmek\")\n .format(\"DOCKER\")\n .kmsKeyName(\"kms-key\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(cryptoKey)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cmek\n format: DOCKER\n kmsKeyName: kms-key\n options:\n dependsOn:\n - ${cryptoKey}\n cryptoKey:\n type: gcp:kms:CryptoKeyIAMMember\n name: crypto_key\n properties:\n cryptoKeyId: kms-key\n role: roles/cloudkms.cryptoKeyEncrypterDecrypter\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Virtual\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo_upstream_1 = new gcp.artifactregistry.Repository(\"my-repo-upstream-1\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-1\",\n description: \"example docker repository (upstream source) 1\",\n format: \"DOCKER\",\n});\nconst my_repo_upstream_2 = new gcp.artifactregistry.Repository(\"my-repo-upstream-2\", {\n location: \"us-central1\",\n repositoryId: \"my-repository-upstream-2\",\n description: \"example docker repository (upstream source) 2\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example virtual docker repository\",\n format: \"DOCKER\",\n mode: \"VIRTUAL_REPOSITORY\",\n virtualRepositoryConfig: {\n upstreamPolicies: [\n {\n id: \"my-repository-upstream-1\",\n repository: my_repo_upstream_1.id,\n priority: 20,\n },\n {\n id: \"my-repository-upstream-2\",\n repository: my_repo_upstream_2.id,\n priority: 10,\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo_upstream_1 = gcp.artifactregistry.Repository(\"my-repo-upstream-1\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-1\",\n description=\"example docker repository (upstream source) 1\",\n format=\"DOCKER\")\nmy_repo_upstream_2 = gcp.artifactregistry.Repository(\"my-repo-upstream-2\",\n location=\"us-central1\",\n repository_id=\"my-repository-upstream-2\",\n description=\"example docker repository (upstream source) 2\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example virtual docker repository\",\n format=\"DOCKER\",\n mode=\"VIRTUAL_REPOSITORY\",\n virtual_repository_config={\n \"upstream_policies\": [\n {\n \"id\": \"my-repository-upstream-1\",\n \"repository\": my_repo_upstream_1.id,\n \"priority\": 20,\n },\n {\n \"id\": \"my-repository-upstream-2\",\n \"repository\": my_repo_upstream_2.id,\n \"priority\": 10,\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo_upstream_1 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-1\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-1\",\n Description = \"example docker repository (upstream source) 1\",\n Format = \"DOCKER\",\n });\n\n var my_repo_upstream_2 = new Gcp.ArtifactRegistry.Repository(\"my-repo-upstream-2\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository-upstream-2\",\n Description = \"example docker repository (upstream source) 2\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example virtual docker repository\",\n Format = \"DOCKER\",\n Mode = \"VIRTUAL_REPOSITORY\",\n VirtualRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigArgs\n {\n UpstreamPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-1\",\n Repository = my_repo_upstream_1.Id,\n Priority = 20,\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs\n {\n Id = \"my-repository-upstream-2\",\n Repository = my_repo_upstream_2.Id,\n Priority = 10,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo-upstream-1\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 1\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo-upstream-2\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\tDescription: pulumi.String(\"example docker repository (upstream source) 2\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example virtual docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"VIRTUAL_REPOSITORY\"),\n\t\t\tVirtualRepositoryConfig: \u0026artifactregistry.RepositoryVirtualRepositoryConfigArgs{\n\t\t\t\tUpstreamPolicies: artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArray{\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-1\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_1.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(20),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026artifactregistry.RepositoryVirtualRepositoryConfigUpstreamPolicyArgs{\n\t\t\t\t\t\tId: pulumi.String(\"my-repository-upstream-2\"),\n\t\t\t\t\t\tRepository: my_repo_upstream_2.ID(),\n\t\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryVirtualRepositoryConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo_upstream_1 = new Repository(\"my-repo-upstream-1\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-1\")\n .description(\"example docker repository (upstream source) 1\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo_upstream_2 = new Repository(\"my-repo-upstream-2\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository-upstream-2\")\n .description(\"example docker repository (upstream source) 2\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example virtual docker repository\")\n .format(\"DOCKER\")\n .mode(\"VIRTUAL_REPOSITORY\")\n .virtualRepositoryConfig(RepositoryVirtualRepositoryConfigArgs.builder()\n .upstreamPolicies( \n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-1\")\n .repository(my_repo_upstream_1.id())\n .priority(20)\n .build(),\n RepositoryVirtualRepositoryConfigUpstreamPolicyArgs.builder()\n .id(\"my-repository-upstream-2\")\n .repository(my_repo_upstream_2.id())\n .priority(10)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo-upstream-1:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-1\n description: example docker repository (upstream source) 1\n format: DOCKER\n my-repo-upstream-2:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository-upstream-2\n description: example docker repository (upstream source) 2\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example virtual docker repository\n format: DOCKER\n mode: VIRTUAL_REPOSITORY\n virtualRepositoryConfig:\n upstreamPolicies:\n - id: my-repository-upstream-1\n repository: ${[\"my-repo-upstream-1\"].id}\n priority: 20\n - id: my-repository-upstream-2\n repository: ${[\"my-repo-upstream-2\"].id}\n priority: 10\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example remote docker repository\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub\",\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example remote docker repository\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub\",\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example remote docker repository\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub\",\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example remote docker repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub\"),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example remote docker repository\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub\")\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example remote docker repository\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub\n dockerRepository:\n publicRepository: DOCKER_HUB\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Apt\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"debian-buster\",\n description: \"example remote apt repository\",\n format: \"APT\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Debian buster remote repository\",\n aptRepository: {\n publicRepository: {\n repositoryBase: \"DEBIAN\",\n repositoryPath: \"debian/dists/buster\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"debian-buster\",\n description=\"example remote apt repository\",\n format=\"APT\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Debian buster remote repository\",\n \"apt_repository\": {\n \"public_repository\": {\n \"repository_base\": \"DEBIAN\",\n \"repository_path\": \"debian/dists/buster\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"debian-buster\",\n Description = \"example remote apt repository\",\n Format = \"APT\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Debian buster remote repository\",\n AptRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"DEBIAN\",\n RepositoryPath = \"debian/dists/buster\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"debian-buster\"),\n\t\t\tDescription: pulumi.String(\"example remote apt repository\"),\n\t\t\tFormat: pulumi.String(\"APT\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Debian buster remote repository\"),\n\t\t\t\tAptRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"DEBIAN\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"debian/dists/buster\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"debian-buster\")\n .description(\"example remote apt repository\")\n .format(\"APT\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Debian buster remote repository\")\n .aptRepository(RepositoryRemoteRepositoryConfigAptRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigAptRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"DEBIAN\")\n .repositoryPath(\"debian/dists/buster\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: debian-buster\n description: example remote apt repository\n format: APT\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Debian buster remote repository\n aptRepository:\n publicRepository:\n repositoryBase: DEBIAN\n repositoryPath: debian/dists/buster\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Yum\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"rocky-9\",\n description: \"example remote yum repository\",\n format: \"YUM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"Rocky 9 remote repository\",\n yumRepository: {\n publicRepository: {\n repositoryBase: \"ROCKY\",\n repositoryPath: \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"rocky-9\",\n description=\"example remote yum repository\",\n format=\"YUM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"Rocky 9 remote repository\",\n \"yum_repository\": {\n \"public_repository\": {\n \"repository_base\": \"ROCKY\",\n \"repository_path\": \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"rocky-9\",\n Description = \"example remote yum repository\",\n Format = \"YUM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"Rocky 9 remote repository\",\n YumRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs\n {\n PublicRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs\n {\n RepositoryBase = \"ROCKY\",\n RepositoryPath = \"pub/rocky/9/BaseOS/x86_64/os\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"rocky-9\"),\n\t\t\tDescription: pulumi.String(\"example remote yum repository\"),\n\t\t\tFormat: pulumi.String(\"YUM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"Rocky 9 remote repository\"),\n\t\t\t\tYumRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryArgs{\n\t\t\t\t\tPublicRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs{\n\t\t\t\t\t\tRepositoryBase: pulumi.String(\"ROCKY\"),\n\t\t\t\t\t\tRepositoryPath: pulumi.String(\"pub/rocky/9/BaseOS/x86_64/os\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"rocky-9\")\n .description(\"example remote yum repository\")\n .format(\"YUM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"Rocky 9 remote repository\")\n .yumRepository(RepositoryRemoteRepositoryConfigYumRepositoryArgs.builder()\n .publicRepository(RepositoryRemoteRepositoryConfigYumRepositoryPublicRepositoryArgs.builder()\n .repositoryBase(\"ROCKY\")\n .repositoryPath(\"pub/rocky/9/BaseOS/x86_64/os\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: rocky-9\n description: example remote yum repository\n format: YUM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: Rocky 9 remote repository\n yumRepository:\n publicRepository:\n repositoryBase: ROCKY\n repositoryPath: pub/rocky/9/BaseOS/x86_64/os\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Cleanup\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"my-repository\",\n description: \"example docker repository with cleanup policies\",\n format: \"DOCKER\",\n cleanupPolicyDryRun: false,\n cleanupPolicies: [\n {\n id: \"delete-prerelease\",\n action: \"DELETE\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\n \"alpha\",\n \"v0\",\n ],\n olderThan: \"2592000s\",\n },\n },\n {\n id: \"keep-tagged-release\",\n action: \"KEEP\",\n condition: {\n tagState: \"TAGGED\",\n tagPrefixes: [\"release\"],\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n id: \"keep-minimum-versions\",\n action: \"KEEP\",\n mostRecentVersions: {\n packageNamePrefixes: [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n keepCount: 5,\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"my-repository\",\n description=\"example docker repository with cleanup policies\",\n format=\"DOCKER\",\n cleanup_policy_dry_run=False,\n cleanup_policies=[\n {\n \"id\": \"delete-prerelease\",\n \"action\": \"DELETE\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\n \"alpha\",\n \"v0\",\n ],\n \"older_than\": \"2592000s\",\n },\n },\n {\n \"id\": \"keep-tagged-release\",\n \"action\": \"KEEP\",\n \"condition\": {\n \"tag_state\": \"TAGGED\",\n \"tag_prefixes\": [\"release\"],\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n ],\n },\n },\n {\n \"id\": \"keep-minimum-versions\",\n \"action\": \"KEEP\",\n \"most_recent_versions\": {\n \"package_name_prefixes\": [\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n ],\n \"keep_count\": 5,\n },\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"my-repository\",\n Description = \"example docker repository with cleanup policies\",\n Format = \"DOCKER\",\n CleanupPolicyDryRun = false,\n CleanupPolicies = new[]\n {\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"delete-prerelease\",\n Action = \"DELETE\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"alpha\",\n \"v0\",\n },\n OlderThan = \"2592000s\",\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-tagged-release\",\n Action = \"KEEP\",\n Condition = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyConditionArgs\n {\n TagState = \"TAGGED\",\n TagPrefixes = new[]\n {\n \"release\",\n },\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n },\n },\n },\n new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyArgs\n {\n Id = \"keep-minimum-versions\",\n Action = \"KEEP\",\n MostRecentVersions = new Gcp.ArtifactRegistry.Inputs.RepositoryCleanupPolicyMostRecentVersionsArgs\n {\n PackageNamePrefixes = new[]\n {\n \"webapp\",\n \"mobile\",\n \"sandbox\",\n },\n KeepCount = 5,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"my-repository\"),\n\t\t\tDescription: pulumi.String(\"example docker repository with cleanup policies\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tCleanupPolicyDryRun: pulumi.Bool(false),\n\t\t\tCleanupPolicies: artifactregistry.RepositoryCleanupPolicyArray{\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"delete-prerelease\"),\n\t\t\t\t\tAction: pulumi.String(\"DELETE\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"alpha\"),\n\t\t\t\t\t\t\tpulumi.String(\"v0\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tOlderThan: pulumi.String(\"2592000s\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-tagged-release\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tCondition: \u0026artifactregistry.RepositoryCleanupPolicyConditionArgs{\n\t\t\t\t\t\tTagState: pulumi.String(\"TAGGED\"),\n\t\t\t\t\t\tTagPrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"release\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026artifactregistry.RepositoryCleanupPolicyArgs{\n\t\t\t\t\tId: pulumi.String(\"keep-minimum-versions\"),\n\t\t\t\t\tAction: pulumi.String(\"KEEP\"),\n\t\t\t\t\tMostRecentVersions: \u0026artifactregistry.RepositoryCleanupPolicyMostRecentVersionsArgs{\n\t\t\t\t\t\tPackageNamePrefixes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"webapp\"),\n\t\t\t\t\t\t\tpulumi.String(\"mobile\"),\n\t\t\t\t\t\t\tpulumi.String(\"sandbox\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tKeepCount: pulumi.Int(5),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyConditionArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryCleanupPolicyMostRecentVersionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"my-repository\")\n .description(\"example docker repository with cleanup policies\")\n .format(\"DOCKER\")\n .cleanupPolicyDryRun(false)\n .cleanupPolicies( \n RepositoryCleanupPolicyArgs.builder()\n .id(\"delete-prerelease\")\n .action(\"DELETE\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes( \n \"alpha\",\n \"v0\")\n .olderThan(\"2592000s\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-tagged-release\")\n .action(\"KEEP\")\n .condition(RepositoryCleanupPolicyConditionArgs.builder()\n .tagState(\"TAGGED\")\n .tagPrefixes(\"release\")\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\")\n .build())\n .build(),\n RepositoryCleanupPolicyArgs.builder()\n .id(\"keep-minimum-versions\")\n .action(\"KEEP\")\n .mostRecentVersions(RepositoryCleanupPolicyMostRecentVersionsArgs.builder()\n .packageNamePrefixes( \n \"webapp\",\n \"mobile\",\n \"sandbox\")\n .keepCount(5)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: my-repository\n description: example docker repository with cleanup policies\n format: DOCKER\n cleanupPolicyDryRun: false\n cleanupPolicies:\n - id: delete-prerelease\n action: DELETE\n condition:\n tagState: TAGGED\n tagPrefixes:\n - alpha\n - v0\n olderThan: 2592000s\n - id: keep-tagged-release\n action: KEEP\n condition:\n tagState: TAGGED\n tagPrefixes:\n - release\n packageNamePrefixes:\n - webapp\n - mobile\n - id: keep-minimum-versions\n action: KEEP\n mostRecentVersions:\n packageNamePrefixes:\n - webapp\n - mobile\n - sandbox\n keepCount: 5\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Dockerhub Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-dockerhub-remote\",\n description: \"example remote dockerhub repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"docker hub with custom credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n publicRepository: \"DOCKER_HUB\",\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-dockerhub-remote\",\n description=\"example remote dockerhub repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"docker hub with custom credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"public_repository\": \"DOCKER_HUB\",\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-dockerhub-remote\",\n Description = \"example remote dockerhub repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"docker hub with custom credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n PublicRepository = \"DOCKER_HUB\",\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-dockerhub-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote dockerhub repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"docker hub with custom credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tPublicRepository: pulumi.String(\"DOCKER_HUB\"),\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-dockerhub-remote\")\n .description(\"example remote dockerhub repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"docker hub with custom credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .publicRepository(\"DOCKER_HUB\")\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-dockerhub-remote\n description: example remote dockerhub repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: docker hub with custom credentials\n disableUpstreamValidation: true\n dockerRepository:\n publicRepository: DOCKER_HUB\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Docker Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-docker-custom-remote\",\n description: \"example remote custom docker repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom docker remote with credentials\",\n disableUpstreamValidation: true,\n dockerRepository: {\n customRepository: {\n uri: \"https://registry-1.docker.io\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-docker-custom-remote\",\n description=\"example remote custom docker repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom docker remote with credentials\",\n \"disable_upstream_validation\": True,\n \"docker_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://registry-1.docker.io\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-docker-custom-remote\",\n Description = \"example remote custom docker repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom docker remote with credentials\",\n DisableUpstreamValidation = true,\n DockerRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs\n {\n Uri = \"https://registry-1.docker.io\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-docker-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom docker repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom docker remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tDockerRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://registry-1.docker.io\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-docker-custom-remote\")\n .description(\"example remote custom docker repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom docker remote with credentials\")\n .disableUpstreamValidation(true)\n .dockerRepository(RepositoryRemoteRepositoryConfigDockerRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigDockerRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://registry-1.docker.io\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-docker-custom-remote\n description: example remote custom docker repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom docker remote with credentials\n disableUpstreamValidation: true\n dockerRepository:\n customRepository:\n uri: https://registry-1.docker.io\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Maven Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-maven-custom-remote\",\n description: \"example remote custom maven repository with credentials\",\n format: \"MAVEN\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom maven remote with credentials\",\n disableUpstreamValidation: true,\n mavenRepository: {\n customRepository: {\n uri: \"https://my.maven.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-maven-custom-remote\",\n description=\"example remote custom maven repository with credentials\",\n format=\"MAVEN\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom maven remote with credentials\",\n \"disable_upstream_validation\": True,\n \"maven_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.maven.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-maven-custom-remote\",\n Description = \"example remote custom maven repository with credentials\",\n Format = \"MAVEN\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom maven remote with credentials\",\n DisableUpstreamValidation = true,\n MavenRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.maven.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-maven-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom maven repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"MAVEN\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom maven remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tMavenRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.maven.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-maven-custom-remote\")\n .description(\"example remote custom maven repository with credentials\")\n .format(\"MAVEN\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom maven remote with credentials\")\n .disableUpstreamValidation(true)\n .mavenRepository(RepositoryRemoteRepositoryConfigMavenRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigMavenRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.maven.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-maven-custom-remote\n description: example remote custom maven repository with credentials\n format: MAVEN\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom maven remote with credentials\n disableUpstreamValidation: true\n mavenRepository:\n customRepository:\n uri: https://my.maven.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Npm Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-npm-custom-remote\",\n description: \"example remote custom npm repository with credentials\",\n format: \"NPM\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n npmRepository: {\n customRepository: {\n uri: \"https://my.npm.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-npm-custom-remote\",\n description=\"example remote custom npm repository with credentials\",\n format=\"NPM\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"npm_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.npm.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-npm-custom-remote\",\n Description = \"example remote custom npm repository with credentials\",\n Format = \"NPM\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n NpmRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.npm.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-npm-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom npm repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"NPM\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tNpmRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.npm.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-npm-custom-remote\")\n .description(\"example remote custom npm repository with credentials\")\n .format(\"NPM\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .npmRepository(RepositoryRemoteRepositoryConfigNpmRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigNpmRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.npm.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-npm-custom-remote\n description: example remote custom npm repository with credentials\n format: NPM\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n npmRepository:\n customRepository:\n uri: https://my.npm.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Python Custom With Auth\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-python-custom-remote\",\n description: \"example remote custom python repository with credentials\",\n format: \"PYTHON\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom npm with credentials\",\n disableUpstreamValidation: true,\n pythonRepository: {\n customRepository: {\n uri: \"https://my.python.registry\",\n },\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-python-custom-remote\",\n description=\"example remote custom python repository with credentials\",\n format=\"PYTHON\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom npm with credentials\",\n \"disable_upstream_validation\": True,\n \"python_repository\": {\n \"custom_repository\": {\n \"uri\": \"https://my.python.registry\",\n },\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-python-custom-remote\",\n Description = \"example remote custom python repository with credentials\",\n Format = \"PYTHON\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom npm with credentials\",\n DisableUpstreamValidation = true,\n PythonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs\n {\n CustomRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs\n {\n Uri = \"https://my.python.registry\",\n },\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-python-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom python repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"PYTHON\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom npm with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tPythonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryArgs{\n\t\t\t\t\tCustomRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs{\n\t\t\t\t\t\tUri: pulumi.String(\"https://my.python.registry\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-python-custom-remote\")\n .description(\"example remote custom python repository with credentials\")\n .format(\"PYTHON\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom npm with credentials\")\n .disableUpstreamValidation(true)\n .pythonRepository(RepositoryRemoteRepositoryConfigPythonRepositoryArgs.builder()\n .customRepository(RepositoryRemoteRepositoryConfigPythonRepositoryCustomRepositoryArgs.builder()\n .uri(\"https://my.python.registry\")\n .build())\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-python-custom-remote\n description: example remote custom python repository with credentials\n format: PYTHON\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom npm with credentials\n disableUpstreamValidation: true\n pythonRepository:\n customRepository:\n uri: https://my.python.registry\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Docker\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst upstreamRepo = new gcp.artifactregistry.Repository(\"upstream_repo\", {\n location: \"us-central1\",\n repositoryId: \"example-upstream-repo\",\n description: \"example upstream repository\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-common-remote\",\n description: \"example remote common repository with docker upstream\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"pull-through cache of another Artifact Registry repository\",\n commonRepository: {\n uri: upstreamRepo.id,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nupstream_repo = gcp.artifactregistry.Repository(\"upstream_repo\",\n location=\"us-central1\",\n repository_id=\"example-upstream-repo\",\n description=\"example upstream repository\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-common-remote\",\n description=\"example remote common repository with docker upstream\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"pull-through cache of another Artifact Registry repository\",\n \"common_repository\": {\n \"uri\": upstream_repo.id,\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var upstreamRepo = new Gcp.ArtifactRegistry.Repository(\"upstream_repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-upstream-repo\",\n Description = \"example upstream repository\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-common-remote\",\n Description = \"example remote common repository with docker upstream\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"pull-through cache of another Artifact Registry repository\",\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = upstreamRepo.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tupstreamRepo, err := artifactregistry.NewRepository(ctx, \"upstream_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-upstream-repo\"),\n\t\t\tDescription: pulumi.String(\"example upstream repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-common-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote common repository with docker upstream\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"pull-through cache of another Artifact Registry repository\"),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: upstreamRepo.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var upstreamRepo = new Repository(\"upstreamRepo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-upstream-repo\")\n .description(\"example upstream repository\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-common-remote\")\n .description(\"example remote common repository with docker upstream\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"pull-through cache of another Artifact Registry repository\")\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(upstreamRepo.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n upstreamRepo:\n type: gcp:artifactregistry:Repository\n name: upstream_repo\n properties:\n location: us-central1\n repositoryId: example-upstream-repo\n description: example upstream repository\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-common-remote\n description: example remote common repository with docker upstream\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: pull-through cache of another Artifact Registry repository\n commonRepository:\n uri: ${upstreamRepo.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Artifact Registry Uri\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst upstreamRepo = new gcp.artifactregistry.Repository(\"upstream_repo\", {\n location: \"us-central1\",\n repositoryId: \"example-upstream-repo\",\n description: \"example upstream repository\",\n format: \"DOCKER\",\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-common-remote\",\n description: \"example remote common repository with docker upstream\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"pull-through cache of another Artifact Registry repository by URL\",\n commonRepository: {\n uri: \"https://us-central1-docker.pkg.dev//example-upstream-repo\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nupstream_repo = gcp.artifactregistry.Repository(\"upstream_repo\",\n location=\"us-central1\",\n repository_id=\"example-upstream-repo\",\n description=\"example upstream repository\",\n format=\"DOCKER\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-common-remote\",\n description=\"example remote common repository with docker upstream\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"pull-through cache of another Artifact Registry repository by URL\",\n \"common_repository\": {\n \"uri\": \"https://us-central1-docker.pkg.dev//example-upstream-repo\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var upstreamRepo = new Gcp.ArtifactRegistry.Repository(\"upstream_repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-upstream-repo\",\n Description = \"example upstream repository\",\n Format = \"DOCKER\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-common-remote\",\n Description = \"example remote common repository with docker upstream\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"pull-through cache of another Artifact Registry repository by URL\",\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = \"https://us-central1-docker.pkg.dev//example-upstream-repo\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"upstream_repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-upstream-repo\"),\n\t\t\tDescription: pulumi.String(\"example upstream repository\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-common-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote common repository with docker upstream\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"pull-through cache of another Artifact Registry repository by URL\"),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: pulumi.String(\"https://us-central1-docker.pkg.dev//example-upstream-repo\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var upstreamRepo = new Repository(\"upstreamRepo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-upstream-repo\")\n .description(\"example upstream repository\")\n .format(\"DOCKER\")\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-common-remote\")\n .description(\"example remote common repository with docker upstream\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"pull-through cache of another Artifact Registry repository by URL\")\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(\"https://us-central1-docker.pkg.dev//example-upstream-repo\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n upstreamRepo:\n type: gcp:artifactregistry:Repository\n name: upstream_repo\n properties:\n location: us-central1\n repositoryId: example-upstream-repo\n description: example upstream repository\n format: DOCKER\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-common-remote\n description: example remote common repository with docker upstream\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: pull-through cache of another Artifact Registry repository by URL\n commonRepository:\n uri: https://us-central1-docker.pkg.dev//example-upstream-repo\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Artifact Registry Repository Remote Common Repository With Custom Upstream\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = gcp.organizations.getProject({});\nconst example_remote_secret = new gcp.secretmanager.Secret(\"example-remote-secret\", {\n secretId: \"example-secret\",\n replication: {\n auto: {},\n },\n});\nconst example_remote_secretVersion = new gcp.secretmanager.SecretVersion(\"example-remote-secret_version\", {\n secret: example_remote_secret.id,\n secretData: \"remote-password\",\n});\nconst secret_access = new gcp.secretmanager.SecretIamMember(\"secret-access\", {\n secretId: example_remote_secret.id,\n role: \"roles/secretmanager.secretAccessor\",\n member: project.then(project =\u003e `serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com`),\n});\nconst my_repo = new gcp.artifactregistry.Repository(\"my-repo\", {\n location: \"us-central1\",\n repositoryId: \"example-docker-custom-remote\",\n description: \"example remote custom docker repository with credentials\",\n format: \"DOCKER\",\n mode: \"REMOTE_REPOSITORY\",\n remoteRepositoryConfig: {\n description: \"custom common docker remote with credentials\",\n disableUpstreamValidation: true,\n commonRepository: {\n uri: \"https://registry-1.docker.io\",\n },\n upstreamCredentials: {\n usernamePasswordCredentials: {\n username: \"remote-username\",\n passwordSecretVersion: example_remote_secretVersion.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.organizations.get_project()\nexample_remote_secret = gcp.secretmanager.Secret(\"example-remote-secret\",\n secret_id=\"example-secret\",\n replication={\n \"auto\": {},\n })\nexample_remote_secret_version = gcp.secretmanager.SecretVersion(\"example-remote-secret_version\",\n secret=example_remote_secret.id,\n secret_data=\"remote-password\")\nsecret_access = gcp.secretmanager.SecretIamMember(\"secret-access\",\n secret_id=example_remote_secret.id,\n role=\"roles/secretmanager.secretAccessor\",\n member=f\"serviceAccount:service-{project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\")\nmy_repo = gcp.artifactregistry.Repository(\"my-repo\",\n location=\"us-central1\",\n repository_id=\"example-docker-custom-remote\",\n description=\"example remote custom docker repository with credentials\",\n format=\"DOCKER\",\n mode=\"REMOTE_REPOSITORY\",\n remote_repository_config={\n \"description\": \"custom common docker remote with credentials\",\n \"disable_upstream_validation\": True,\n \"common_repository\": {\n \"uri\": \"https://registry-1.docker.io\",\n },\n \"upstream_credentials\": {\n \"username_password_credentials\": {\n \"username\": \"remote-username\",\n \"password_secret_version\": example_remote_secret_version.name,\n },\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = Gcp.Organizations.GetProject.Invoke();\n\n var example_remote_secret = new Gcp.SecretManager.Secret(\"example-remote-secret\", new()\n {\n SecretId = \"example-secret\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var example_remote_secretVersion = new Gcp.SecretManager.SecretVersion(\"example-remote-secret_version\", new()\n {\n Secret = example_remote_secret.Id,\n SecretData = \"remote-password\",\n });\n\n var secret_access = new Gcp.SecretManager.SecretIamMember(\"secret-access\", new()\n {\n SecretId = example_remote_secret.Id,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = $\"serviceAccount:service-{project.Apply(getProjectResult =\u003e getProjectResult.Number)}@gcp-sa-artifactregistry.iam.gserviceaccount.com\",\n });\n\n var my_repo = new Gcp.ArtifactRegistry.Repository(\"my-repo\", new()\n {\n Location = \"us-central1\",\n RepositoryId = \"example-docker-custom-remote\",\n Description = \"example remote custom docker repository with credentials\",\n Format = \"DOCKER\",\n Mode = \"REMOTE_REPOSITORY\",\n RemoteRepositoryConfig = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigArgs\n {\n Description = \"custom common docker remote with credentials\",\n DisableUpstreamValidation = true,\n CommonRepository = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs\n {\n Uri = \"https://registry-1.docker.io\",\n },\n UpstreamCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs\n {\n UsernamePasswordCredentials = new Gcp.ArtifactRegistry.Inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs\n {\n Username = \"remote-username\",\n PasswordSecretVersion = example_remote_secretVersion.Name,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproject, err := organizations.LookupProject(ctx, \u0026organizations.LookupProjectArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecret(ctx, \"example-remote-secret\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"example-secret\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"example-remote-secret_version\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: example_remote_secret.ID(),\n\t\t\tSecretData: pulumi.String(\"remote-password\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamMember(ctx, \"secret-access\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tSecretId: example_remote_secret.ID(),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.Sprintf(\"serviceAccount:service-%v@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.Number),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepository(ctx, \"my-repo\", \u0026artifactregistry.RepositoryArgs{\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tRepositoryId: pulumi.String(\"example-docker-custom-remote\"),\n\t\t\tDescription: pulumi.String(\"example remote custom docker repository with credentials\"),\n\t\t\tFormat: pulumi.String(\"DOCKER\"),\n\t\t\tMode: pulumi.String(\"REMOTE_REPOSITORY\"),\n\t\t\tRemoteRepositoryConfig: \u0026artifactregistry.RepositoryRemoteRepositoryConfigArgs{\n\t\t\t\tDescription: pulumi.String(\"custom common docker remote with credentials\"),\n\t\t\t\tDisableUpstreamValidation: pulumi.Bool(true),\n\t\t\t\tCommonRepository: \u0026artifactregistry.RepositoryRemoteRepositoryConfigCommonRepositoryArgs{\n\t\t\t\t\tUri: pulumi.String(\"https://registry-1.docker.io\"),\n\t\t\t\t},\n\t\t\t\tUpstreamCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs{\n\t\t\t\t\tUsernamePasswordCredentials: \u0026artifactregistry.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs{\n\t\t\t\t\t\tUsername: pulumi.String(\"remote-username\"),\n\t\t\t\t\t\tPasswordSecretVersion: example_remote_secretVersion.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetProjectArgs;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport com.pulumi.gcp.artifactregistry.Repository;\nimport com.pulumi.gcp.artifactregistry.RepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigCommonRepositoryArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs;\nimport com.pulumi.gcp.artifactregistry.inputs.RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var project = OrganizationsFunctions.getProject();\n\n var example_remote_secret = new Secret(\"example-remote-secret\", SecretArgs.builder()\n .secretId(\"example-secret\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var example_remote_secretVersion = new SecretVersion(\"example-remote-secretVersion\", SecretVersionArgs.builder()\n .secret(example_remote_secret.id())\n .secretData(\"remote-password\")\n .build());\n\n var secret_access = new SecretIamMember(\"secret-access\", SecretIamMemberArgs.builder()\n .secretId(example_remote_secret.id())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(String.format(\"serviceAccount:service-%s@gcp-sa-artifactregistry.iam.gserviceaccount.com\", project.applyValue(getProjectResult -\u003e getProjectResult.number())))\n .build());\n\n var my_repo = new Repository(\"my-repo\", RepositoryArgs.builder()\n .location(\"us-central1\")\n .repositoryId(\"example-docker-custom-remote\")\n .description(\"example remote custom docker repository with credentials\")\n .format(\"DOCKER\")\n .mode(\"REMOTE_REPOSITORY\")\n .remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs.builder()\n .description(\"custom common docker remote with credentials\")\n .disableUpstreamValidation(true)\n .commonRepository(RepositoryRemoteRepositoryConfigCommonRepositoryArgs.builder()\n .uri(\"https://registry-1.docker.io\")\n .build())\n .upstreamCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsArgs.builder()\n .usernamePasswordCredentials(RepositoryRemoteRepositoryConfigUpstreamCredentialsUsernamePasswordCredentialsArgs.builder()\n .username(\"remote-username\")\n .passwordSecretVersion(example_remote_secretVersion.name())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example-remote-secret:\n type: gcp:secretmanager:Secret\n properties:\n secretId: example-secret\n replication:\n auto: {}\n example-remote-secretVersion:\n type: gcp:secretmanager:SecretVersion\n name: example-remote-secret_version\n properties:\n secret: ${[\"example-remote-secret\"].id}\n secretData: remote-password\n secret-access:\n type: gcp:secretmanager:SecretIamMember\n properties:\n secretId: ${[\"example-remote-secret\"].id}\n role: roles/secretmanager.secretAccessor\n member: serviceAccount:service-${project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com\n my-repo:\n type: gcp:artifactregistry:Repository\n properties:\n location: us-central1\n repositoryId: example-docker-custom-remote\n description: example remote custom docker repository with credentials\n format: DOCKER\n mode: REMOTE_REPOSITORY\n remoteRepositoryConfig:\n description: custom common docker remote with credentials\n disableUpstreamValidation: true\n commonRepository:\n uri: https://registry-1.docker.io\n upstreamCredentials:\n usernamePasswordCredentials:\n username: remote-username\n passwordSecretVersion: ${[\"example-remote-secretVersion\"].name}\nvariables:\n project:\n fn::invoke:\n function: gcp:organizations:getProject\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRepository can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}`\n\n* `{{project}}/{{location}}/{{repository_id}}`\n\n* `{{location}}/{{repository_id}}`\n\nWhen using the `pulumi import` command, Repository can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{project}}/{{location}}/{{repository_id}}\n```\n\n```sh\n$ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}}\n```\n\n", "properties": { "cleanupPolicies": { "type": "array", @@ -137662,7 +138153,7 @@ }, "format": { "type": "string", - "description": "The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).\n\n\n- - -\n" + "description": "The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).\n" }, "kmsKeyName": { "type": "string", @@ -137677,7 +138168,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\n" + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values.\n" }, "mavenConfig": { "$ref": "#/types/gcp:artifactregistry/RepositoryMavenConfig:RepositoryMavenConfig", @@ -137709,7 +138200,7 @@ }, "repositoryId": { "type": "string", - "description": "The last part of the repository name, for example:\n\"repo1\"\n" + "description": "The last part of the repository name, for example:\n\"repo1\"\n\n\n- - -\n" }, "updateTime": { "type": "string", @@ -137753,7 +138244,7 @@ }, "format": { "type": "string", - "description": "The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).\n\n\n- - -\n", + "description": "The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).\n", "willReplaceOnChanges": true }, "kmsKeyName": { @@ -137770,7 +138261,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values.\n", "willReplaceOnChanges": true }, "mavenConfig": { @@ -137794,7 +138285,7 @@ }, "repositoryId": { "type": "string", - "description": "The last part of the repository name, for example:\n\"repo1\"\n", + "description": "The last part of the repository name, for example:\n\"repo1\"\n\n\n- - -\n", "willReplaceOnChanges": true }, "virtualRepositoryConfig": { @@ -137842,7 +138333,7 @@ }, "format": { "type": "string", - "description": "The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).\n\n\n- - -\n", + "description": "The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).\n", "willReplaceOnChanges": true }, "kmsKeyName": { @@ -137859,7 +138350,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values.\n", "willReplaceOnChanges": true }, "mavenConfig": { @@ -137895,7 +138386,7 @@ }, "repositoryId": { "type": "string", - "description": "The last part of the repository name, for example:\n\"repo1\"\n", + "description": "The last part of the repository name, for example:\n\"repo1\"\n\n\n- - -\n", "willReplaceOnChanges": true }, "updateTime": { @@ -137922,7 +138413,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n" + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n" }, "members": { "type": "array", @@ -137959,7 +138450,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "members": { @@ -138003,7 +138494,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "members": { @@ -138044,7 +138535,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n" + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n" }, "member": { "type": "string", @@ -138078,7 +138569,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "member": { @@ -138120,7 +138611,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "member": { @@ -138156,7 +138647,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n" + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n" }, "policyData": { "type": "string", @@ -138181,7 +138672,7 @@ "inputProperties": { "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "policyData": { @@ -138212,7 +138703,7 @@ }, "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "policyData": { @@ -164275,7 +164766,7 @@ } }, "gcp:compute/globalForwardingRule:GlobalForwardingRule": { - "description": "Represents a GlobalForwardingRule resource. Global forwarding rules are\nused to forward traffic to the correct load balancer for HTTP load\nbalancing. Global forwarding rules can only be used for HTTP load\nbalancing.\n\nFor more information, see https://cloud.google.com/compute/docs/load-balancing/http/\n\n\n\n## Example Usage\n\n### Global Forwarding Rule Http\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"check-backend\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"check-backend\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"check-backend\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: check-backend\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Internal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: \"default\",\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n});\nconst igm = new gcp.compute.InstanceGroupManager(\"igm\", {\n name: \"igm-internal\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n zone: \"us-central1-f\",\n targetSize: 1,\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"check-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n backends: [{\n group: igm.instanceGroup,\n balancingMode: \"RATE\",\n capacityScaler: 0.4,\n maxRatePerInstance: 50,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n ipAddress: \"0.0.0.0\",\n metadataFilters: [{\n filterMatchCriteria: \"MATCH_ANY\",\n filterLabels: [{\n name: \"PLANET\",\n value: \"MARS\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": \"default\",\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }])\nigm = gcp.compute.InstanceGroupManager(\"igm\",\n name=\"igm-internal\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n zone=\"us-central1-f\",\n target_size=1)\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"check-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n backends=[{\n \"group\": igm.instance_group,\n \"balancing_mode\": \"RATE\",\n \"capacity_scaler\": 0.4,\n \"max_rate_per_instance\": 50,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n ip_address=\"0.0.0.0\",\n metadata_filters=[{\n \"filter_match_criteria\": \"MATCH_ANY\",\n \"filter_labels\": [{\n \"name\": \"PLANET\",\n \"value\": \"MARS\",\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n });\n\n var igm = new Gcp.Compute.InstanceGroupManager(\"igm\", new()\n {\n Name = \"igm-internal\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n Zone = \"us-central1-f\",\n TargetSize = 1,\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = igm.InstanceGroup,\n BalancingMode = \"RATE\",\n CapacityScaler = 0.4,\n MaxRatePerInstance = 50,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n IpAddress = \"0.0.0.0\",\n MetadataFilters = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs\n {\n FilterMatchCriteria = \"MATCH_ANY\",\n FilterLabels = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs\n {\n Name = \"PLANET\",\n Value = \"MARS\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tigm, err := compute.NewInstanceGroupManager(ctx, \"igm\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"igm-internal\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: igm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(0.4),\n\t\t\t\t\tMaxRatePerInstance: pulumi.Float64(50),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tIpAddress: pulumi.String(\"0.0.0.0\"),\n\t\t\tMetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{\n\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterArgs{\n\t\t\t\t\tFilterMatchCriteria: pulumi.String(\"MATCH_ANY\"),\n\t\t\t\t\tFilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{\n\t\t\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"PLANET\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"MARS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .build());\n\n var igm = new InstanceGroupManager(\"igm\", InstanceGroupManagerArgs.builder()\n .name(\"igm-internal\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .zone(\"us-central1-f\")\n .targetSize(1)\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"check-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .backends(BackendServiceBackendArgs.builder()\n .group(igm.instanceGroup())\n .balancingMode(\"RATE\")\n .capacityScaler(0.4)\n .maxRatePerInstance(50)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .ipAddress(\"0.0.0.0\")\n .metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()\n .filterMatchCriteria(\"MATCH_ANY\")\n .filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()\n .name(\"PLANET\")\n .value(\"MARS\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n ipAddress: 0.0.0.0\n metadataFilters:\n - filterMatchCriteria: MATCH_ANY\n filterLabels:\n - name: PLANET\n value: MARS\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n backends:\n - group: ${igm.instanceGroup}\n balancingMode: RATE\n capacityScaler: 0.4\n maxRatePerInstance: 50\n healthChecks: ${defaultHealthCheck.id}\n igm:\n type: gcp:compute:InstanceGroupManager\n properties:\n name: igm-internal\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n zone: us-central1-f\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-backend\n machineType: e2-medium\n networkInterfaces:\n - network: default\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: check-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule External Managed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: EXTERNAL_MANAGED\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: EXTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Hybrid\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst config = new pulumi.Config();\nconst subnetworkCidr = config.get(\"subnetworkCidr\") || \"10.0.0.0/24\";\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst internal = new gcp.compute.Network(\"internal\", {\n name: \"my-internal-network\",\n autoCreateSubnetworks: false,\n});\nconst internalSubnetwork = new gcp.compute.Subnetwork(\"internal\", {\n name: \"my-subnetwork\",\n network: internal.id,\n ipCidrRange: subnetworkCidr,\n region: \"us-central1\",\n privateIpGoogleAccess: true,\n});\n// Zonal NEG with GCE_VM_IP_PORT\nconst defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"default\", {\n name: \"default-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP_PORT\",\n});\n// Zonal NEG with GCE_VM_IP\nconst internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"internal\", {\n name: \"internal-neg\",\n network: internal.id,\n subnetwork: internalSubnetwork.id,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP\",\n});\n// Hybrid connectivity NEG\nconst hybrid = new gcp.compute.NetworkEndpointGroup(\"hybrid\", {\n name: \"hybrid-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"NON_GCP_PRIVATE_IP_PORT\",\n});\nconst hybrid_endpoint = new gcp.compute.NetworkEndpoint(\"hybrid-endpoint\", {\n networkEndpointGroup: hybrid.name,\n port: hybrid.defaultPort,\n ipAddress: \"127.0.0.1\",\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"health-check\",\n timeoutSec: 1,\n checkIntervalSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\n// Backend service for Zonal NEG\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-default\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: defaultNetworkEndpointGroup.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\n// Backgend service for Hybrid NEG\nconst hybridBackendService = new gcp.compute.BackendService(\"hybrid\", {\n name: \"backend-hybrid\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: hybrid.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [\n {\n paths: [\"/*\"],\n service: defaultBackendService.id,\n },\n {\n paths: [\"/hybrid\"],\n service: hybridBackendService.id,\n },\n ],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconfig = pulumi.Config()\nsubnetwork_cidr = config.get(\"subnetworkCidr\")\nif subnetwork_cidr is None:\n subnetwork_cidr = \"10.0.0.0/24\"\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\ninternal = gcp.compute.Network(\"internal\",\n name=\"my-internal-network\",\n auto_create_subnetworks=False)\ninternal_subnetwork = gcp.compute.Subnetwork(\"internal\",\n name=\"my-subnetwork\",\n network=internal.id,\n ip_cidr_range=subnetwork_cidr,\n region=\"us-central1\",\n private_ip_google_access=True)\n# Zonal NEG with GCE_VM_IP_PORT\ndefault_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"default\",\n name=\"default-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP_PORT\")\n# Zonal NEG with GCE_VM_IP\ninternal_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"internal\",\n name=\"internal-neg\",\n network=internal.id,\n subnetwork=internal_subnetwork.id,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP\")\n# Hybrid connectivity NEG\nhybrid = gcp.compute.NetworkEndpointGroup(\"hybrid\",\n name=\"hybrid-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"NON_GCP_PRIVATE_IP_PORT\")\nhybrid_endpoint = gcp.compute.NetworkEndpoint(\"hybrid-endpoint\",\n network_endpoint_group=hybrid.name,\n port=hybrid.default_port,\n ip_address=\"127.0.0.1\")\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"health-check\",\n timeout_sec=1,\n check_interval_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\n# Backend service for Zonal NEG\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-default\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": default_network_endpoint_group.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\n# Backgend service for Hybrid NEG\nhybrid_backend_service = gcp.compute.BackendService(\"hybrid\",\n name=\"backend-hybrid\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": hybrid.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [\n {\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n },\n {\n \"paths\": [\"/hybrid\"],\n \"service\": hybrid_backend_service.id,\n },\n ],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetworkCidr = config.Get(\"subnetworkCidr\") ?? \"10.0.0.0/24\";\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var @internal = new Gcp.Compute.Network(\"internal\", new()\n {\n Name = \"my-internal-network\",\n AutoCreateSubnetworks = false,\n });\n\n var internalSubnetwork = new Gcp.Compute.Subnetwork(\"internal\", new()\n {\n Name = \"my-subnetwork\",\n Network = @internal.Id,\n IpCidrRange = subnetworkCidr,\n Region = \"us-central1\",\n PrivateIpGoogleAccess = true,\n });\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"default\", new()\n {\n Name = \"default-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP_PORT\",\n });\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"internal\", new()\n {\n Name = \"internal-neg\",\n Network = @internal.Id,\n Subnetwork = internalSubnetwork.Id,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP\",\n });\n\n // Hybrid connectivity NEG\n var hybrid = new Gcp.Compute.NetworkEndpointGroup(\"hybrid\", new()\n {\n Name = \"hybrid-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"NON_GCP_PRIVATE_IP_PORT\",\n });\n\n var hybrid_endpoint = new Gcp.Compute.NetworkEndpoint(\"hybrid-endpoint\", new()\n {\n NetworkEndpointGroup = hybrid.Name,\n Port = hybrid.DefaultPort,\n IpAddress = \"127.0.0.1\",\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"health-check\",\n TimeoutSec = 1,\n CheckIntervalSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n // Backend service for Zonal NEG\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-default\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = defaultNetworkEndpointGroup.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new Gcp.Compute.BackendService(\"hybrid\", new()\n {\n Name = \"backend-hybrid\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = hybrid.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/hybrid\",\n },\n Service = hybridBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetworkCidr := \"10.0.0.0/24\"\n\t\tif param := cfg.Get(\"subnetworkCidr\"); param != \"\" {\n\t\t\tsubnetworkCidr = param\n\t\t}\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternal, err := compute.NewNetwork(ctx, \"internal\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-internal-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalSubnetwork, err := compute.NewSubnetwork(ctx, \"internal\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tIpCidrRange: pulumi.String(subnetworkCidr),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP_PORT\n\t\tdefaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, \"default\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"default-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"internal\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"internal-neg\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tSubnetwork: internalSubnetwork.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Hybrid connectivity NEG\n\t\thybrid, err := compute.NewNetworkEndpointGroup(ctx, \"hybrid\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"hybrid-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"NON_GCP_PRIVATE_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpoint(ctx, \"hybrid-endpoint\", \u0026compute.NetworkEndpointArgs{\n\t\t\tNetworkEndpointGroup: hybrid.Name,\n\t\t\tPort: hybrid.DefaultPort,\n\t\t\tIpAddress: pulumi.String(\"127.0.0.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backend service for Zonal NEG\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-default\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: defaultNetworkEndpointGroup.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backgend service for Hybrid NEG\n\t\thybridBackendService, err := compute.NewBackendService(ctx, \"hybrid\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-hybrid\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: hybrid.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/hybrid\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: hybridBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.NetworkEndpoint;\nimport com.pulumi.gcp.compute.NetworkEndpointArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetworkCidr = config.get(\"subnetworkCidr\").orElse(\"10.0.0.0/24\");\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var internal = new Network(\"internal\", NetworkArgs.builder()\n .name(\"my-internal-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var internalSubnetwork = new Subnetwork(\"internalSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .network(internal.id())\n .ipCidrRange(subnetworkCidr)\n .region(\"us-central1\")\n .privateIpGoogleAccess(true)\n .build());\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new NetworkEndpointGroup(\"defaultNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"default-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP_PORT\")\n .build());\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new NetworkEndpointGroup(\"internalNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"internal-neg\")\n .network(internal.id())\n .subnetwork(internalSubnetwork.id())\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP\")\n .build());\n\n // Hybrid connectivity NEG\n var hybrid = new NetworkEndpointGroup(\"hybrid\", NetworkEndpointGroupArgs.builder()\n .name(\"hybrid-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"NON_GCP_PRIVATE_IP_PORT\")\n .build());\n\n var hybrid_endpoint = new NetworkEndpoint(\"hybrid-endpoint\", NetworkEndpointArgs.builder()\n .networkEndpointGroup(hybrid.name())\n .port(hybrid.defaultPort())\n .ipAddress(\"127.0.0.1\")\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"health-check\")\n .timeoutSec(1)\n .checkIntervalSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n // Backend service for Zonal NEG\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-default\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(defaultNetworkEndpointGroup.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new BackendService(\"hybridBackendService\", BackendServiceArgs.builder()\n .name(\"backend-hybrid\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(hybrid.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules( \n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build(),\n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/hybrid\")\n .service(hybridBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid\n subnetworkCidr:\n type: string\n default: 10.0.0.0/24\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n internal:\n type: gcp:compute:Network\n properties:\n name: my-internal-network\n autoCreateSubnetworks: false\n internalSubnetwork:\n type: gcp:compute:Subnetwork\n name: internal\n properties:\n name: my-subnetwork\n network: ${internal.id}\n ipCidrRange: ${subnetworkCidr}\n region: us-central1\n privateIpGoogleAccess: true\n # Zonal NEG with GCE_VM_IP_PORT\n defaultNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: default\n properties:\n name: default-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP_PORT\n # Zonal NEG with GCE_VM_IP\n internalNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: internal\n properties:\n name: internal-neg\n network: ${internal.id}\n subnetwork: ${internalSubnetwork.id}\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP\n # Hybrid connectivity NEG\n hybrid:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: hybrid-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: NON_GCP_PRIVATE_IP_PORT\n hybrid-endpoint:\n type: gcp:compute:NetworkEndpoint\n properties:\n networkEndpointGroup: ${hybrid.name}\n port: ${hybrid.defaultPort}\n ipAddress: 127.0.0.1\n # Backend service for Zonal NEG\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-default\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${defaultNetworkEndpointGroup.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n # Backgend service for Hybrid NEG\n hybridBackendService:\n type: gcp:compute:BackendService\n name: hybrid\n properties:\n name: backend-hybrid\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${hybrid.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: health-check\n timeoutSec: 1\n checkIntervalSec: 1\n tcpHealthCheck:\n port: '80'\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n - paths:\n - /hybrid\n service: ${hybridBackendService.id}\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n serviceDirectoryRegistrations: {\n namespace: \"sd-namespace\",\n serviceDirectoryRegion: \"europe-west3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n service_directory_registrations={\n \"namespace\": \"sd-namespace\",\n \"service_directory_region\": \"europe-west3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs\n {\n Namespace = \"sd-namespace\",\n ServiceDirectoryRegion = \"europe-west3\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tServiceDirectoryRegistrations: \u0026compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{\n\t\t\t\tNamespace: pulumi.String(\"sd-namespace\"),\n\t\t\t\tServiceDirectoryRegion: pulumi.String(\"europe-west3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()\n .namespace(\"sd-namespace\")\n .serviceDirectoryRegion(\"europe-west3\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme: \"\"\n serviceDirectoryRegistrations:\n namespace: sd-namespace\n serviceDirectoryRegion: europe-west3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis No Automate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n noAutomateDnsZone: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n no_automate_dns_zone=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n NoAutomateDnsZone = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNoAutomateDnsZone: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .noAutomateDnsZone(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme: \"\"\n noAutomateDnsZone: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGlobalForwardingRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/forwardingRules/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GlobalForwardingRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}\n```\n\n", + "description": "Represents a GlobalForwardingRule resource. Global forwarding rules are\nused to forward traffic to the correct load balancer for HTTP load\nbalancing. Global forwarding rules can only be used for HTTP load\nbalancing.\n\nFor more information, see https://cloud.google.com/compute/docs/load-balancing/http/\n\n\n\n## Example Usage\n\n### Global Forwarding Rule Http\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck(\"default\", {\n name: \"check-backend\",\n requestPath: \"/\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n healthChecks: defaultHttpHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_http_health_check = gcp.compute.HttpHealthCheck(\"default\",\n name=\"check-backend\",\n request_path=\"/\",\n check_interval_sec=1,\n timeout_sec=1)\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n health_checks=default_http_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n RequestPath = \"/\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n HealthChecks = defaultHttpHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, \"default\", \u0026compute.HttpHealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tRequestPath: pulumi.String(\"/\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tHealthChecks: defaultHttpHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.HttpHealthCheck;\nimport com.pulumi.gcp.compute.HttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultHttpHealthCheck = new HttpHealthCheck(\"defaultHttpHealthCheck\", HttpHealthCheckArgs.builder()\n .name(\"check-backend\")\n .requestPath(\"/\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .healthChecks(defaultHttpHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n healthChecks: ${defaultHttpHealthCheck.id}\n defaultHttpHealthCheck:\n type: gcp:compute:HttpHealthCheck\n name: default\n properties:\n name: check-backend\n requestPath: /\n checkIntervalSec: 1\n timeoutSec: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Internal\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst debianImage = gcp.compute.getImage({\n family: \"debian-11\",\n project: \"debian-cloud\",\n});\nconst instanceTemplate = new gcp.compute.InstanceTemplate(\"instance_template\", {\n name: \"template-backend\",\n machineType: \"e2-medium\",\n networkInterfaces: [{\n network: \"default\",\n }],\n disks: [{\n sourceImage: debianImage.then(debianImage =\u003e debianImage.selfLink),\n autoDelete: true,\n boot: true,\n }],\n});\nconst igm = new gcp.compute.InstanceGroupManager(\"igm\", {\n name: \"igm-internal\",\n versions: [{\n instanceTemplate: instanceTemplate.id,\n name: \"primary\",\n }],\n baseInstanceName: \"internal-glb\",\n zone: \"us-central1-f\",\n targetSize: 1,\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"check-backend\",\n checkIntervalSec: 1,\n timeoutSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n backends: [{\n group: igm.instanceGroup,\n balancingMode: \"RATE\",\n capacityScaler: 0.4,\n maxRatePerInstance: 50,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"INTERNAL_SELF_MANAGED\",\n ipAddress: \"0.0.0.0\",\n metadataFilters: [{\n filterMatchCriteria: \"MATCH_ANY\",\n filterLabels: [{\n name: \"PLANET\",\n value: \"MARS\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndebian_image = gcp.compute.get_image(family=\"debian-11\",\n project=\"debian-cloud\")\ninstance_template = gcp.compute.InstanceTemplate(\"instance_template\",\n name=\"template-backend\",\n machine_type=\"e2-medium\",\n network_interfaces=[{\n \"network\": \"default\",\n }],\n disks=[{\n \"source_image\": debian_image.self_link,\n \"auto_delete\": True,\n \"boot\": True,\n }])\nigm = gcp.compute.InstanceGroupManager(\"igm\",\n name=\"igm-internal\",\n versions=[{\n \"instance_template\": instance_template.id,\n \"name\": \"primary\",\n }],\n base_instance_name=\"internal-glb\",\n zone=\"us-central1-f\",\n target_size=1)\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"check-backend\",\n check_interval_sec=1,\n timeout_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n backends=[{\n \"group\": igm.instance_group,\n \"balancing_mode\": \"RATE\",\n \"capacity_scaler\": 0.4,\n \"max_rate_per_instance\": 50,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"INTERNAL_SELF_MANAGED\",\n ip_address=\"0.0.0.0\",\n metadata_filters=[{\n \"filter_match_criteria\": \"MATCH_ANY\",\n \"filter_labels\": [{\n \"name\": \"PLANET\",\n \"value\": \"MARS\",\n }],\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var debianImage = Gcp.Compute.GetImage.Invoke(new()\n {\n Family = \"debian-11\",\n Project = \"debian-cloud\",\n });\n\n var instanceTemplate = new Gcp.Compute.InstanceTemplate(\"instance_template\", new()\n {\n Name = \"template-backend\",\n MachineType = \"e2-medium\",\n NetworkInterfaces = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs\n {\n Network = \"default\",\n },\n },\n Disks = new[]\n {\n new Gcp.Compute.Inputs.InstanceTemplateDiskArgs\n {\n SourceImage = debianImage.Apply(getImageResult =\u003e getImageResult.SelfLink),\n AutoDelete = true,\n Boot = true,\n },\n },\n });\n\n var igm = new Gcp.Compute.InstanceGroupManager(\"igm\", new()\n {\n Name = \"igm-internal\",\n Versions = new[]\n {\n new Gcp.Compute.Inputs.InstanceGroupManagerVersionArgs\n {\n InstanceTemplate = instanceTemplate.Id,\n Name = \"primary\",\n },\n },\n BaseInstanceName = \"internal-glb\",\n Zone = \"us-central1-f\",\n TargetSize = 1,\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"check-backend\",\n CheckIntervalSec = 1,\n TimeoutSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = igm.InstanceGroup,\n BalancingMode = \"RATE\",\n CapacityScaler = 0.4,\n MaxRatePerInstance = 50,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"INTERNAL_SELF_MANAGED\",\n IpAddress = \"0.0.0.0\",\n MetadataFilters = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterArgs\n {\n FilterMatchCriteria = \"MATCH_ANY\",\n FilterLabels = new[]\n {\n new Gcp.Compute.Inputs.GlobalForwardingRuleMetadataFilterFilterLabelArgs\n {\n Name = \"PLANET\",\n Value = \"MARS\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdebianImage, err := compute.LookupImage(ctx, \u0026compute.LookupImageArgs{\n\t\t\tFamily: pulumi.StringRef(\"debian-11\"),\n\t\t\tProject: pulumi.StringRef(\"debian-cloud\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstanceTemplate, err := compute.NewInstanceTemplate(ctx, \"instance_template\", \u0026compute.InstanceTemplateArgs{\n\t\t\tName: pulumi.String(\"template-backend\"),\n\t\t\tMachineType: pulumi.String(\"e2-medium\"),\n\t\t\tNetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{\n\t\t\t\t\u0026compute.InstanceTemplateNetworkInterfaceArgs{\n\t\t\t\t\tNetwork: pulumi.String(\"default\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDisks: compute.InstanceTemplateDiskArray{\n\t\t\t\t\u0026compute.InstanceTemplateDiskArgs{\n\t\t\t\t\tSourceImage: pulumi.String(debianImage.SelfLink),\n\t\t\t\t\tAutoDelete: pulumi.Bool(true),\n\t\t\t\t\tBoot: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tigm, err := compute.NewInstanceGroupManager(ctx, \"igm\", \u0026compute.InstanceGroupManagerArgs{\n\t\t\tName: pulumi.String(\"igm-internal\"),\n\t\t\tVersions: compute.InstanceGroupManagerVersionArray{\n\t\t\t\t\u0026compute.InstanceGroupManagerVersionArgs{\n\t\t\t\t\tInstanceTemplate: instanceTemplate.ID(),\n\t\t\t\t\tName: pulumi.String(\"primary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBaseInstanceName: pulumi.String(\"internal-glb\"),\n\t\t\tZone: pulumi.String(\"us-central1-f\"),\n\t\t\tTargetSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"check-backend\"),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: igm.InstanceGroup,\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tCapacityScaler: pulumi.Float64(0.4),\n\t\t\t\t\tMaxRatePerInstance: pulumi.Float64(50),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_SELF_MANAGED\"),\n\t\t\tIpAddress: pulumi.String(\"0.0.0.0\"),\n\t\t\tMetadataFilters: compute.GlobalForwardingRuleMetadataFilterArray{\n\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterArgs{\n\t\t\t\t\tFilterMatchCriteria: pulumi.String(\"MATCH_ANY\"),\n\t\t\t\t\tFilterLabels: compute.GlobalForwardingRuleMetadataFilterFilterLabelArray{\n\t\t\t\t\t\t\u0026compute.GlobalForwardingRuleMetadataFilterFilterLabelArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"PLANET\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"MARS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetImageArgs;\nimport com.pulumi.gcp.compute.InstanceTemplate;\nimport com.pulumi.gcp.compute.InstanceTemplateArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;\nimport com.pulumi.gcp.compute.InstanceGroupManager;\nimport com.pulumi.gcp.compute.InstanceGroupManagerArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceGroupManagerVersionArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleMetadataFilterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()\n .family(\"debian-11\")\n .project(\"debian-cloud\")\n .build());\n\n var instanceTemplate = new InstanceTemplate(\"instanceTemplate\", InstanceTemplateArgs.builder()\n .name(\"template-backend\")\n .machineType(\"e2-medium\")\n .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()\n .network(\"default\")\n .build())\n .disks(InstanceTemplateDiskArgs.builder()\n .sourceImage(debianImage.applyValue(getImageResult -\u003e getImageResult.selfLink()))\n .autoDelete(true)\n .boot(true)\n .build())\n .build());\n\n var igm = new InstanceGroupManager(\"igm\", InstanceGroupManagerArgs.builder()\n .name(\"igm-internal\")\n .versions(InstanceGroupManagerVersionArgs.builder()\n .instanceTemplate(instanceTemplate.id())\n .name(\"primary\")\n .build())\n .baseInstanceName(\"internal-glb\")\n .zone(\"us-central1-f\")\n .targetSize(1)\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"check-backend\")\n .checkIntervalSec(1)\n .timeoutSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .backends(BackendServiceBackendArgs.builder()\n .group(igm.instanceGroup())\n .balancingMode(\"RATE\")\n .capacityScaler(0.4)\n .maxRatePerInstance(50)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"INTERNAL_SELF_MANAGED\")\n .ipAddress(\"0.0.0.0\")\n .metadataFilters(GlobalForwardingRuleMetadataFilterArgs.builder()\n .filterMatchCriteria(\"MATCH_ANY\")\n .filterLabels(GlobalForwardingRuleMetadataFilterFilterLabelArgs.builder()\n .name(\"PLANET\")\n .value(\"MARS\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n ipAddress: 0.0.0.0\n metadataFilters:\n - filterMatchCriteria: MATCH_ANY\n filterLabels:\n - name: PLANET\n value: MARS\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: INTERNAL_SELF_MANAGED\n backends:\n - group: ${igm.instanceGroup}\n balancingMode: RATE\n capacityScaler: 0.4\n maxRatePerInstance: 50\n healthChecks: ${defaultHealthCheck.id}\n igm:\n type: gcp:compute:InstanceGroupManager\n properties:\n name: igm-internal\n versions:\n - instanceTemplate: ${instanceTemplate.id}\n name: primary\n baseInstanceName: internal-glb\n zone: us-central1-f\n targetSize: 1\n instanceTemplate:\n type: gcp:compute:InstanceTemplate\n name: instance_template\n properties:\n name: template-backend\n machineType: e2-medium\n networkInterfaces:\n - network: default\n disks:\n - sourceImage: ${debianImage.selfLink}\n autoDelete: true\n boot: true\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: check-backend\n checkIntervalSec: 1\n timeoutSec: 1\n tcpHealthCheck:\n port: '80'\nvariables:\n debianImage:\n fn::invoke:\n function: gcp:compute:getImage\n arguments:\n family: debian-11\n project: debian-cloud\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule External Managed\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [{\n paths: [\"/*\"],\n service: defaultBackendService.id,\n }],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst _default = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n loadBalancingScheme: \"EXTERNAL_MANAGED\",\n networkTier: \"PREMIUM\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n load_balancing_scheme=\"EXTERNAL_MANAGED\")\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [{\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n }],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\",\n load_balancing_scheme=\"EXTERNAL_MANAGED\",\n network_tier=\"PREMIUM\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var @default = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n LoadBalancingScheme = \"EXTERNAL_MANAGED\",\n NetworkTier = \"PREMIUM\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"EXTERNAL_MANAGED\"),\n\t\t\tNetworkTier: pulumi.String(\"PREMIUM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules(URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var default_ = new GlobalForwardingRule(\"default\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .loadBalancingScheme(\"EXTERNAL_MANAGED\")\n .networkTier(\"PREMIUM\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:GlobalForwardingRule\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n loadBalancingScheme: EXTERNAL_MANAGED\n networkTier: PREMIUM\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend\n portName: http\n protocol: HTTP\n timeoutSec: 10\n loadBalancingScheme: EXTERNAL_MANAGED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Global Forwarding Rule Hybrid\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst config = new pulumi.Config();\nconst subnetworkCidr = config.get(\"subnetworkCidr\") || \"10.0.0.0/24\";\nconst _default = new gcp.compute.Network(\"default\", {name: \"my-network\"});\nconst internal = new gcp.compute.Network(\"internal\", {\n name: \"my-internal-network\",\n autoCreateSubnetworks: false,\n});\nconst internalSubnetwork = new gcp.compute.Subnetwork(\"internal\", {\n name: \"my-subnetwork\",\n network: internal.id,\n ipCidrRange: subnetworkCidr,\n region: \"us-central1\",\n privateIpGoogleAccess: true,\n});\n// Zonal NEG with GCE_VM_IP_PORT\nconst defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"default\", {\n name: \"default-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP_PORT\",\n});\n// Zonal NEG with GCE_VM_IP\nconst internalNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup(\"internal\", {\n name: \"internal-neg\",\n network: internal.id,\n subnetwork: internalSubnetwork.id,\n zone: \"us-central1-a\",\n networkEndpointType: \"GCE_VM_IP\",\n});\n// Hybrid connectivity NEG\nconst hybrid = new gcp.compute.NetworkEndpointGroup(\"hybrid\", {\n name: \"hybrid-neg\",\n network: _default.id,\n defaultPort: 90,\n zone: \"us-central1-a\",\n networkEndpointType: \"NON_GCP_PRIVATE_IP_PORT\",\n});\nconst hybrid_endpoint = new gcp.compute.NetworkEndpoint(\"hybrid-endpoint\", {\n networkEndpointGroup: hybrid.name,\n port: hybrid.defaultPort,\n ipAddress: \"127.0.0.1\",\n});\nconst defaultHealthCheck = new gcp.compute.HealthCheck(\"default\", {\n name: \"health-check\",\n timeoutSec: 1,\n checkIntervalSec: 1,\n tcpHealthCheck: {\n port: 80,\n },\n});\n// Backend service for Zonal NEG\nconst defaultBackendService = new gcp.compute.BackendService(\"default\", {\n name: \"backend-default\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: defaultNetworkEndpointGroup.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\n// Backgend service for Hybrid NEG\nconst hybridBackendService = new gcp.compute.BackendService(\"hybrid\", {\n name: \"backend-hybrid\",\n portName: \"http\",\n protocol: \"HTTP\",\n timeoutSec: 10,\n backends: [{\n group: hybrid.id,\n balancingMode: \"RATE\",\n maxRatePerEndpoint: 10,\n }],\n healthChecks: defaultHealthCheck.id,\n});\nconst defaultURLMap = new gcp.compute.URLMap(\"default\", {\n name: \"url-map-target-proxy\",\n description: \"a description\",\n defaultService: defaultBackendService.id,\n hostRules: [{\n hosts: [\"mysite.com\"],\n pathMatcher: \"allpaths\",\n }],\n pathMatchers: [{\n name: \"allpaths\",\n defaultService: defaultBackendService.id,\n pathRules: [\n {\n paths: [\"/*\"],\n service: defaultBackendService.id,\n },\n {\n paths: [\"/hybrid\"],\n service: hybridBackendService.id,\n },\n ],\n }],\n});\nconst defaultTargetHttpProxy = new gcp.compute.TargetHttpProxy(\"default\", {\n name: \"target-proxy\",\n description: \"a description\",\n urlMap: defaultURLMap.id,\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n name: \"global-rule\",\n target: defaultTargetHttpProxy.id,\n portRange: \"80\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconfig = pulumi.Config()\nsubnetwork_cidr = config.get(\"subnetworkCidr\")\nif subnetwork_cidr is None:\n subnetwork_cidr = \"10.0.0.0/24\"\ndefault = gcp.compute.Network(\"default\", name=\"my-network\")\ninternal = gcp.compute.Network(\"internal\",\n name=\"my-internal-network\",\n auto_create_subnetworks=False)\ninternal_subnetwork = gcp.compute.Subnetwork(\"internal\",\n name=\"my-subnetwork\",\n network=internal.id,\n ip_cidr_range=subnetwork_cidr,\n region=\"us-central1\",\n private_ip_google_access=True)\n# Zonal NEG with GCE_VM_IP_PORT\ndefault_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"default\",\n name=\"default-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP_PORT\")\n# Zonal NEG with GCE_VM_IP\ninternal_network_endpoint_group = gcp.compute.NetworkEndpointGroup(\"internal\",\n name=\"internal-neg\",\n network=internal.id,\n subnetwork=internal_subnetwork.id,\n zone=\"us-central1-a\",\n network_endpoint_type=\"GCE_VM_IP\")\n# Hybrid connectivity NEG\nhybrid = gcp.compute.NetworkEndpointGroup(\"hybrid\",\n name=\"hybrid-neg\",\n network=default.id,\n default_port=90,\n zone=\"us-central1-a\",\n network_endpoint_type=\"NON_GCP_PRIVATE_IP_PORT\")\nhybrid_endpoint = gcp.compute.NetworkEndpoint(\"hybrid-endpoint\",\n network_endpoint_group=hybrid.name,\n port=hybrid.default_port,\n ip_address=\"127.0.0.1\")\ndefault_health_check = gcp.compute.HealthCheck(\"default\",\n name=\"health-check\",\n timeout_sec=1,\n check_interval_sec=1,\n tcp_health_check={\n \"port\": 80,\n })\n# Backend service for Zonal NEG\ndefault_backend_service = gcp.compute.BackendService(\"default\",\n name=\"backend-default\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": default_network_endpoint_group.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\n# Backgend service for Hybrid NEG\nhybrid_backend_service = gcp.compute.BackendService(\"hybrid\",\n name=\"backend-hybrid\",\n port_name=\"http\",\n protocol=\"HTTP\",\n timeout_sec=10,\n backends=[{\n \"group\": hybrid.id,\n \"balancing_mode\": \"RATE\",\n \"max_rate_per_endpoint\": 10,\n }],\n health_checks=default_health_check.id)\ndefault_url_map = gcp.compute.URLMap(\"default\",\n name=\"url-map-target-proxy\",\n description=\"a description\",\n default_service=default_backend_service.id,\n host_rules=[{\n \"hosts\": [\"mysite.com\"],\n \"path_matcher\": \"allpaths\",\n }],\n path_matchers=[{\n \"name\": \"allpaths\",\n \"default_service\": default_backend_service.id,\n \"path_rules\": [\n {\n \"paths\": [\"/*\"],\n \"service\": default_backend_service.id,\n },\n {\n \"paths\": [\"/hybrid\"],\n \"service\": hybrid_backend_service.id,\n },\n ],\n }])\ndefault_target_http_proxy = gcp.compute.TargetHttpProxy(\"default\",\n name=\"target-proxy\",\n description=\"a description\",\n url_map=default_url_map.id)\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n name=\"global-rule\",\n target=default_target_http_proxy.id,\n port_range=\"80\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetworkCidr = config.Get(\"subnetworkCidr\") ?? \"10.0.0.0/24\";\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"my-network\",\n });\n\n var @internal = new Gcp.Compute.Network(\"internal\", new()\n {\n Name = \"my-internal-network\",\n AutoCreateSubnetworks = false,\n });\n\n var internalSubnetwork = new Gcp.Compute.Subnetwork(\"internal\", new()\n {\n Name = \"my-subnetwork\",\n Network = @internal.Id,\n IpCidrRange = subnetworkCidr,\n Region = \"us-central1\",\n PrivateIpGoogleAccess = true,\n });\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"default\", new()\n {\n Name = \"default-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP_PORT\",\n });\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup(\"internal\", new()\n {\n Name = \"internal-neg\",\n Network = @internal.Id,\n Subnetwork = internalSubnetwork.Id,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"GCE_VM_IP\",\n });\n\n // Hybrid connectivity NEG\n var hybrid = new Gcp.Compute.NetworkEndpointGroup(\"hybrid\", new()\n {\n Name = \"hybrid-neg\",\n Network = @default.Id,\n DefaultPort = 90,\n Zone = \"us-central1-a\",\n NetworkEndpointType = \"NON_GCP_PRIVATE_IP_PORT\",\n });\n\n var hybrid_endpoint = new Gcp.Compute.NetworkEndpoint(\"hybrid-endpoint\", new()\n {\n NetworkEndpointGroup = hybrid.Name,\n Port = hybrid.DefaultPort,\n IpAddress = \"127.0.0.1\",\n });\n\n var defaultHealthCheck = new Gcp.Compute.HealthCheck(\"default\", new()\n {\n Name = \"health-check\",\n TimeoutSec = 1,\n CheckIntervalSec = 1,\n TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n // Backend service for Zonal NEG\n var defaultBackendService = new Gcp.Compute.BackendService(\"default\", new()\n {\n Name = \"backend-default\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = defaultNetworkEndpointGroup.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new Gcp.Compute.BackendService(\"hybrid\", new()\n {\n Name = \"backend-hybrid\",\n PortName = \"http\",\n Protocol = \"HTTP\",\n TimeoutSec = 10,\n Backends = new[]\n {\n new Gcp.Compute.Inputs.BackendServiceBackendArgs\n {\n Group = hybrid.Id,\n BalancingMode = \"RATE\",\n MaxRatePerEndpoint = 10,\n },\n },\n HealthChecks = defaultHealthCheck.Id,\n });\n\n var defaultURLMap = new Gcp.Compute.URLMap(\"default\", new()\n {\n Name = \"url-map-target-proxy\",\n Description = \"a description\",\n DefaultService = defaultBackendService.Id,\n HostRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapHostRuleArgs\n {\n Hosts = new[]\n {\n \"mysite.com\",\n },\n PathMatcher = \"allpaths\",\n },\n },\n PathMatchers = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherArgs\n {\n Name = \"allpaths\",\n DefaultService = defaultBackendService.Id,\n PathRules = new[]\n {\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/*\",\n },\n Service = defaultBackendService.Id,\n },\n new Gcp.Compute.Inputs.URLMapPathMatcherPathRuleArgs\n {\n Paths = new[]\n {\n \"/hybrid\",\n },\n Service = hybridBackendService.Id,\n },\n },\n },\n },\n });\n\n var defaultTargetHttpProxy = new Gcp.Compute.TargetHttpProxy(\"default\", new()\n {\n Name = \"target-proxy\",\n Description = \"a description\",\n UrlMap = defaultURLMap.Id,\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Name = \"global-rule\",\n Target = defaultTargetHttpProxy.Id,\n PortRange = \"80\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetworkCidr := \"10.0.0.0/24\"\n\t\tif param := cfg.Get(\"subnetworkCidr\"); param != \"\" {\n\t\t\tsubnetworkCidr = param\n\t\t}\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternal, err := compute.NewNetwork(ctx, \"internal\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"my-internal-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinternalSubnetwork, err := compute.NewSubnetwork(ctx, \"internal\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tIpCidrRange: pulumi.String(subnetworkCidr),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP_PORT\n\t\tdefaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, \"default\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"default-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Zonal NEG with GCE_VM_IP\n\t\t_, err = compute.NewNetworkEndpointGroup(ctx, \"internal\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"internal-neg\"),\n\t\t\tNetwork: internal.ID(),\n\t\t\tSubnetwork: internalSubnetwork.ID(),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"GCE_VM_IP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Hybrid connectivity NEG\n\t\thybrid, err := compute.NewNetworkEndpointGroup(ctx, \"hybrid\", \u0026compute.NetworkEndpointGroupArgs{\n\t\t\tName: pulumi.String(\"hybrid-neg\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tDefaultPort: pulumi.Int(90),\n\t\t\tZone: pulumi.String(\"us-central1-a\"),\n\t\t\tNetworkEndpointType: pulumi.String(\"NON_GCP_PRIVATE_IP_PORT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewNetworkEndpoint(ctx, \"hybrid-endpoint\", \u0026compute.NetworkEndpointArgs{\n\t\t\tNetworkEndpointGroup: hybrid.Name,\n\t\t\tPort: hybrid.DefaultPort,\n\t\t\tIpAddress: pulumi.String(\"127.0.0.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHealthCheck, err := compute.NewHealthCheck(ctx, \"default\", \u0026compute.HealthCheckArgs{\n\t\t\tName: pulumi.String(\"health-check\"),\n\t\t\tTimeoutSec: pulumi.Int(1),\n\t\t\tCheckIntervalSec: pulumi.Int(1),\n\t\t\tTcpHealthCheck: \u0026compute.HealthCheckTcpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backend service for Zonal NEG\n\t\tdefaultBackendService, err := compute.NewBackendService(ctx, \"default\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-default\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: defaultNetworkEndpointGroup.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Backgend service for Hybrid NEG\n\t\thybridBackendService, err := compute.NewBackendService(ctx, \"hybrid\", \u0026compute.BackendServiceArgs{\n\t\t\tName: pulumi.String(\"backend-hybrid\"),\n\t\t\tPortName: pulumi.String(\"http\"),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTimeoutSec: pulumi.Int(10),\n\t\t\tBackends: compute.BackendServiceBackendArray{\n\t\t\t\t\u0026compute.BackendServiceBackendArgs{\n\t\t\t\t\tGroup: hybrid.ID(),\n\t\t\t\t\tBalancingMode: pulumi.String(\"RATE\"),\n\t\t\t\t\tMaxRatePerEndpoint: pulumi.Float64(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthChecks: defaultHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultURLMap, err := compute.NewURLMap(ctx, \"default\", \u0026compute.URLMapArgs{\n\t\t\tName: pulumi.String(\"url-map-target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\tHostRules: compute.URLMapHostRuleArray{\n\t\t\t\t\u0026compute.URLMapHostRuleArgs{\n\t\t\t\t\tHosts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"mysite.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tPathMatcher: pulumi.String(\"allpaths\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPathMatchers: compute.URLMapPathMatcherArray{\n\t\t\t\t\u0026compute.URLMapPathMatcherArgs{\n\t\t\t\t\tName: pulumi.String(\"allpaths\"),\n\t\t\t\t\tDefaultService: defaultBackendService.ID(),\n\t\t\t\t\tPathRules: compute.URLMapPathMatcherPathRuleArray{\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: defaultBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026compute.URLMapPathMatcherPathRuleArgs{\n\t\t\t\t\t\t\tPaths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"/hybrid\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tService: hybridBackendService.ID(),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTargetHttpProxy, err := compute.NewTargetHttpProxy(ctx, \"default\", \u0026compute.TargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"target-proxy\"),\n\t\t\tDescription: pulumi.String(\"a description\"),\n\t\t\tUrlMap: defaultURLMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"global-rule\"),\n\t\t\tTarget: defaultTargetHttpProxy.ID(),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.NetworkEndpointGroup;\nimport com.pulumi.gcp.compute.NetworkEndpointGroupArgs;\nimport com.pulumi.gcp.compute.NetworkEndpoint;\nimport com.pulumi.gcp.compute.NetworkEndpointArgs;\nimport com.pulumi.gcp.compute.HealthCheck;\nimport com.pulumi.gcp.compute.HealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;\nimport com.pulumi.gcp.compute.BackendService;\nimport com.pulumi.gcp.compute.BackendServiceArgs;\nimport com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;\nimport com.pulumi.gcp.compute.URLMap;\nimport com.pulumi.gcp.compute.URLMapArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapHostRuleArgs;\nimport com.pulumi.gcp.compute.inputs.URLMapPathMatcherArgs;\nimport com.pulumi.gcp.compute.TargetHttpProxy;\nimport com.pulumi.gcp.compute.TargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetworkCidr = config.get(\"subnetworkCidr\").orElse(\"10.0.0.0/24\");\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"my-network\")\n .build());\n\n var internal = new Network(\"internal\", NetworkArgs.builder()\n .name(\"my-internal-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var internalSubnetwork = new Subnetwork(\"internalSubnetwork\", SubnetworkArgs.builder()\n .name(\"my-subnetwork\")\n .network(internal.id())\n .ipCidrRange(subnetworkCidr)\n .region(\"us-central1\")\n .privateIpGoogleAccess(true)\n .build());\n\n // Zonal NEG with GCE_VM_IP_PORT\n var defaultNetworkEndpointGroup = new NetworkEndpointGroup(\"defaultNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"default-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP_PORT\")\n .build());\n\n // Zonal NEG with GCE_VM_IP\n var internalNetworkEndpointGroup = new NetworkEndpointGroup(\"internalNetworkEndpointGroup\", NetworkEndpointGroupArgs.builder()\n .name(\"internal-neg\")\n .network(internal.id())\n .subnetwork(internalSubnetwork.id())\n .zone(\"us-central1-a\")\n .networkEndpointType(\"GCE_VM_IP\")\n .build());\n\n // Hybrid connectivity NEG\n var hybrid = new NetworkEndpointGroup(\"hybrid\", NetworkEndpointGroupArgs.builder()\n .name(\"hybrid-neg\")\n .network(default_.id())\n .defaultPort(\"90\")\n .zone(\"us-central1-a\")\n .networkEndpointType(\"NON_GCP_PRIVATE_IP_PORT\")\n .build());\n\n var hybrid_endpoint = new NetworkEndpoint(\"hybrid-endpoint\", NetworkEndpointArgs.builder()\n .networkEndpointGroup(hybrid.name())\n .port(hybrid.defaultPort())\n .ipAddress(\"127.0.0.1\")\n .build());\n\n var defaultHealthCheck = new HealthCheck(\"defaultHealthCheck\", HealthCheckArgs.builder()\n .name(\"health-check\")\n .timeoutSec(1)\n .checkIntervalSec(1)\n .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()\n .port(\"80\")\n .build())\n .build());\n\n // Backend service for Zonal NEG\n var defaultBackendService = new BackendService(\"defaultBackendService\", BackendServiceArgs.builder()\n .name(\"backend-default\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(defaultNetworkEndpointGroup.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n // Backgend service for Hybrid NEG\n var hybridBackendService = new BackendService(\"hybridBackendService\", BackendServiceArgs.builder()\n .name(\"backend-hybrid\")\n .portName(\"http\")\n .protocol(\"HTTP\")\n .timeoutSec(10)\n .backends(BackendServiceBackendArgs.builder()\n .group(hybrid.id())\n .balancingMode(\"RATE\")\n .maxRatePerEndpoint(10)\n .build())\n .healthChecks(defaultHealthCheck.id())\n .build());\n\n var defaultURLMap = new URLMap(\"defaultURLMap\", URLMapArgs.builder()\n .name(\"url-map-target-proxy\")\n .description(\"a description\")\n .defaultService(defaultBackendService.id())\n .hostRules(URLMapHostRuleArgs.builder()\n .hosts(\"mysite.com\")\n .pathMatcher(\"allpaths\")\n .build())\n .pathMatchers(URLMapPathMatcherArgs.builder()\n .name(\"allpaths\")\n .defaultService(defaultBackendService.id())\n .pathRules( \n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/*\")\n .service(defaultBackendService.id())\n .build(),\n URLMapPathMatcherPathRuleArgs.builder()\n .paths(\"/hybrid\")\n .service(hybridBackendService.id())\n .build())\n .build())\n .build());\n\n var defaultTargetHttpProxy = new TargetHttpProxy(\"defaultTargetHttpProxy\", TargetHttpProxyArgs.builder()\n .name(\"target-proxy\")\n .description(\"a description\")\n .urlMap(defaultURLMap.id())\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .name(\"global-rule\")\n .target(defaultTargetHttpProxy.id())\n .portRange(\"80\")\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Roughly mirrors https://cloud.google.com/load-balancing/docs/https/setting-up-ext-https-hybrid\n subnetworkCidr:\n type: string\n default: 10.0.0.0/24\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: my-network\n internal:\n type: gcp:compute:Network\n properties:\n name: my-internal-network\n autoCreateSubnetworks: false\n internalSubnetwork:\n type: gcp:compute:Subnetwork\n name: internal\n properties:\n name: my-subnetwork\n network: ${internal.id}\n ipCidrRange: ${subnetworkCidr}\n region: us-central1\n privateIpGoogleAccess: true\n # Zonal NEG with GCE_VM_IP_PORT\n defaultNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: default\n properties:\n name: default-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP_PORT\n # Zonal NEG with GCE_VM_IP\n internalNetworkEndpointGroup:\n type: gcp:compute:NetworkEndpointGroup\n name: internal\n properties:\n name: internal-neg\n network: ${internal.id}\n subnetwork: ${internalSubnetwork.id}\n zone: us-central1-a\n networkEndpointType: GCE_VM_IP\n # Hybrid connectivity NEG\n hybrid:\n type: gcp:compute:NetworkEndpointGroup\n properties:\n name: hybrid-neg\n network: ${default.id}\n defaultPort: '90'\n zone: us-central1-a\n networkEndpointType: NON_GCP_PRIVATE_IP_PORT\n hybrid-endpoint:\n type: gcp:compute:NetworkEndpoint\n properties:\n networkEndpointGroup: ${hybrid.name}\n port: ${hybrid.defaultPort}\n ipAddress: 127.0.0.1\n # Backend service for Zonal NEG\n defaultBackendService:\n type: gcp:compute:BackendService\n name: default\n properties:\n name: backend-default\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${defaultNetworkEndpointGroup.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n # Backgend service for Hybrid NEG\n hybridBackendService:\n type: gcp:compute:BackendService\n name: hybrid\n properties:\n name: backend-hybrid\n portName: http\n protocol: HTTP\n timeoutSec: 10\n backends:\n - group: ${hybrid.id}\n balancingMode: RATE\n maxRatePerEndpoint: 10\n healthChecks: ${defaultHealthCheck.id}\n defaultHealthCheck:\n type: gcp:compute:HealthCheck\n name: default\n properties:\n name: health-check\n timeoutSec: 1\n checkIntervalSec: 1\n tcpHealthCheck:\n port: '80'\n defaultURLMap:\n type: gcp:compute:URLMap\n name: default\n properties:\n name: url-map-target-proxy\n description: a description\n defaultService: ${defaultBackendService.id}\n hostRules:\n - hosts:\n - mysite.com\n pathMatcher: allpaths\n pathMatchers:\n - name: allpaths\n defaultService: ${defaultBackendService.id}\n pathRules:\n - paths:\n - /*\n service: ${defaultBackendService.id}\n - paths:\n - /hybrid\n service: ${hybridBackendService.id}\n defaultTargetHttpProxy:\n type: gcp:compute:TargetHttpProxy\n name: default\n properties:\n name: target-proxy\n description: a description\n urlMap: ${defaultURLMap.id}\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n name: global-rule\n target: ${defaultTargetHttpProxy.id}\n portRange: '80'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n serviceDirectoryRegistrations: {\n namespace: \"sd-namespace\",\n serviceDirectoryRegion: \"europe-west3\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n service_directory_registrations={\n \"namespace\": \"sd-namespace\",\n \"service_directory_region\": \"europe-west3\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs\n {\n Namespace = \"sd-namespace\",\n ServiceDirectoryRegion = \"europe-west3\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tServiceDirectoryRegistrations: \u0026compute.GlobalForwardingRuleServiceDirectoryRegistrationsArgs{\n\t\t\t\tNamespace: pulumi.String(\"sd-namespace\"),\n\t\t\t\tServiceDirectoryRegion: pulumi.String(\"europe-west3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport com.pulumi.gcp.compute.inputs.GlobalForwardingRuleServiceDirectoryRegistrationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .serviceDirectoryRegistrations(GlobalForwardingRuleServiceDirectoryRegistrationsArgs.builder()\n .namespace(\"sd-namespace\")\n .serviceDirectoryRegion(\"europe-west3\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme: \"\"\n serviceDirectoryRegistrations:\n namespace: sd-namespace\n serviceDirectoryRegion: europe-west3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Private Service Connect Google Apis No Automate Dns\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n project: \"my-project-name\",\n name: \"my-network\",\n autoCreateSubnetworks: false,\n});\nconst vpcSubnetwork = new gcp.compute.Subnetwork(\"vpc_subnetwork\", {\n project: network.project,\n name: \"my-subnetwork\",\n ipCidrRange: \"10.2.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n privateIpGoogleAccess: true,\n});\nconst _default = new gcp.compute.GlobalAddress(\"default\", {\n project: network.project,\n name: \"global-psconnect-ip\",\n addressType: \"INTERNAL\",\n purpose: \"PRIVATE_SERVICE_CONNECT\",\n network: network.id,\n address: \"100.100.100.106\",\n});\nconst defaultGlobalForwardingRule = new gcp.compute.GlobalForwardingRule(\"default\", {\n project: network.project,\n name: \"globalrule\",\n target: \"all-apis\",\n network: network.id,\n ipAddress: _default.id,\n loadBalancingScheme: \"\",\n noAutomateDnsZone: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n project=\"my-project-name\",\n name=\"my-network\",\n auto_create_subnetworks=False)\nvpc_subnetwork = gcp.compute.Subnetwork(\"vpc_subnetwork\",\n project=network.project,\n name=\"my-subnetwork\",\n ip_cidr_range=\"10.2.0.0/16\",\n region=\"us-central1\",\n network=network.id,\n private_ip_google_access=True)\ndefault = gcp.compute.GlobalAddress(\"default\",\n project=network.project,\n name=\"global-psconnect-ip\",\n address_type=\"INTERNAL\",\n purpose=\"PRIVATE_SERVICE_CONNECT\",\n network=network.id,\n address=\"100.100.100.106\")\ndefault_global_forwarding_rule = gcp.compute.GlobalForwardingRule(\"default\",\n project=network.project,\n name=\"globalrule\",\n target=\"all-apis\",\n network=network.id,\n ip_address=default.id,\n load_balancing_scheme=\"\",\n no_automate_dns_zone=False)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Project = \"my-project-name\",\n Name = \"my-network\",\n AutoCreateSubnetworks = false,\n });\n\n var vpcSubnetwork = new Gcp.Compute.Subnetwork(\"vpc_subnetwork\", new()\n {\n Project = network.Project,\n Name = \"my-subnetwork\",\n IpCidrRange = \"10.2.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n PrivateIpGoogleAccess = true,\n });\n\n var @default = new Gcp.Compute.GlobalAddress(\"default\", new()\n {\n Project = network.Project,\n Name = \"global-psconnect-ip\",\n AddressType = \"INTERNAL\",\n Purpose = \"PRIVATE_SERVICE_CONNECT\",\n Network = network.Id,\n Address = \"100.100.100.106\",\n });\n\n var defaultGlobalForwardingRule = new Gcp.Compute.GlobalForwardingRule(\"default\", new()\n {\n Project = network.Project,\n Name = \"globalrule\",\n Target = \"all-apis\",\n Network = network.Id,\n IpAddress = @default.Id,\n LoadBalancingScheme = \"\",\n NoAutomateDnsZone = false,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"my-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetwork(ctx, \"vpc_subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"my-subnetwork\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.2.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tPrivateIpGoogleAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalAddress(ctx, \"default\", \u0026compute.GlobalAddressArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"global-psconnect-ip\"),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"PRIVATE_SERVICE_CONNECT\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tAddress: pulumi.String(\"100.100.100.106\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewGlobalForwardingRule(ctx, \"default\", \u0026compute.GlobalForwardingRuleArgs{\n\t\t\tProject: network.Project,\n\t\t\tName: pulumi.String(\"globalrule\"),\n\t\t\tTarget: pulumi.String(\"all-apis\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tIpAddress: _default.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"\"),\n\t\t\tNoAutomateDnsZone: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.GlobalAddress;\nimport com.pulumi.gcp.compute.GlobalAddressArgs;\nimport com.pulumi.gcp.compute.GlobalForwardingRule;\nimport com.pulumi.gcp.compute.GlobalForwardingRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .project(\"my-project-name\")\n .name(\"my-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var vpcSubnetwork = new Subnetwork(\"vpcSubnetwork\", SubnetworkArgs.builder()\n .project(network.project())\n .name(\"my-subnetwork\")\n .ipCidrRange(\"10.2.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .privateIpGoogleAccess(true)\n .build());\n\n var default_ = new GlobalAddress(\"default\", GlobalAddressArgs.builder()\n .project(network.project())\n .name(\"global-psconnect-ip\")\n .addressType(\"INTERNAL\")\n .purpose(\"PRIVATE_SERVICE_CONNECT\")\n .network(network.id())\n .address(\"100.100.100.106\")\n .build());\n\n var defaultGlobalForwardingRule = new GlobalForwardingRule(\"defaultGlobalForwardingRule\", GlobalForwardingRuleArgs.builder()\n .project(network.project())\n .name(\"globalrule\")\n .target(\"all-apis\")\n .network(network.id())\n .ipAddress(default_.id())\n .loadBalancingScheme(\"\")\n .noAutomateDnsZone(false)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n project: my-project-name\n name: my-network\n autoCreateSubnetworks: false\n vpcSubnetwork:\n type: gcp:compute:Subnetwork\n name: vpc_subnetwork\n properties:\n project: ${network.project}\n name: my-subnetwork\n ipCidrRange: 10.2.0.0/16\n region: us-central1\n network: ${network.id}\n privateIpGoogleAccess: true\n default:\n type: gcp:compute:GlobalAddress\n properties:\n project: ${network.project}\n name: global-psconnect-ip\n addressType: INTERNAL\n purpose: PRIVATE_SERVICE_CONNECT\n network: ${network.id}\n address: 100.100.100.106\n defaultGlobalForwardingRule:\n type: gcp:compute:GlobalForwardingRule\n name: default\n properties:\n project: ${network.project}\n name: globalrule\n target: all-apis\n network: ${network.id}\n ipAddress: ${default.id}\n loadBalancingScheme: \"\"\n noAutomateDnsZone: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGlobalForwardingRule can be imported using any of these accepted formats:\n\n* `projects/{{project}}/global/forwardingRules/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, GlobalForwardingRule can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default projects/{{project}}/global/forwardingRules/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:compute/globalForwardingRule:GlobalForwardingRule default {{name}}\n```\n\n", "properties": { "allowPscGlobalAccess": { "type": "boolean", @@ -164343,6 +164834,10 @@ "type": "string", "description": "This field is not used for external load balancing.\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.\n" }, + "networkTier": { + "type": "string", + "description": "This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n`PREMIUM`, `STANDARD`.\nFor regional ForwardingRule, the valid values are `PREMIUM` and\n`STANDARD`. For GlobalForwardingRule, the valid value is\n`PREMIUM`.\nIf this field is not specified, it is assumed to be `PREMIUM`.\nIf `IPAddress` is specified, this value must be equal to the\nnetworkTier of the Address.\nPossible values are: `PREMIUM`, `STANDARD`.\n" + }, "noAutomateDnsZone": { "type": "boolean", "description": "This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.\n" @@ -164404,6 +164899,7 @@ "labelFingerprint", "name", "network", + "networkTier", "project", "pscConnectionId", "pscConnectionStatus", @@ -164469,6 +164965,11 @@ "description": "This field is not used for external load balancing.\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.\n", "willReplaceOnChanges": true }, + "networkTier": { + "type": "string", + "description": "This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n`PREMIUM`, `STANDARD`.\nFor regional ForwardingRule, the valid values are `PREMIUM` and\n`STANDARD`. For GlobalForwardingRule, the valid value is\n`PREMIUM`.\nIf this field is not specified, it is assumed to be `PREMIUM`.\nIf `IPAddress` is specified, this value must be equal to the\nnetworkTier of the Address.\nPossible values are: `PREMIUM`, `STANDARD`.\n", + "willReplaceOnChanges": true + }, "noAutomateDnsZone": { "type": "boolean", "description": "This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.\n", @@ -164588,6 +165089,11 @@ "description": "This field is not used for external load balancing.\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.\n", "willReplaceOnChanges": true }, + "networkTier": { + "type": "string", + "description": "This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n`PREMIUM`, `STANDARD`.\nFor regional ForwardingRule, the valid values are `PREMIUM` and\n`STANDARD`. For GlobalForwardingRule, the valid value is\n`PREMIUM`.\nIf this field is not specified, it is assumed to be `PREMIUM`.\nIf `IPAddress` is specified, this value must be equal to the\nnetworkTier of the Address.\nPossible values are: `PREMIUM`, `STANDARD`.\n", + "willReplaceOnChanges": true + }, "noAutomateDnsZone": { "type": "boolean", "description": "This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.\n", @@ -166467,8 +166973,7 @@ }, "metadataStartupScript": { "type": "string", - "description": "An alternative to using the\nstartup-script metadata key, except this one forces the instance to be recreated\n(thus re-running the script) if it is changed. This replaces the startup-script\nmetadata key on the created instance and thus the two mechanisms are not\nallowed to be used simultaneously. Users are free to use either mechanism - the\nonly distinction is that this separate attribute will cause a recreate on\nmodification. On import, `metadata_startup_script` will not be set - if you\nchoose to specify it you will see a diff immediately after import causing a\ndestroy/recreate operation. If importing an instance and specifying this value\nis desired, you will need to modify your state file.\n", - "willReplaceOnChanges": true + "description": "An alternative to using the\nstartup-script metadata key, except this one forces the instance to be recreated\n(thus re-running the script) if it is changed. This replaces the startup-script\nmetadata key on the created instance and thus the two mechanisms are not\nallowed to be used simultaneously. Users are free to use either mechanism - the\nonly distinction is that this separate attribute will cause a recreate on\nmodification. On import, `metadata_startup_script` will not be set - if you\nchoose to specify it you will see a diff immediately after import causing a\ndestroy/recreate operation. If importing an instance and specifying this value\nis desired, you will need to modify your state file.\n" }, "minCpuPlatform": { "type": "string", @@ -166674,8 +167179,7 @@ }, "metadataStartupScript": { "type": "string", - "description": "An alternative to using the\nstartup-script metadata key, except this one forces the instance to be recreated\n(thus re-running the script) if it is changed. This replaces the startup-script\nmetadata key on the created instance and thus the two mechanisms are not\nallowed to be used simultaneously. Users are free to use either mechanism - the\nonly distinction is that this separate attribute will cause a recreate on\nmodification. On import, `metadata_startup_script` will not be set - if you\nchoose to specify it you will see a diff immediately after import causing a\ndestroy/recreate operation. If importing an instance and specifying this value\nis desired, you will need to modify your state file.\n", - "willReplaceOnChanges": true + "description": "An alternative to using the\nstartup-script metadata key, except this one forces the instance to be recreated\n(thus re-running the script) if it is changed. This replaces the startup-script\nmetadata key on the created instance and thus the two mechanisms are not\nallowed to be used simultaneously. Users are free to use either mechanism - the\nonly distinction is that this separate attribute will cause a recreate on\nmodification. On import, `metadata_startup_script` will not be set - if you\nchoose to specify it you will see a diff immediately after import causing a\ndestroy/recreate operation. If importing an instance and specifying this value\nis desired, you will need to modify your state file.\n" }, "minCpuPlatform": { "type": "string", @@ -167102,8 +167606,7 @@ }, "metadataStartupScript": { "type": "string", - "description": "Metadata startup scripts made available within the instance.\n", - "willReplaceOnChanges": true + "description": "Metadata startup scripts made available within the instance.\n" }, "minCpuPlatform": { "type": "string", @@ -167305,8 +167808,7 @@ }, "metadataStartupScript": { "type": "string", - "description": "Metadata startup scripts made available within the instance.\n", - "willReplaceOnChanges": true + "description": "Metadata startup scripts made available within the instance.\n" }, "minCpuPlatform": { "type": "string", @@ -167747,8 +168249,7 @@ }, "metadataStartupScript": { "type": "string", - "description": "Metadata startup scripts made available within the instance.\n", - "willReplaceOnChanges": true + "description": "Metadata startup scripts made available within the instance.\n" }, "minCpuPlatform": { "type": "string", @@ -167955,8 +168456,7 @@ }, "metadataStartupScript": { "type": "string", - "description": "Metadata startup scripts made available within the instance.\n", - "willReplaceOnChanges": true + "description": "Metadata startup scripts made available within the instance.\n" }, "minCpuPlatform": { "type": "string", @@ -174055,7 +174555,7 @@ "properties": { "cloudArmorTier": { "type": "string", - "description": "Managed protection tier to be set.\nPossible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`.\n\n\n- - -\n" + "description": "Managed protection tier to be set.\nPossible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`.\n\n\n- - -\n" }, "project": { "type": "string", @@ -174069,7 +174569,7 @@ "inputProperties": { "cloudArmorTier": { "type": "string", - "description": "Managed protection tier to be set.\nPossible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`.\n\n\n- - -\n" + "description": "Managed protection tier to be set.\nPossible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`.\n\n\n- - -\n" }, "project": { "type": "string", @@ -174085,7 +174585,7 @@ "properties": { "cloudArmorTier": { "type": "string", - "description": "Managed protection tier to be set.\nPossible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`.\n\n\n- - -\n" + "description": "Managed protection tier to be set.\nPossible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`.\n\n\n- - -\n" }, "project": { "type": "string", @@ -214277,7 +214777,7 @@ } }, "gcp:firebase/databaseInstance:DatabaseInstance": { - "description": "## Example Usage\n\n### Firebase Database Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.firebase.DatabaseInstance(\"basic\", {\n project: \"my-project-name\",\n region: \"us-central1\",\n instanceId: \"active-db\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.firebase.DatabaseInstance(\"basic\",\n project=\"my-project-name\",\n region=\"us-central1\",\n instance_id=\"active-db\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Firebase.DatabaseInstance(\"basic\", new()\n {\n Project = \"my-project-name\",\n Region = \"us-central1\",\n InstanceId = \"active-db\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"basic\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"active-db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new DatabaseInstance(\"basic\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"us-central1\")\n .instanceId(\"active-db\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: us-central1\n instanceId: active-db\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst full = new gcp.firebase.DatabaseInstance(\"full\", {\n project: \"my-project-name\",\n region: \"europe-west1\",\n instanceId: \"disabled-db\",\n type: \"USER_DATABASE\",\n desiredState: \"DISABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfull = gcp.firebase.DatabaseInstance(\"full\",\n project=\"my-project-name\",\n region=\"europe-west1\",\n instance_id=\"disabled-db\",\n type=\"USER_DATABASE\",\n desired_state=\"DISABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var full = new Gcp.Firebase.DatabaseInstance(\"full\", new()\n {\n Project = \"my-project-name\",\n Region = \"europe-west1\",\n InstanceId = \"disabled-db\",\n Type = \"USER_DATABASE\",\n DesiredState = \"DISABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"full\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"europe-west1\"),\n\t\t\tInstanceId: pulumi.String(\"disabled-db\"),\n\t\t\tType: pulumi.String(\"USER_DATABASE\"),\n\t\t\tDesiredState: pulumi.String(\"DISABLED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var full = new DatabaseInstance(\"full\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"europe-west1\")\n .instanceId(\"disabled-db\")\n .type(\"USER_DATABASE\")\n .desiredState(\"DISABLED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n full:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: europe-west1\n instanceId: disabled-db\n type: USER_DATABASE\n desiredState: DISABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Default Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"rtdb-project\",\n name: \"rtdb-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst defaultProject = new gcp.firebase.Project(\"default\", {project: _default.projectId});\nconst firebaseDatabase = new gcp.projects.Service(\"firebase_database\", {\n project: defaultProject.project,\n service: \"firebasedatabase.googleapis.com\",\n});\nconst defaultDatabaseInstance = new gcp.firebase.DatabaseInstance(\"default\", {\n project: defaultProject.project,\n region: \"us-central1\",\n instanceId: \"rtdb-project-default-rtdb\",\n type: \"DEFAULT_DATABASE\",\n}, {\n dependsOn: [firebaseDatabase],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"rtdb-project\",\n name=\"rtdb-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\ndefault_project = gcp.firebase.Project(\"default\", project=default.project_id)\nfirebase_database = gcp.projects.Service(\"firebase_database\",\n project=default_project.project,\n service=\"firebasedatabase.googleapis.com\")\ndefault_database_instance = gcp.firebase.DatabaseInstance(\"default\",\n project=default_project.project,\n region=\"us-central1\",\n instance_id=\"rtdb-project-default-rtdb\",\n type=\"DEFAULT_DATABASE\",\n opts = pulumi.ResourceOptions(depends_on=[firebase_database]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"rtdb-project\",\n Name = \"rtdb-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var defaultProject = new Gcp.Firebase.Project(\"default\", new()\n {\n ProjectID = @default.ProjectId,\n });\n\n var firebaseDatabase = new Gcp.Projects.Service(\"firebase_database\", new()\n {\n Project = defaultProject.ProjectID,\n ServiceName = \"firebasedatabase.googleapis.com\",\n });\n\n var defaultDatabaseInstance = new Gcp.Firebase.DatabaseInstance(\"default\", new()\n {\n Project = defaultProject.ProjectID,\n Region = \"us-central1\",\n InstanceId = \"rtdb-project-default-rtdb\",\n Type = \"DEFAULT_DATABASE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firebaseDatabase,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"rtdb-project\"),\n\t\t\tName: pulumi.String(\"rtdb-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultProject, err := firebase.NewProject(ctx, \"default\", \u0026firebase.ProjectArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirebaseDatabase, err := projects.NewService(ctx, \"firebase_database\", \u0026projects.ServiceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tService: pulumi.String(\"firebasedatabase.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewDatabaseInstance(ctx, \"default\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"rtdb-project-default-rtdb\"),\n\t\t\tType: pulumi.String(\"DEFAULT_DATABASE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirebaseDatabase,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.firebase.Project;\nimport com.pulumi.gcp.firebase.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"rtdb-project\")\n .name(\"rtdb-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var defaultProject = new Project(\"defaultProject\", ProjectArgs.builder()\n .project(default_.projectId())\n .build());\n\n var firebaseDatabase = new Service(\"firebaseDatabase\", ServiceArgs.builder()\n .project(defaultProject.project())\n .service(\"firebasedatabase.googleapis.com\")\n .build());\n\n var defaultDatabaseInstance = new DatabaseInstance(\"defaultDatabaseInstance\", DatabaseInstanceArgs.builder()\n .project(defaultProject.project())\n .region(\"us-central1\")\n .instanceId(\"rtdb-project-default-rtdb\")\n .type(\"DEFAULT_DATABASE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firebaseDatabase)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: rtdb-project\n name: rtdb-project\n orgId: '123456789'\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n defaultProject:\n type: gcp:firebase:Project\n name: default\n properties:\n project: ${default.projectId}\n firebaseDatabase:\n type: gcp:projects:Service\n name: firebase_database\n properties:\n project: ${defaultProject.project}\n service: firebasedatabase.googleapis.com\n defaultDatabaseInstance:\n type: gcp:firebase:DatabaseInstance\n name: default\n properties:\n project: ${defaultProject.project}\n region: us-central1\n instanceId: rtdb-project-default-rtdb\n type: DEFAULT_DATABASE\n options:\n dependsOn:\n - ${firebaseDatabase}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{instance_id}}`\n\n* `{{project}}/{{region}}/{{instance_id}}`\n\n* `{{region}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default projects/{{project}}/locations/{{region}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{project}}/{{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{instance_id}}\n```\n\n", + "description": "## Example Usage\n\n### Firebase Database Instance Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.firebase.DatabaseInstance(\"basic\", {\n project: \"my-project-name\",\n region: \"us-central1\",\n instanceId: \"active-db\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.firebase.DatabaseInstance(\"basic\",\n project=\"my-project-name\",\n region=\"us-central1\",\n instance_id=\"active-db\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Firebase.DatabaseInstance(\"basic\", new()\n {\n Project = \"my-project-name\",\n Region = \"us-central1\",\n InstanceId = \"active-db\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"basic\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"active-db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new DatabaseInstance(\"basic\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"us-central1\")\n .instanceId(\"active-db\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n basic:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: us-central1\n instanceId: active-db\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst full = new gcp.firebase.DatabaseInstance(\"full\", {\n project: \"my-project-name\",\n region: \"europe-west1\",\n instanceId: \"disabled-db\",\n type: \"USER_DATABASE\",\n desiredState: \"DISABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfull = gcp.firebase.DatabaseInstance(\"full\",\n project=\"my-project-name\",\n region=\"europe-west1\",\n instance_id=\"disabled-db\",\n type=\"USER_DATABASE\",\n desired_state=\"DISABLED\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var full = new Gcp.Firebase.DatabaseInstance(\"full\", new()\n {\n Project = \"my-project-name\",\n Region = \"europe-west1\",\n InstanceId = \"disabled-db\",\n Type = \"USER_DATABASE\",\n DesiredState = \"DISABLED\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewDatabaseInstance(ctx, \"full\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"europe-west1\"),\n\t\t\tInstanceId: pulumi.String(\"disabled-db\"),\n\t\t\tType: pulumi.String(\"USER_DATABASE\"),\n\t\t\tDesiredState: pulumi.String(\"DISABLED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var full = new DatabaseInstance(\"full\", DatabaseInstanceArgs.builder()\n .project(\"my-project-name\")\n .region(\"europe-west1\")\n .instanceId(\"disabled-db\")\n .type(\"USER_DATABASE\")\n .desiredState(\"DISABLED\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n full:\n type: gcp:firebase:DatabaseInstance\n properties:\n project: my-project-name\n region: europe-west1\n instanceId: disabled-db\n type: USER_DATABASE\n desiredState: DISABLED\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebase Database Instance Default Database\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"rtdb-project\",\n name: \"rtdb-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst firebase = new gcp.projects.Service(\"firebase\", {\n project: _default.projectId,\n service: \"firebase.googleapis.com\",\n disableOnDestroy: false,\n});\nconst defaultProject = new gcp.firebase.Project(\"default\", {project: _default.projectId}, {\n dependsOn: [firebase],\n});\nconst firebaseDatabase = new gcp.projects.Service(\"firebase_database\", {\n project: defaultProject.project,\n service: \"firebasedatabase.googleapis.com\",\n disableOnDestroy: false,\n});\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [firebaseDatabase],\n});\nconst defaultDatabaseInstance = new gcp.firebase.DatabaseInstance(\"default\", {\n project: defaultProject.project,\n region: \"us-central1\",\n instanceId: \"rtdb-project-default-rtdb\",\n type: \"DEFAULT_DATABASE\",\n}, {\n dependsOn: [wait60Seconds],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"rtdb-project\",\n name=\"rtdb-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\nfirebase = gcp.projects.Service(\"firebase\",\n project=default.project_id,\n service=\"firebase.googleapis.com\",\n disable_on_destroy=False)\ndefault_project = gcp.firebase.Project(\"default\", project=default.project_id,\nopts = pulumi.ResourceOptions(depends_on=[firebase]))\nfirebase_database = gcp.projects.Service(\"firebase_database\",\n project=default_project.project,\n service=\"firebasedatabase.googleapis.com\",\n disable_on_destroy=False)\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[firebase_database]))\ndefault_database_instance = gcp.firebase.DatabaseInstance(\"default\",\n project=default_project.project,\n region=\"us-central1\",\n instance_id=\"rtdb-project-default-rtdb\",\n type=\"DEFAULT_DATABASE\",\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"rtdb-project\",\n Name = \"rtdb-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var firebase = new Gcp.Projects.Service(\"firebase\", new()\n {\n Project = @default.ProjectId,\n ServiceName = \"firebase.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var defaultProject = new Gcp.Firebase.Project(\"default\", new()\n {\n ProjectID = @default.ProjectId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firebase,\n },\n });\n\n var firebaseDatabase = new Gcp.Projects.Service(\"firebase_database\", new()\n {\n Project = defaultProject.ProjectID,\n ServiceName = \"firebasedatabase.googleapis.com\",\n DisableOnDestroy = false,\n });\n\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firebaseDatabase,\n },\n });\n\n var defaultDatabaseInstance = new Gcp.Firebase.DatabaseInstance(\"default\", new()\n {\n Project = defaultProject.ProjectID,\n Region = \"us-central1\",\n InstanceId = \"rtdb-project-default-rtdb\",\n Type = \"DEFAULT_DATABASE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"rtdb-project\"),\n\t\t\tName: pulumi.String(\"rtdb-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirebase, err := projects.NewService(ctx, \"firebase\", \u0026projects.ServiceArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tService: pulumi.String(\"firebase.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultProject, err := firebase.NewProject(ctx, \"default\", \u0026firebase.ProjectArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirebase,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirebaseDatabase, err := projects.NewService(ctx, \"firebase_database\", \u0026projects.ServiceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tService: pulumi.String(\"firebasedatabase.googleapis.com\"),\n\t\t\tDisableOnDestroy: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirebaseDatabase,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewDatabaseInstance(ctx, \"default\", \u0026firebase.DatabaseInstanceArgs{\n\t\t\tProject: defaultProject.Project,\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tInstanceId: pulumi.String(\"rtdb-project-default-rtdb\"),\n\t\t\tType: pulumi.String(\"DEFAULT_DATABASE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.firebase.Project;\nimport com.pulumi.gcp.firebase.ProjectArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.firebase.DatabaseInstance;\nimport com.pulumi.gcp.firebase.DatabaseInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"rtdb-project\")\n .name(\"rtdb-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var firebase = new Service(\"firebase\", ServiceArgs.builder()\n .project(default_.projectId())\n .service(\"firebase.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var defaultProject = new Project(\"defaultProject\", ProjectArgs.builder()\n .project(default_.projectId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firebase)\n .build());\n\n var firebaseDatabase = new Service(\"firebaseDatabase\", ServiceArgs.builder()\n .project(defaultProject.project())\n .service(\"firebasedatabase.googleapis.com\")\n .disableOnDestroy(false)\n .build());\n\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(firebaseDatabase)\n .build());\n\n var defaultDatabaseInstance = new DatabaseInstance(\"defaultDatabaseInstance\", DatabaseInstanceArgs.builder()\n .project(defaultProject.project())\n .region(\"us-central1\")\n .instanceId(\"rtdb-project-default-rtdb\")\n .type(\"DEFAULT_DATABASE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: rtdb-project\n name: rtdb-project\n orgId: '123456789'\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n firebase:\n type: gcp:projects:Service\n properties:\n project: ${default.projectId}\n service: firebase.googleapis.com\n disableOnDestroy: false\n defaultProject:\n type: gcp:firebase:Project\n name: default\n properties:\n project: ${default.projectId}\n options:\n dependsOn:\n - ${firebase}\n firebaseDatabase:\n type: gcp:projects:Service\n name: firebase_database\n properties:\n project: ${defaultProject.project}\n service: firebasedatabase.googleapis.com\n disableOnDestroy: false\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${firebaseDatabase}\n defaultDatabaseInstance:\n type: gcp:firebase:DatabaseInstance\n name: default\n properties:\n project: ${defaultProject.project}\n region: us-central1\n instanceId: rtdb-project-default-rtdb\n type: DEFAULT_DATABASE\n options:\n dependsOn:\n - ${wait60Seconds}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInstance can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{region}}/instances/{{instance_id}}`\n\n* `{{project}}/{{region}}/{{instance_id}}`\n\n* `{{region}}/{{instance_id}}`\n\n* `{{instance_id}}`\n\nWhen using the `pulumi import` command, Instance can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default projects/{{project}}/locations/{{region}}/instances/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{project}}/{{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{region}}/{{instance_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/databaseInstance:DatabaseInstance default {{instance_id}}\n```\n\n", "properties": { "databaseUrl": { "type": "string", @@ -215116,7 +215616,7 @@ } }, "gcp:firebase/hostingVersion:HostingVersion": { - "description": "## Example Usage\n\n### Firebasehosting Version Redirect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n redirects: [{\n glob: \"/google/**\",\n statusCode: 302,\n location: \"https://www.google.com\",\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Redirect to Google\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"redirects\": [{\n \"glob\": \"/google/**\",\n \"status_code\": 302,\n \"location\": \"https://www.google.com\",\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Redirect to Google\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Redirects = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRedirectArgs\n {\n Glob = \"/google/**\",\n StatusCode = 302,\n Location = \"https://www.google.com\",\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Redirect to Google\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRedirects: firebase.HostingVersionConfigRedirectArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRedirectArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/google/**\"),\n\t\t\t\t\t\tStatusCode: pulumi.Int(302),\n\t\t\t\t\t\tLocation: pulumi.String(\"https://www.google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Redirect to Google\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .redirects(HostingVersionConfigRedirectArgs.builder()\n .glob(\"/google/**\")\n .statusCode(302)\n .location(\"https://www.google.com\")\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Redirect to Google\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n redirects:\n - glob: /google/**\n statusCode: 302\n location: https://www.google.com\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Redirect to Google\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Path\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n rewrites: [{\n glob: \"**\",\n path: \"/index.html\",\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Path Rewrite\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"rewrites\": [{\n \"glob\": \"**\",\n \"path\": \"/index.html\",\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Path Rewrite\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Rewrites = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRewriteArgs\n {\n Glob = \"**\",\n Path = \"/index.html\",\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Path Rewrite\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRewrites: firebase.HostingVersionConfigRewriteArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRewriteArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"**\"),\n\t\t\t\t\t\tPath: pulumi.String(\"/index.html\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Path Rewrite\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .rewrites(HostingVersionConfigRewriteArgs.builder()\n .glob(\"**\")\n .path(\"/index.html\")\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Path Rewrite\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n rewrites:\n - glob: '**'\n path: /index.html\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Path Rewrite\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Cloud Run\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultService = new gcp.cloudrunv2.Service(\"default\", {\n project: \"my-project-name\",\n name: \"cloud-run-service-via-hosting\",\n location: \"us-central1\",\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n deletionProtection: true,\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n rewrites: [{\n glob: \"/hello/**\",\n run: {\n serviceId: defaultService.name,\n region: defaultService.location,\n },\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Cloud Run Integration\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_service = gcp.cloudrunv2.Service(\"default\",\n project=\"my-project-name\",\n name=\"cloud-run-service-via-hosting\",\n location=\"us-central1\",\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n deletion_protection=True)\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"rewrites\": [{\n \"glob\": \"/hello/**\",\n \"run\": {\n \"service_id\": default_service.name,\n \"region\": default_service.location,\n },\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Cloud Run Integration\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultService = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Project = \"my-project-name\",\n Name = \"cloud-run-service-via-hosting\",\n Location = \"us-central1\",\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n DeletionProtection = true,\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Rewrites = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRewriteArgs\n {\n Glob = \"/hello/**\",\n Run = new Gcp.Firebase.Inputs.HostingVersionConfigRewriteRunArgs\n {\n ServiceId = defaultService.Name,\n Region = defaultService.Location,\n },\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Cloud Run Integration\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultService, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cloud-run-service-via-hosting\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRewrites: firebase.HostingVersionConfigRewriteArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRewriteArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/hello/**\"),\n\t\t\t\t\t\tRun: \u0026firebase.HostingVersionConfigRewriteRunArgs{\n\t\t\t\t\t\t\tServiceId: defaultService.Name,\n\t\t\t\t\t\t\tRegion: defaultService.Location,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Cloud Run Integration\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultService = new Service(\"defaultService\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .name(\"cloud-run-service-via-hosting\")\n .location(\"us-central1\")\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .rewrites(HostingVersionConfigRewriteArgs.builder()\n .glob(\"/hello/**\")\n .run(HostingVersionConfigRewriteRunArgs.builder()\n .serviceId(defaultService.name())\n .region(defaultService.location())\n .build())\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Cloud Run Integration\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultService:\n type: gcp:cloudrunv2:Service\n name: default\n properties:\n project: my-project-name\n name: cloud-run-service-via-hosting\n location: us-central1\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n deletionProtection: true\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n rewrites:\n - glob: /hello/**\n run:\n serviceId: ${defaultService.name}\n region: ${defaultService.location}\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Cloud Run Integration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Cloud Functions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n project: \"my-project-name\",\n name: \"site-id-function-source\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctions.Function(\"function\", {\n project: \"my-project-name\",\n name: \"cloud-function-via-hosting\",\n description: \"A Cloud Function connected to Firebase Hosing\",\n runtime: \"nodejs16\",\n availableMemoryMb: 128,\n sourceArchiveBucket: bucket.name,\n sourceArchiveObject: object.name,\n triggerHttp: true,\n entryPoint: \"helloHttp\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n rewrites: [{\n glob: \"/hello/**\",\n \"function\": _function.name,\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Cloud Functions Integration\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\nbucket = gcp.storage.Bucket(\"bucket\",\n project=\"my-project-name\",\n name=\"site-id-function-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctions.Function(\"function\",\n project=\"my-project-name\",\n name=\"cloud-function-via-hosting\",\n description=\"A Cloud Function connected to Firebase Hosing\",\n runtime=\"nodejs16\",\n available_memory_mb=128,\n source_archive_bucket=bucket.name,\n source_archive_object=object.name,\n trigger_http=True,\n entry_point=\"helloHttp\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"rewrites\": [{\n \"glob\": \"/hello/**\",\n \"function\": function.name,\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Cloud Functions Integration\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Project = \"my-project-name\",\n Name = \"site-id-function-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctions.Function(\"function\", new()\n {\n Project = \"my-project-name\",\n Name = \"cloud-function-via-hosting\",\n Description = \"A Cloud Function connected to Firebase Hosing\",\n Runtime = \"nodejs16\",\n AvailableMemoryMb = 128,\n SourceArchiveBucket = bucket.Name,\n SourceArchiveObject = @object.Name,\n TriggerHttp = true,\n EntryPoint = \"helloHttp\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Rewrites = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRewriteArgs\n {\n Glob = \"/hello/**\",\n Function = function.Name,\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Cloud Functions Integration\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"site-id-function-source\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunction, err := cloudfunctions.NewFunction(ctx, \"function\", \u0026cloudfunctions.FunctionArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cloud-function-via-hosting\"),\n\t\t\tDescription: pulumi.String(\"A Cloud Function connected to Firebase Hosing\"),\n\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\tAvailableMemoryMb: pulumi.Int(128),\n\t\t\tSourceArchiveBucket: bucket.Name,\n\t\t\tSourceArchiveObject: object.Name,\n\t\t\tTriggerHttp: pulumi.Bool(true),\n\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRewrites: firebase.HostingVersionConfigRewriteArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRewriteArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/hello/**\"),\n\t\t\t\t\t\tFunction: function.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Cloud Functions Integration\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctions.Function;\nimport com.pulumi.gcp.cloudfunctions.FunctionArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .project(\"my-project-name\")\n .name(\"site-id-function-source\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .project(\"my-project-name\")\n .name(\"cloud-function-via-hosting\")\n .description(\"A Cloud Function connected to Firebase Hosing\")\n .runtime(\"nodejs16\")\n .availableMemoryMb(128)\n .sourceArchiveBucket(bucket.name())\n .sourceArchiveObject(object.name())\n .triggerHttp(true)\n .entryPoint(\"helloHttp\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .rewrites(HostingVersionConfigRewriteArgs.builder()\n .glob(\"/hello/**\")\n .function(function.name())\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Cloud Functions Integration\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n bucket:\n type: gcp:storage:Bucket\n properties:\n project: my-project-name\n name: site-id-function-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctions:Function\n properties:\n project: my-project-name\n name: cloud-function-via-hosting\n description: A Cloud Function connected to Firebase Hosing\n runtime: nodejs16\n availableMemoryMb: 128\n sourceArchiveBucket: ${bucket.name}\n sourceArchiveObject: ${object.name}\n triggerHttp: true\n entryPoint: helloHttp\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n rewrites:\n - glob: /hello/**\n function: ${function.name}\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Cloud Functions Integration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVersion can be imported using any of these accepted formats:\n\n* `sites/{{site_id}}/versions/{{version_id}}`\n\n* `{{site_id}}/{{version_id}}`\n\nWhen using the `pulumi import` command, Version can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/hostingVersion:HostingVersion default sites/{{site_id}}/versions/{{version_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/hostingVersion:HostingVersion default {{site_id}}/{{version_id}}\n```\n\n", + "description": "## Example Usage\n\n### Firebasehosting Version Redirect\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n redirects: [{\n glob: \"/google/**\",\n statusCode: 302,\n location: \"https://www.google.com\",\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Redirect to Google\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"redirects\": [{\n \"glob\": \"/google/**\",\n \"status_code\": 302,\n \"location\": \"https://www.google.com\",\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Redirect to Google\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Redirects = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRedirectArgs\n {\n Glob = \"/google/**\",\n StatusCode = 302,\n Location = \"https://www.google.com\",\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Redirect to Google\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRedirects: firebase.HostingVersionConfigRedirectArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRedirectArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/google/**\"),\n\t\t\t\t\t\tStatusCode: pulumi.Int(302),\n\t\t\t\t\t\tLocation: pulumi.String(\"https://www.google.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Redirect to Google\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .redirects(HostingVersionConfigRedirectArgs.builder()\n .glob(\"/google/**\")\n .statusCode(302)\n .location(\"https://www.google.com\")\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Redirect to Google\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n redirects:\n - glob: /google/**\n statusCode: 302\n location: https://www.google.com\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Redirect to Google\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Headers\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n headers: [{\n glob: \"/headers/**\",\n headers: {\n \"my-header\": \"my-value\",\n },\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"With custom headers\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"headers\": [{\n \"glob\": \"/headers/**\",\n \"headers\": {\n \"my-header\": \"my-value\",\n },\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"With custom headers\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Headers = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigHeaderArgs\n {\n Glob = \"/headers/**\",\n Headers = \n {\n { \"my-header\", \"my-value\" },\n },\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"With custom headers\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tHeaders: firebase.HostingVersionConfigHeaderArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigHeaderArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/headers/**\"),\n\t\t\t\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\t\t\t\"my-header\": pulumi.String(\"my-value\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"With custom headers\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .headers(HostingVersionConfigHeaderArgs.builder()\n .glob(\"/headers/**\")\n .headers(Map.of(\"my-header\", \"my-value\"))\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"With custom headers\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n headers:\n - glob: /headers/**\n headers:\n my-header: my-value\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: With custom headers\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Headers Regex\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n headers: [{\n regex: \"^~/headers$\",\n headers: {\n \"my-header\": \"my-value\",\n },\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"With custom headers\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"headers\": [{\n \"regex\": \"^~/headers$\",\n \"headers\": {\n \"my-header\": \"my-value\",\n },\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"With custom headers\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Headers = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigHeaderArgs\n {\n Regex = \"^~/headers$\",\n Headers = \n {\n { \"my-header\", \"my-value\" },\n },\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"With custom headers\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tHeaders: firebase.HostingVersionConfigHeaderArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigHeaderArgs{\n\t\t\t\t\t\tRegex: pulumi.String(\"^~/headers$\"),\n\t\t\t\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\t\t\t\"my-header\": pulumi.String(\"my-value\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"With custom headers\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .headers(HostingVersionConfigHeaderArgs.builder()\n .regex(\"^~/headers$\")\n .headers(Map.of(\"my-header\", \"my-value\"))\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"With custom headers\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n headers:\n - regex: ^~/headers$\n headers:\n my-header: my-value\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: With custom headers\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Path\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n rewrites: [{\n glob: \"**\",\n path: \"/index.html\",\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Path Rewrite\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"rewrites\": [{\n \"glob\": \"**\",\n \"path\": \"/index.html\",\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Path Rewrite\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Rewrites = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRewriteArgs\n {\n Glob = \"**\",\n Path = \"/index.html\",\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Path Rewrite\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRewrites: firebase.HostingVersionConfigRewriteArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRewriteArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"**\"),\n\t\t\t\t\t\tPath: pulumi.String(\"/index.html\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Path Rewrite\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .rewrites(HostingVersionConfigRewriteArgs.builder()\n .glob(\"**\")\n .path(\"/index.html\")\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Path Rewrite\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n rewrites:\n - glob: '**'\n path: /index.html\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Path Rewrite\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Cloud Run\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst defaultService = new gcp.cloudrunv2.Service(\"default\", {\n project: \"my-project-name\",\n name: \"cloud-run-service-via-hosting\",\n location: \"us-central1\",\n ingress: \"INGRESS_TRAFFIC_ALL\",\n template: {\n containers: [{\n image: \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n deletionProtection: true,\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n rewrites: [{\n glob: \"/hello/**\",\n run: {\n serviceId: defaultService.name,\n region: defaultService.location,\n },\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Cloud Run Integration\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\ndefault_service = gcp.cloudrunv2.Service(\"default\",\n project=\"my-project-name\",\n name=\"cloud-run-service-via-hosting\",\n location=\"us-central1\",\n ingress=\"INGRESS_TRAFFIC_ALL\",\n template={\n \"containers\": [{\n \"image\": \"us-docker.pkg.dev/cloudrun/container/hello\",\n }],\n },\n deletion_protection=True)\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"rewrites\": [{\n \"glob\": \"/hello/**\",\n \"run\": {\n \"service_id\": default_service.name,\n \"region\": default_service.location,\n },\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Cloud Run Integration\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var defaultService = new Gcp.CloudRunV2.Service(\"default\", new()\n {\n Project = \"my-project-name\",\n Name = \"cloud-run-service-via-hosting\",\n Location = \"us-central1\",\n Ingress = \"INGRESS_TRAFFIC_ALL\",\n Template = new Gcp.CloudRunV2.Inputs.ServiceTemplateArgs\n {\n Containers = new[]\n {\n new Gcp.CloudRunV2.Inputs.ServiceTemplateContainerArgs\n {\n Image = \"us-docker.pkg.dev/cloudrun/container/hello\",\n },\n },\n },\n DeletionProtection = true,\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Rewrites = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRewriteArgs\n {\n Glob = \"/hello/**\",\n Run = new Gcp.Firebase.Inputs.HostingVersionConfigRewriteRunArgs\n {\n ServiceId = defaultService.Name,\n Region = defaultService.Location,\n },\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Cloud Run Integration\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultService, err := cloudrunv2.NewService(ctx, \"default\", \u0026cloudrunv2.ServiceArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cloud-run-service-via-hosting\"),\n\t\t\tLocation: pulumi.String(\"us-central1\"),\n\t\t\tIngress: pulumi.String(\"INGRESS_TRAFFIC_ALL\"),\n\t\t\tTemplate: \u0026cloudrunv2.ServiceTemplateArgs{\n\t\t\t\tContainers: cloudrunv2.ServiceTemplateContainerArray{\n\t\t\t\t\t\u0026cloudrunv2.ServiceTemplateContainerArgs{\n\t\t\t\t\t\tImage: pulumi.String(\"us-docker.pkg.dev/cloudrun/container/hello\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRewrites: firebase.HostingVersionConfigRewriteArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRewriteArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/hello/**\"),\n\t\t\t\t\t\tRun: \u0026firebase.HostingVersionConfigRewriteRunArgs{\n\t\t\t\t\t\t\tServiceId: defaultService.Name,\n\t\t\t\t\t\t\tRegion: defaultService.Location,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Cloud Run Integration\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.cloudrunv2.Service;\nimport com.pulumi.gcp.cloudrunv2.ServiceArgs;\nimport com.pulumi.gcp.cloudrunv2.inputs.ServiceTemplateArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var defaultService = new Service(\"defaultService\", ServiceArgs.builder()\n .project(\"my-project-name\")\n .name(\"cloud-run-service-via-hosting\")\n .location(\"us-central1\")\n .ingress(\"INGRESS_TRAFFIC_ALL\")\n .template(ServiceTemplateArgs.builder()\n .containers(ServiceTemplateContainerArgs.builder()\n .image(\"us-docker.pkg.dev/cloudrun/container/hello\")\n .build())\n .build())\n .deletionProtection(true)\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .rewrites(HostingVersionConfigRewriteArgs.builder()\n .glob(\"/hello/**\")\n .run(HostingVersionConfigRewriteRunArgs.builder()\n .serviceId(defaultService.name())\n .region(defaultService.location())\n .build())\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Cloud Run Integration\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n defaultService:\n type: gcp:cloudrunv2:Service\n name: default\n properties:\n project: my-project-name\n name: cloud-run-service-via-hosting\n location: us-central1\n ingress: INGRESS_TRAFFIC_ALL\n template:\n containers:\n - image: us-docker.pkg.dev/cloudrun/container/hello\n deletionProtection: true\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n rewrites:\n - glob: /hello/**\n run:\n serviceId: ${defaultService.name}\n region: ${defaultService.location}\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Cloud Run Integration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Firebasehosting Version Cloud Functions\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.firebase.HostingSite(\"default\", {\n project: \"my-project-name\",\n siteId: \"site-id\",\n});\nconst bucket = new gcp.storage.Bucket(\"bucket\", {\n project: \"my-project-name\",\n name: \"site-id-function-source\",\n location: \"US\",\n uniformBucketLevelAccess: true,\n});\nconst object = new gcp.storage.BucketObject(\"object\", {\n name: \"function-source.zip\",\n bucket: bucket.name,\n source: new pulumi.asset.FileAsset(\"function-source.zip\"),\n});\nconst _function = new gcp.cloudfunctions.Function(\"function\", {\n project: \"my-project-name\",\n name: \"cloud-function-via-hosting\",\n description: \"A Cloud Function connected to Firebase Hosing\",\n runtime: \"nodejs16\",\n availableMemoryMb: 128,\n sourceArchiveBucket: bucket.name,\n sourceArchiveObject: object.name,\n triggerHttp: true,\n entryPoint: \"helloHttp\",\n});\nconst defaultHostingVersion = new gcp.firebase.HostingVersion(\"default\", {\n siteId: _default.siteId,\n config: {\n rewrites: [{\n glob: \"/hello/**\",\n \"function\": _function.name,\n }],\n },\n});\nconst defaultHostingRelease = new gcp.firebase.HostingRelease(\"default\", {\n siteId: _default.siteId,\n versionName: defaultHostingVersion.name,\n message: \"Cloud Functions Integration\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.firebase.HostingSite(\"default\",\n project=\"my-project-name\",\n site_id=\"site-id\")\nbucket = gcp.storage.Bucket(\"bucket\",\n project=\"my-project-name\",\n name=\"site-id-function-source\",\n location=\"US\",\n uniform_bucket_level_access=True)\nobject = gcp.storage.BucketObject(\"object\",\n name=\"function-source.zip\",\n bucket=bucket.name,\n source=pulumi.FileAsset(\"function-source.zip\"))\nfunction = gcp.cloudfunctions.Function(\"function\",\n project=\"my-project-name\",\n name=\"cloud-function-via-hosting\",\n description=\"A Cloud Function connected to Firebase Hosing\",\n runtime=\"nodejs16\",\n available_memory_mb=128,\n source_archive_bucket=bucket.name,\n source_archive_object=object.name,\n trigger_http=True,\n entry_point=\"helloHttp\")\ndefault_hosting_version = gcp.firebase.HostingVersion(\"default\",\n site_id=default.site_id,\n config={\n \"rewrites\": [{\n \"glob\": \"/hello/**\",\n \"function\": function.name,\n }],\n })\ndefault_hosting_release = gcp.firebase.HostingRelease(\"default\",\n site_id=default.site_id,\n version_name=default_hosting_version.name,\n message=\"Cloud Functions Integration\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Firebase.HostingSite(\"default\", new()\n {\n Project = \"my-project-name\",\n SiteId = \"site-id\",\n });\n\n var bucket = new Gcp.Storage.Bucket(\"bucket\", new()\n {\n Project = \"my-project-name\",\n Name = \"site-id-function-source\",\n Location = \"US\",\n UniformBucketLevelAccess = true,\n });\n\n var @object = new Gcp.Storage.BucketObject(\"object\", new()\n {\n Name = \"function-source.zip\",\n Bucket = bucket.Name,\n Source = new FileAsset(\"function-source.zip\"),\n });\n\n var function = new Gcp.CloudFunctions.Function(\"function\", new()\n {\n Project = \"my-project-name\",\n Name = \"cloud-function-via-hosting\",\n Description = \"A Cloud Function connected to Firebase Hosing\",\n Runtime = \"nodejs16\",\n AvailableMemoryMb = 128,\n SourceArchiveBucket = bucket.Name,\n SourceArchiveObject = @object.Name,\n TriggerHttp = true,\n EntryPoint = \"helloHttp\",\n });\n\n var defaultHostingVersion = new Gcp.Firebase.HostingVersion(\"default\", new()\n {\n SiteId = @default.SiteId,\n Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs\n {\n Rewrites = new[]\n {\n new Gcp.Firebase.Inputs.HostingVersionConfigRewriteArgs\n {\n Glob = \"/hello/**\",\n Function = function.Name,\n },\n },\n },\n });\n\n var defaultHostingRelease = new Gcp.Firebase.HostingRelease(\"default\", new()\n {\n SiteId = @default.SiteId,\n VersionName = defaultHostingVersion.Name,\n Message = \"Cloud Functions Integration\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := firebase.NewHostingSite(ctx, \"default\", \u0026firebase.HostingSiteArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tSiteId: pulumi.String(\"site-id\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := storage.NewBucket(ctx, \"bucket\", \u0026storage.BucketArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"site-id-function-source\"),\n\t\t\tLocation: pulumi.String(\"US\"),\n\t\t\tUniformBucketLevelAccess: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tobject, err := storage.NewBucketObject(ctx, \"object\", \u0026storage.BucketObjectArgs{\n\t\t\tName: pulumi.String(\"function-source.zip\"),\n\t\t\tBucket: bucket.Name,\n\t\t\tSource: pulumi.NewFileAsset(\"function-source.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfunction, err := cloudfunctions.NewFunction(ctx, \"function\", \u0026cloudfunctions.FunctionArgs{\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tName: pulumi.String(\"cloud-function-via-hosting\"),\n\t\t\tDescription: pulumi.String(\"A Cloud Function connected to Firebase Hosing\"),\n\t\t\tRuntime: pulumi.String(\"nodejs16\"),\n\t\t\tAvailableMemoryMb: pulumi.Int(128),\n\t\t\tSourceArchiveBucket: bucket.Name,\n\t\t\tSourceArchiveObject: object.Name,\n\t\t\tTriggerHttp: pulumi.Bool(true),\n\t\t\tEntryPoint: pulumi.String(\"helloHttp\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultHostingVersion, err := firebase.NewHostingVersion(ctx, \"default\", \u0026firebase.HostingVersionArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tConfig: \u0026firebase.HostingVersionConfigArgs{\n\t\t\t\tRewrites: firebase.HostingVersionConfigRewriteArray{\n\t\t\t\t\t\u0026firebase.HostingVersionConfigRewriteArgs{\n\t\t\t\t\t\tGlob: pulumi.String(\"/hello/**\"),\n\t\t\t\t\t\tFunction: function.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewHostingRelease(ctx, \"default\", \u0026firebase.HostingReleaseArgs{\n\t\t\tSiteId: _default.SiteId,\n\t\t\tVersionName: defaultHostingVersion.Name,\n\t\t\tMessage: pulumi.String(\"Cloud Functions Integration\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.firebase.HostingSite;\nimport com.pulumi.gcp.firebase.HostingSiteArgs;\nimport com.pulumi.gcp.storage.Bucket;\nimport com.pulumi.gcp.storage.BucketArgs;\nimport com.pulumi.gcp.storage.BucketObject;\nimport com.pulumi.gcp.storage.BucketObjectArgs;\nimport com.pulumi.gcp.cloudfunctions.Function;\nimport com.pulumi.gcp.cloudfunctions.FunctionArgs;\nimport com.pulumi.gcp.firebase.HostingVersion;\nimport com.pulumi.gcp.firebase.HostingVersionArgs;\nimport com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;\nimport com.pulumi.gcp.firebase.HostingRelease;\nimport com.pulumi.gcp.firebase.HostingReleaseArgs;\nimport com.pulumi.asset.FileAsset;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new HostingSite(\"default\", HostingSiteArgs.builder()\n .project(\"my-project-name\")\n .siteId(\"site-id\")\n .build());\n\n var bucket = new Bucket(\"bucket\", BucketArgs.builder()\n .project(\"my-project-name\")\n .name(\"site-id-function-source\")\n .location(\"US\")\n .uniformBucketLevelAccess(true)\n .build());\n\n var object = new BucketObject(\"object\", BucketObjectArgs.builder()\n .name(\"function-source.zip\")\n .bucket(bucket.name())\n .source(new FileAsset(\"function-source.zip\"))\n .build());\n\n var function = new Function(\"function\", FunctionArgs.builder()\n .project(\"my-project-name\")\n .name(\"cloud-function-via-hosting\")\n .description(\"A Cloud Function connected to Firebase Hosing\")\n .runtime(\"nodejs16\")\n .availableMemoryMb(128)\n .sourceArchiveBucket(bucket.name())\n .sourceArchiveObject(object.name())\n .triggerHttp(true)\n .entryPoint(\"helloHttp\")\n .build());\n\n var defaultHostingVersion = new HostingVersion(\"defaultHostingVersion\", HostingVersionArgs.builder()\n .siteId(default_.siteId())\n .config(HostingVersionConfigArgs.builder()\n .rewrites(HostingVersionConfigRewriteArgs.builder()\n .glob(\"/hello/**\")\n .function(function.name())\n .build())\n .build())\n .build());\n\n var defaultHostingRelease = new HostingRelease(\"defaultHostingRelease\", HostingReleaseArgs.builder()\n .siteId(default_.siteId())\n .versionName(defaultHostingVersion.name())\n .message(\"Cloud Functions Integration\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:firebase:HostingSite\n properties:\n project: my-project-name\n siteId: site-id\n bucket:\n type: gcp:storage:Bucket\n properties:\n project: my-project-name\n name: site-id-function-source\n location: US\n uniformBucketLevelAccess: true\n object:\n type: gcp:storage:BucketObject\n properties:\n name: function-source.zip\n bucket: ${bucket.name}\n source:\n fn::FileAsset: function-source.zip\n function:\n type: gcp:cloudfunctions:Function\n properties:\n project: my-project-name\n name: cloud-function-via-hosting\n description: A Cloud Function connected to Firebase Hosing\n runtime: nodejs16\n availableMemoryMb: 128\n sourceArchiveBucket: ${bucket.name}\n sourceArchiveObject: ${object.name}\n triggerHttp: true\n entryPoint: helloHttp\n defaultHostingVersion:\n type: gcp:firebase:HostingVersion\n name: default\n properties:\n siteId: ${default.siteId}\n config:\n rewrites:\n - glob: /hello/**\n function: ${function.name}\n defaultHostingRelease:\n type: gcp:firebase:HostingRelease\n name: default\n properties:\n siteId: ${default.siteId}\n versionName: ${defaultHostingVersion.name}\n message: Cloud Functions Integration\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVersion can be imported using any of these accepted formats:\n\n* `sites/{{site_id}}/versions/{{version_id}}`\n\n* `{{site_id}}/{{version_id}}`\n\nWhen using the `pulumi import` command, Version can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/hostingVersion:HostingVersion default sites/{{site_id}}/versions/{{version_id}}\n```\n\n```sh\n$ pulumi import gcp:firebase/hostingVersion:HostingVersion default {{site_id}}/{{version_id}}\n```\n\n", "properties": { "config": { "$ref": "#/types/gcp:firebase/HostingVersionConfig:HostingVersionConfig", @@ -215181,7 +215681,7 @@ } }, "gcp:firebase/project:Project": { - "description": "A Google Cloud Firebase instance. This enables Firebase resources on a given google project.\nSince a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP\nidentifiers (most importantly, the projectId) as its own for easy interop with GCP APIs.\nOnce Firebase has been added to a Google Project it cannot be removed.\n\nTo get more information about Project, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects)\n* How-to Guides\n * Official Documentation\n\n\u003e **Note:** This resource should usually be used with a provider configuration\nwith `user_project_override = true` unless you wish for your quota\nproject to be different from the Firebase project.\n\n## Example Usage\n\n### Firebase Project Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst defaultProject = new gcp.firebase.Project(\"default\", {project: _default.projectId});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\ndefault_project = gcp.firebase.Project(\"default\", project=default.project_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var defaultProject = new Gcp.Firebase.Project(\"default\", new()\n {\n ProjectID = @default.ProjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewProject(ctx, \"default\", \u0026firebase.ProjectArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.firebase.Project;\nimport com.pulumi.gcp.firebase.ProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var defaultProject = new Project(\"defaultProject\", ProjectArgs.builder()\n .project(default_.projectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n defaultProject:\n type: gcp:firebase:Project\n name: default\n properties:\n project: ${default.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProject can be imported using any of these accepted formats:\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, Project can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/project:Project default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:firebase/project:Project default {{project}}\n```\n\n", + "description": "A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project.\nSince a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP\nidentifiers (most importantly, the projectId) as its own for easy interop with GCP APIs.\nOnce Firebase has been added to a Google Project it cannot be removed.\n\nTo get more information about Project, see:\n\n* [API documentation](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects)\n* How-to Guides\n * Official Documentation\n\n\u003e **Note:** This resource should usually be used with a provider configuration\nwith `user_project_override = true` unless you wish for your quota\nproject to be different from the Firebase project.\n\n## Example Usage\n\n### Firebase Project Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst defaultProject = new gcp.firebase.Project(\"default\", {project: _default.projectId});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\ndefault_project = gcp.firebase.Project(\"default\", project=default.project_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var defaultProject = new Gcp.Firebase.Project(\"default\", new()\n {\n ProjectID = @default.ProjectId,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = firebase.NewProject(ctx, \"default\", \u0026firebase.ProjectArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.firebase.Project;\nimport com.pulumi.gcp.firebase.ProjectArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var defaultProject = new Project(\"defaultProject\", ProjectArgs.builder()\n .project(default_.projectId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n defaultProject:\n type: gcp:firebase:Project\n name: default\n properties:\n project: ${default.projectId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProject can be imported using any of these accepted formats:\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, Project can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:firebase/project:Project default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:firebase/project:Project default {{project}}\n```\n\n", "properties": { "displayName": { "type": "string", @@ -215198,7 +215698,7 @@ }, "projectNumber": { "type": "string", - "description": "The number of the google project that firebase is enabled on.\n" + "description": "The number of the Google Project that Firebase is enabled on.\n" } }, "required": [ @@ -215237,7 +215737,7 @@ }, "projectNumber": { "type": "string", - "description": "The number of the google project that firebase is enabled on.\n" + "description": "The number of the Google Project that Firebase is enabled on.\n" } }, "type": "object" @@ -229990,7 +230490,7 @@ } }, "gcp:identityplatform/config:Config": { - "description": "Identity Platform configuration for a Cloud project. Identity Platform is an\nend-to-end authentication system for third-party users to access apps\nand services.\n\nThis entity is created only once during intialization and cannot be deleted,\nindividual Identity Providers may be disabled instead. This resource may only\nbe created in billing-enabled projects.\n\n\nTo get more information about Config, see:\n\n* [API documentation](https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity-platform/docs)\n\n\n\n## Example Usage\n\n### Identity Platform Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst identitytoolkit = new gcp.projects.Service(\"identitytoolkit\", {\n project: _default.projectId,\n service: \"identitytoolkit.googleapis.com\",\n});\nconst defaultConfig = new gcp.identityplatform.Config(\"default\", {\n project: _default.projectId,\n autodeleteAnonymousUsers: true,\n signIn: {\n allowDuplicateEmails: true,\n anonymous: {\n enabled: true,\n },\n email: {\n enabled: true,\n passwordRequired: false,\n },\n phoneNumber: {\n enabled: true,\n testPhoneNumbers: {\n \"+11231231234\": \"000000\",\n },\n },\n },\n smsRegionConfig: {\n allowlistOnly: {\n allowedRegions: [\n \"US\",\n \"CA\",\n ],\n },\n },\n blockingFunctions: {\n triggers: [{\n eventType: \"beforeSignIn\",\n functionUri: \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n forwardInboundCredentials: {\n refreshToken: true,\n accessToken: true,\n idToken: true,\n },\n },\n quota: {\n signUpQuotaConfig: {\n quota: 1000,\n startTime: \"\",\n quotaDuration: \"7200s\",\n },\n },\n authorizedDomains: [\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\nidentitytoolkit = gcp.projects.Service(\"identitytoolkit\",\n project=default.project_id,\n service=\"identitytoolkit.googleapis.com\")\ndefault_config = gcp.identityplatform.Config(\"default\",\n project=default.project_id,\n autodelete_anonymous_users=True,\n sign_in={\n \"allow_duplicate_emails\": True,\n \"anonymous\": {\n \"enabled\": True,\n },\n \"email\": {\n \"enabled\": True,\n \"password_required\": False,\n },\n \"phone_number\": {\n \"enabled\": True,\n \"test_phone_numbers\": {\n \"+11231231234\": \"000000\",\n },\n },\n },\n sms_region_config={\n \"allowlist_only\": {\n \"allowed_regions\": [\n \"US\",\n \"CA\",\n ],\n },\n },\n blocking_functions={\n \"triggers\": [{\n \"event_type\": \"beforeSignIn\",\n \"function_uri\": \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n \"forward_inbound_credentials\": {\n \"refresh_token\": True,\n \"access_token\": True,\n \"id_token\": True,\n },\n },\n quota={\n \"sign_up_quota_config\": {\n \"quota\": 1000,\n \"start_time\": \"\",\n \"quota_duration\": \"7200s\",\n },\n },\n authorized_domains=[\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var identitytoolkit = new Gcp.Projects.Service(\"identitytoolkit\", new()\n {\n Project = @default.ProjectId,\n ServiceName = \"identitytoolkit.googleapis.com\",\n });\n\n var defaultConfig = new Gcp.IdentityPlatform.Config(\"default\", new()\n {\n Project = @default.ProjectId,\n AutodeleteAnonymousUsers = true,\n SignIn = new Gcp.IdentityPlatform.Inputs.ConfigSignInArgs\n {\n AllowDuplicateEmails = true,\n Anonymous = new Gcp.IdentityPlatform.Inputs.ConfigSignInAnonymousArgs\n {\n Enabled = true,\n },\n Email = new Gcp.IdentityPlatform.Inputs.ConfigSignInEmailArgs\n {\n Enabled = true,\n PasswordRequired = false,\n },\n PhoneNumber = new Gcp.IdentityPlatform.Inputs.ConfigSignInPhoneNumberArgs\n {\n Enabled = true,\n TestPhoneNumbers = \n {\n { \"+11231231234\", \"000000\" },\n },\n },\n },\n SmsRegionConfig = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigArgs\n {\n AllowlistOnly = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigAllowlistOnlyArgs\n {\n AllowedRegions = new[]\n {\n \"US\",\n \"CA\",\n },\n },\n },\n BlockingFunctions = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsArgs\n {\n Triggers = new[]\n {\n new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsTriggerArgs\n {\n EventType = \"beforeSignIn\",\n FunctionUri = \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n },\n },\n ForwardInboundCredentials = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs\n {\n RefreshToken = true,\n AccessToken = true,\n IdToken = true,\n },\n },\n Quota = new Gcp.IdentityPlatform.Inputs.ConfigQuotaArgs\n {\n SignUpQuotaConfig = new Gcp.IdentityPlatform.Inputs.ConfigQuotaSignUpQuotaConfigArgs\n {\n Quota = 1000,\n StartTime = \"\",\n QuotaDuration = \"7200s\",\n },\n },\n AuthorizedDomains = new[]\n {\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewService(ctx, \"identitytoolkit\", \u0026projects.ServiceArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tService: pulumi.String(\"identitytoolkit.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewConfig(ctx, \"default\", \u0026identityplatform.ConfigArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tAutodeleteAnonymousUsers: pulumi.Bool(true),\n\t\t\tSignIn: \u0026identityplatform.ConfigSignInArgs{\n\t\t\t\tAllowDuplicateEmails: pulumi.Bool(true),\n\t\t\t\tAnonymous: \u0026identityplatform.ConfigSignInAnonymousArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tEmail: \u0026identityplatform.ConfigSignInEmailArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tPasswordRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tPhoneNumber: \u0026identityplatform.ConfigSignInPhoneNumberArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tTestPhoneNumbers: pulumi.StringMap{\n\t\t\t\t\t\t\"+11231231234\": pulumi.String(\"000000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSmsRegionConfig: \u0026identityplatform.ConfigSmsRegionConfigArgs{\n\t\t\t\tAllowlistOnly: \u0026identityplatform.ConfigSmsRegionConfigAllowlistOnlyArgs{\n\t\t\t\t\tAllowedRegions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlockingFunctions: \u0026identityplatform.ConfigBlockingFunctionsArgs{\n\t\t\t\tTriggers: identityplatform.ConfigBlockingFunctionsTriggerArray{\n\t\t\t\t\t\u0026identityplatform.ConfigBlockingFunctionsTriggerArgs{\n\t\t\t\t\t\tEventType: pulumi.String(\"beforeSignIn\"),\n\t\t\t\t\t\tFunctionUri: pulumi.String(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tForwardInboundCredentials: \u0026identityplatform.ConfigBlockingFunctionsForwardInboundCredentialsArgs{\n\t\t\t\t\tRefreshToken: pulumi.Bool(true),\n\t\t\t\t\tAccessToken: pulumi.Bool(true),\n\t\t\t\t\tIdToken: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tQuota: \u0026identityplatform.ConfigQuotaArgs{\n\t\t\t\tSignUpQuotaConfig: \u0026identityplatform.ConfigQuotaSignUpQuotaConfigArgs{\n\t\t\t\t\tQuota: pulumi.Int(1000),\n\t\t\t\t\tStartTime: pulumi.String(\"\"),\n\t\t\t\t\tQuotaDuration: pulumi.String(\"7200s\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizedDomains: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"localhost\"),\n\t\t\t\tpulumi.String(\"my-project.firebaseapp.com\"),\n\t\t\t\tpulumi.String(\"my-project.web.app\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.identityplatform.Config;\nimport com.pulumi.gcp.identityplatform.ConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInAnonymousArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInEmailArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInPhoneNumberArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigAllowlistOnlyArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaSignUpQuotaConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var identitytoolkit = new Service(\"identitytoolkit\", ServiceArgs.builder()\n .project(default_.projectId())\n .service(\"identitytoolkit.googleapis.com\")\n .build());\n\n var defaultConfig = new Config(\"defaultConfig\", ConfigArgs.builder()\n .project(default_.projectId())\n .autodeleteAnonymousUsers(true)\n .signIn(ConfigSignInArgs.builder()\n .allowDuplicateEmails(true)\n .anonymous(ConfigSignInAnonymousArgs.builder()\n .enabled(true)\n .build())\n .email(ConfigSignInEmailArgs.builder()\n .enabled(true)\n .passwordRequired(false)\n .build())\n .phoneNumber(ConfigSignInPhoneNumberArgs.builder()\n .enabled(true)\n .testPhoneNumbers(Map.of(\"+11231231234\", \"000000\"))\n .build())\n .build())\n .smsRegionConfig(ConfigSmsRegionConfigArgs.builder()\n .allowlistOnly(ConfigSmsRegionConfigAllowlistOnlyArgs.builder()\n .allowedRegions( \n \"US\",\n \"CA\")\n .build())\n .build())\n .blockingFunctions(ConfigBlockingFunctionsArgs.builder()\n .triggers(ConfigBlockingFunctionsTriggerArgs.builder()\n .eventType(\"beforeSignIn\")\n .functionUri(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\")\n .build())\n .forwardInboundCredentials(ConfigBlockingFunctionsForwardInboundCredentialsArgs.builder()\n .refreshToken(true)\n .accessToken(true)\n .idToken(true)\n .build())\n .build())\n .quota(ConfigQuotaArgs.builder()\n .signUpQuotaConfig(ConfigQuotaSignUpQuotaConfigArgs.builder()\n .quota(1000)\n .startTime(\"\")\n .quotaDuration(\"7200s\")\n .build())\n .build())\n .authorizedDomains( \n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n identitytoolkit:\n type: gcp:projects:Service\n properties:\n project: ${default.projectId}\n service: identitytoolkit.googleapis.com\n defaultConfig:\n type: gcp:identityplatform:Config\n name: default\n properties:\n project: ${default.projectId}\n autodeleteAnonymousUsers: true\n signIn:\n allowDuplicateEmails: true\n anonymous:\n enabled: true\n email:\n enabled: true\n passwordRequired: false\n phoneNumber:\n enabled: true\n testPhoneNumbers:\n '+11231231234': '000000'\n smsRegionConfig:\n allowlistOnly:\n allowedRegions:\n - US\n - CA\n blockingFunctions:\n triggers:\n - eventType: beforeSignIn\n functionUri: https://us-east1-my-project.cloudfunctions.net/before-sign-in\n forwardInboundCredentials:\n refreshToken: true\n accessToken: true\n idToken: true\n quota:\n signUpQuotaConfig:\n quota: 1000\n startTime: \"\"\n quotaDuration: 7200s\n authorizedDomains:\n - localhost\n - my-project.firebaseapp.com\n - my-project.web.app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/config`\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}/config\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default {{project}}\n```\n\n", + "description": "Identity Platform configuration for a Cloud project. Identity Platform is an\nend-to-end authentication system for third-party users to access apps\nand services.\n\nThis entity is created only once during intialization and cannot be deleted,\nindividual Identity Providers may be disabled instead. This resource may only\nbe created in billing-enabled projects.\n\n\nTo get more information about Config, see:\n\n* [API documentation](https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/identity-platform/docs)\n\n\n\n## Example Usage\n\n### Identity Platform Config Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.organizations.Project(\"default\", {\n projectId: \"my-project\",\n name: \"my-project\",\n orgId: \"123456789\",\n billingAccount: \"000000-0000000-0000000-000000\",\n deletionPolicy: \"DELETE\",\n labels: {\n firebase: \"enabled\",\n },\n});\nconst identitytoolkit = new gcp.projects.Service(\"identitytoolkit\", {\n project: _default.projectId,\n service: \"identitytoolkit.googleapis.com\",\n});\nconst defaultConfig = new gcp.identityplatform.Config(\"default\", {\n project: _default.projectId,\n autodeleteAnonymousUsers: true,\n signIn: {\n allowDuplicateEmails: true,\n anonymous: {\n enabled: true,\n },\n email: {\n enabled: true,\n passwordRequired: false,\n },\n phoneNumber: {\n enabled: true,\n testPhoneNumbers: {\n \"+11231231234\": \"000000\",\n },\n },\n },\n smsRegionConfig: {\n allowlistOnly: {\n allowedRegions: [\n \"US\",\n \"CA\",\n ],\n },\n },\n blockingFunctions: {\n triggers: [{\n eventType: \"beforeSignIn\",\n functionUri: \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n forwardInboundCredentials: {\n refreshToken: true,\n accessToken: true,\n idToken: true,\n },\n },\n quota: {\n signUpQuotaConfig: {\n quota: 1000,\n startTime: \"2014-10-02T15:01:23Z\",\n quotaDuration: \"7200s\",\n },\n },\n authorizedDomains: [\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.organizations.Project(\"default\",\n project_id=\"my-project\",\n name=\"my-project\",\n org_id=\"123456789\",\n billing_account=\"000000-0000000-0000000-000000\",\n deletion_policy=\"DELETE\",\n labels={\n \"firebase\": \"enabled\",\n })\nidentitytoolkit = gcp.projects.Service(\"identitytoolkit\",\n project=default.project_id,\n service=\"identitytoolkit.googleapis.com\")\ndefault_config = gcp.identityplatform.Config(\"default\",\n project=default.project_id,\n autodelete_anonymous_users=True,\n sign_in={\n \"allow_duplicate_emails\": True,\n \"anonymous\": {\n \"enabled\": True,\n },\n \"email\": {\n \"enabled\": True,\n \"password_required\": False,\n },\n \"phone_number\": {\n \"enabled\": True,\n \"test_phone_numbers\": {\n \"+11231231234\": \"000000\",\n },\n },\n },\n sms_region_config={\n \"allowlist_only\": {\n \"allowed_regions\": [\n \"US\",\n \"CA\",\n ],\n },\n },\n blocking_functions={\n \"triggers\": [{\n \"event_type\": \"beforeSignIn\",\n \"function_uri\": \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n }],\n \"forward_inbound_credentials\": {\n \"refresh_token\": True,\n \"access_token\": True,\n \"id_token\": True,\n },\n },\n quota={\n \"sign_up_quota_config\": {\n \"quota\": 1000,\n \"start_time\": \"2014-10-02T15:01:23Z\",\n \"quota_duration\": \"7200s\",\n },\n },\n authorized_domains=[\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Organizations.Project(\"default\", new()\n {\n ProjectId = \"my-project\",\n Name = \"my-project\",\n OrgId = \"123456789\",\n BillingAccount = \"000000-0000000-0000000-000000\",\n DeletionPolicy = \"DELETE\",\n Labels = \n {\n { \"firebase\", \"enabled\" },\n },\n });\n\n var identitytoolkit = new Gcp.Projects.Service(\"identitytoolkit\", new()\n {\n Project = @default.ProjectId,\n ServiceName = \"identitytoolkit.googleapis.com\",\n });\n\n var defaultConfig = new Gcp.IdentityPlatform.Config(\"default\", new()\n {\n Project = @default.ProjectId,\n AutodeleteAnonymousUsers = true,\n SignIn = new Gcp.IdentityPlatform.Inputs.ConfigSignInArgs\n {\n AllowDuplicateEmails = true,\n Anonymous = new Gcp.IdentityPlatform.Inputs.ConfigSignInAnonymousArgs\n {\n Enabled = true,\n },\n Email = new Gcp.IdentityPlatform.Inputs.ConfigSignInEmailArgs\n {\n Enabled = true,\n PasswordRequired = false,\n },\n PhoneNumber = new Gcp.IdentityPlatform.Inputs.ConfigSignInPhoneNumberArgs\n {\n Enabled = true,\n TestPhoneNumbers = \n {\n { \"+11231231234\", \"000000\" },\n },\n },\n },\n SmsRegionConfig = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigArgs\n {\n AllowlistOnly = new Gcp.IdentityPlatform.Inputs.ConfigSmsRegionConfigAllowlistOnlyArgs\n {\n AllowedRegions = new[]\n {\n \"US\",\n \"CA\",\n },\n },\n },\n BlockingFunctions = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsArgs\n {\n Triggers = new[]\n {\n new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsTriggerArgs\n {\n EventType = \"beforeSignIn\",\n FunctionUri = \"https://us-east1-my-project.cloudfunctions.net/before-sign-in\",\n },\n },\n ForwardInboundCredentials = new Gcp.IdentityPlatform.Inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs\n {\n RefreshToken = true,\n AccessToken = true,\n IdToken = true,\n },\n },\n Quota = new Gcp.IdentityPlatform.Inputs.ConfigQuotaArgs\n {\n SignUpQuotaConfig = new Gcp.IdentityPlatform.Inputs.ConfigQuotaSignUpQuotaConfigArgs\n {\n Quota = 1000,\n StartTime = \"2014-10-02T15:01:23Z\",\n QuotaDuration = \"7200s\",\n },\n },\n AuthorizedDomains = new[]\n {\n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/identityplatform\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewProject(ctx, \"default\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"my-project\"),\n\t\t\tName: pulumi.String(\"my-project\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tBillingAccount: pulumi.String(\"000000-0000000-0000000-000000\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"firebase\": pulumi.String(\"enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewService(ctx, \"identitytoolkit\", \u0026projects.ServiceArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tService: pulumi.String(\"identitytoolkit.googleapis.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = identityplatform.NewConfig(ctx, \"default\", \u0026identityplatform.ConfigArgs{\n\t\t\tProject: _default.ProjectId,\n\t\t\tAutodeleteAnonymousUsers: pulumi.Bool(true),\n\t\t\tSignIn: \u0026identityplatform.ConfigSignInArgs{\n\t\t\t\tAllowDuplicateEmails: pulumi.Bool(true),\n\t\t\t\tAnonymous: \u0026identityplatform.ConfigSignInAnonymousArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tEmail: \u0026identityplatform.ConfigSignInEmailArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tPasswordRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tPhoneNumber: \u0026identityplatform.ConfigSignInPhoneNumberArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tTestPhoneNumbers: pulumi.StringMap{\n\t\t\t\t\t\t\"+11231231234\": pulumi.String(\"000000\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSmsRegionConfig: \u0026identityplatform.ConfigSmsRegionConfigArgs{\n\t\t\t\tAllowlistOnly: \u0026identityplatform.ConfigSmsRegionConfigAllowlistOnlyArgs{\n\t\t\t\t\tAllowedRegions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlockingFunctions: \u0026identityplatform.ConfigBlockingFunctionsArgs{\n\t\t\t\tTriggers: identityplatform.ConfigBlockingFunctionsTriggerArray{\n\t\t\t\t\t\u0026identityplatform.ConfigBlockingFunctionsTriggerArgs{\n\t\t\t\t\t\tEventType: pulumi.String(\"beforeSignIn\"),\n\t\t\t\t\t\tFunctionUri: pulumi.String(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tForwardInboundCredentials: \u0026identityplatform.ConfigBlockingFunctionsForwardInboundCredentialsArgs{\n\t\t\t\t\tRefreshToken: pulumi.Bool(true),\n\t\t\t\t\tAccessToken: pulumi.Bool(true),\n\t\t\t\t\tIdToken: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tQuota: \u0026identityplatform.ConfigQuotaArgs{\n\t\t\t\tSignUpQuotaConfig: \u0026identityplatform.ConfigQuotaSignUpQuotaConfigArgs{\n\t\t\t\t\tQuota: pulumi.Int(1000),\n\t\t\t\t\tStartTime: pulumi.String(\"2014-10-02T15:01:23Z\"),\n\t\t\t\t\tQuotaDuration: pulumi.String(\"7200s\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizedDomains: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"localhost\"),\n\t\t\t\tpulumi.String(\"my-project.firebaseapp.com\"),\n\t\t\t\tpulumi.String(\"my-project.web.app\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.projects.Service;\nimport com.pulumi.gcp.projects.ServiceArgs;\nimport com.pulumi.gcp.identityplatform.Config;\nimport com.pulumi.gcp.identityplatform.ConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInAnonymousArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInEmailArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSignInPhoneNumberArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigSmsRegionConfigAllowlistOnlyArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigBlockingFunctionsForwardInboundCredentialsArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaArgs;\nimport com.pulumi.gcp.identityplatform.inputs.ConfigQuotaSignUpQuotaConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Project(\"default\", ProjectArgs.builder()\n .projectId(\"my-project\")\n .name(\"my-project\")\n .orgId(\"123456789\")\n .billingAccount(\"000000-0000000-0000000-000000\")\n .deletionPolicy(\"DELETE\")\n .labels(Map.of(\"firebase\", \"enabled\"))\n .build());\n\n var identitytoolkit = new Service(\"identitytoolkit\", ServiceArgs.builder()\n .project(default_.projectId())\n .service(\"identitytoolkit.googleapis.com\")\n .build());\n\n var defaultConfig = new Config(\"defaultConfig\", ConfigArgs.builder()\n .project(default_.projectId())\n .autodeleteAnonymousUsers(true)\n .signIn(ConfigSignInArgs.builder()\n .allowDuplicateEmails(true)\n .anonymous(ConfigSignInAnonymousArgs.builder()\n .enabled(true)\n .build())\n .email(ConfigSignInEmailArgs.builder()\n .enabled(true)\n .passwordRequired(false)\n .build())\n .phoneNumber(ConfigSignInPhoneNumberArgs.builder()\n .enabled(true)\n .testPhoneNumbers(Map.of(\"+11231231234\", \"000000\"))\n .build())\n .build())\n .smsRegionConfig(ConfigSmsRegionConfigArgs.builder()\n .allowlistOnly(ConfigSmsRegionConfigAllowlistOnlyArgs.builder()\n .allowedRegions( \n \"US\",\n \"CA\")\n .build())\n .build())\n .blockingFunctions(ConfigBlockingFunctionsArgs.builder()\n .triggers(ConfigBlockingFunctionsTriggerArgs.builder()\n .eventType(\"beforeSignIn\")\n .functionUri(\"https://us-east1-my-project.cloudfunctions.net/before-sign-in\")\n .build())\n .forwardInboundCredentials(ConfigBlockingFunctionsForwardInboundCredentialsArgs.builder()\n .refreshToken(true)\n .accessToken(true)\n .idToken(true)\n .build())\n .build())\n .quota(ConfigQuotaArgs.builder()\n .signUpQuotaConfig(ConfigQuotaSignUpQuotaConfigArgs.builder()\n .quota(1000)\n .startTime(\"2014-10-02T15:01:23Z\")\n .quotaDuration(\"7200s\")\n .build())\n .build())\n .authorizedDomains( \n \"localhost\",\n \"my-project.firebaseapp.com\",\n \"my-project.web.app\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:organizations:Project\n properties:\n projectId: my-project\n name: my-project\n orgId: '123456789'\n billingAccount: 000000-0000000-0000000-000000\n deletionPolicy: DELETE\n labels:\n firebase: enabled\n identitytoolkit:\n type: gcp:projects:Service\n properties:\n project: ${default.projectId}\n service: identitytoolkit.googleapis.com\n defaultConfig:\n type: gcp:identityplatform:Config\n name: default\n properties:\n project: ${default.projectId}\n autodeleteAnonymousUsers: true\n signIn:\n allowDuplicateEmails: true\n anonymous:\n enabled: true\n email:\n enabled: true\n passwordRequired: false\n phoneNumber:\n enabled: true\n testPhoneNumbers:\n '+11231231234': '000000'\n smsRegionConfig:\n allowlistOnly:\n allowedRegions:\n - US\n - CA\n blockingFunctions:\n triggers:\n - eventType: beforeSignIn\n functionUri: https://us-east1-my-project.cloudfunctions.net/before-sign-in\n forwardInboundCredentials:\n refreshToken: true\n accessToken: true\n idToken: true\n quota:\n signUpQuotaConfig:\n quota: 1000\n startTime: 2014-10-02T15:01:23Z\n quotaDuration: 7200s\n authorizedDomains:\n - localhost\n - my-project.firebaseapp.com\n - my-project.web.app\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nConfig can be imported using any of these accepted formats:\n\n* `projects/{{project}}/config`\n\n* `projects/{{project}}`\n\n* `{{project}}`\n\nWhen using the `pulumi import` command, Config can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}/config\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default projects/{{project}}\n```\n\n```sh\n$ pulumi import gcp:identityplatform/config:Config default {{project}}\n```\n\n", "properties": { "authorizedDomains": { "type": "array", @@ -236095,7 +236595,7 @@ }, "platformEdition": { "type": "string", - "description": "Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of\nthese values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard\ninstance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance -\nLOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\nDefault value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\",\n\"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]\n" + "description": "Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of\nthese values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard\ninstance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance -\nLOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\n- LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL:\nnonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default\nvalue: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\",\n\"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\", \"LOOKER_CORE_NONPROD_STANDARD_ANNUAL\",\n\"LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_NONPROD_EMBED_ANNUAL\"]\n" }, "privateIpEnabled": { "type": "boolean", @@ -236191,7 +236691,7 @@ }, "platformEdition": { "type": "string", - "description": "Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of\nthese values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard\ninstance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance -\nLOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\nDefault value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\",\n\"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]\n", + "description": "Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of\nthese values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard\ninstance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance -\nLOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\n- LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL:\nnonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default\nvalue: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\",\n\"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\", \"LOOKER_CORE_NONPROD_STANDARD_ANNUAL\",\n\"LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_NONPROD_EMBED_ANNUAL\"]\n", "willReplaceOnChanges": true }, "privateIpEnabled": { @@ -236301,7 +236801,7 @@ }, "platformEdition": { "type": "string", - "description": "Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of\nthese values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard\ninstance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance -\nLOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\nDefault value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\",\n\"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]\n", + "description": "Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of\nthese values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard\ninstance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance -\nLOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance\n- LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL:\nnonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default\nvalue: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\",\n\"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\", \"LOOKER_CORE_NONPROD_STANDARD_ANNUAL\",\n\"LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_NONPROD_EMBED_ANNUAL\"]\n", "willReplaceOnChanges": true }, "privateIpEnabled": { @@ -243131,8 +243631,7 @@ }, "linkedInterconnectAttachments": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedInterconnectAttachments:SpokeLinkedInterconnectAttachments", - "description": "A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.\nStructure is documented below.\n", - "willReplaceOnChanges": true + "description": "A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.\nStructure is documented below.\n" }, "linkedProducerVpcNetwork": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedProducerVpcNetwork:SpokeLinkedProducerVpcNetwork", @@ -243141,8 +243640,7 @@ }, "linkedRouterApplianceInstances": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedRouterApplianceInstances:SpokeLinkedRouterApplianceInstances", - "description": "The URIs of linked Router appliance resources\nStructure is documented below.\n", - "willReplaceOnChanges": true + "description": "The URIs of linked Router appliance resources\nStructure is documented below.\n" }, "linkedVpcNetwork": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedVpcNetwork:SpokeLinkedVpcNetwork", @@ -243151,8 +243649,7 @@ }, "linkedVpnTunnels": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedVpnTunnels:SpokeLinkedVpnTunnels", - "description": "The URIs of linked VPN tunnel resources\nStructure is documented below.\n", - "willReplaceOnChanges": true + "description": "The URIs of linked VPN tunnel resources\nStructure is documented below.\n" }, "location": { "type": "string", @@ -243207,8 +243704,7 @@ }, "linkedInterconnectAttachments": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedInterconnectAttachments:SpokeLinkedInterconnectAttachments", - "description": "A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.\nStructure is documented below.\n", - "willReplaceOnChanges": true + "description": "A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.\nStructure is documented below.\n" }, "linkedProducerVpcNetwork": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedProducerVpcNetwork:SpokeLinkedProducerVpcNetwork", @@ -243217,8 +243713,7 @@ }, "linkedRouterApplianceInstances": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedRouterApplianceInstances:SpokeLinkedRouterApplianceInstances", - "description": "The URIs of linked Router appliance resources\nStructure is documented below.\n", - "willReplaceOnChanges": true + "description": "The URIs of linked Router appliance resources\nStructure is documented below.\n" }, "linkedVpcNetwork": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedVpcNetwork:SpokeLinkedVpcNetwork", @@ -243227,8 +243722,7 @@ }, "linkedVpnTunnels": { "$ref": "#/types/gcp:networkconnectivity/SpokeLinkedVpnTunnels:SpokeLinkedVpnTunnels", - "description": "The URIs of linked VPN tunnel resources\nStructure is documented below.\n", - "willReplaceOnChanges": true + "description": "The URIs of linked VPN tunnel resources\nStructure is documented below.\n" }, "location": { "type": "string", @@ -244421,6 +244915,208 @@ "type": "object" } }, + "gcp:networksecurity/authzPolicy:AuthzPolicy": { + "description": "AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes.\n\n\nTo get more information about AuthzPolicy, see:\n\n* [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies)\n\n## Example Usage\n\n### Network Services Authz Policy Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.Network(\"default\", {\n name: \"lb-network\",\n project: \"my-project-name\",\n autoCreateSubnetworks: false,\n});\nconst defaultSubnetwork = new gcp.compute.Subnetwork(\"default\", {\n name: \"backend-subnet\",\n project: \"my-project-name\",\n region: \"us-west1\",\n ipCidrRange: \"10.1.2.0/24\",\n network: _default.id,\n});\nconst proxyOnly = new gcp.compute.Subnetwork(\"proxy_only\", {\n name: \"proxy-only-subnet\",\n project: \"my-project-name\",\n region: \"us-west1\",\n ipCidrRange: \"10.129.0.0/23\",\n purpose: \"REGIONAL_MANAGED_PROXY\",\n role: \"ACTIVE\",\n network: _default.id,\n});\nconst defaultAddress = new gcp.compute.Address(\"default\", {\n name: \"l7-ilb-ip-address\",\n project: \"my-project-name\",\n region: \"us-west1\",\n subnetwork: defaultSubnetwork.id,\n addressType: \"INTERNAL\",\n purpose: \"GCE_ENDPOINT\",\n});\nconst defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck(\"default\", {\n name: \"l7-ilb-basic-check\",\n project: \"my-project-name\",\n region: \"us-west1\",\n httpHealthCheck: {\n portSpecification: \"USE_SERVING_PORT\",\n },\n});\nconst urlMap = new gcp.compute.RegionBackendService(\"url_map\", {\n name: \"l7-ilb-backend-service\",\n project: \"my-project-name\",\n region: \"us-west1\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n healthChecks: defaultRegionHealthCheck.id,\n});\nconst defaultRegionUrlMap = new gcp.compute.RegionUrlMap(\"default\", {\n name: \"l7-ilb-map\",\n project: \"my-project-name\",\n region: \"us-west1\",\n defaultService: urlMap.id,\n});\nconst defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy(\"default\", {\n name: \"l7-ilb-proxy\",\n project: \"my-project-name\",\n region: \"us-west1\",\n urlMap: defaultRegionUrlMap.id,\n});\nconst defaultForwardingRule = new gcp.compute.ForwardingRule(\"default\", {\n name: \"l7-ilb-forwarding-rule\",\n project: \"my-project-name\",\n region: \"us-west1\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n network: _default.id,\n subnetwork: defaultSubnetwork.id,\n ipProtocol: \"TCP\",\n portRange: \"80\",\n target: defaultRegionTargetHttpProxy.id,\n ipAddress: defaultAddress.id,\n}, {\n dependsOn: [proxyOnly],\n});\nconst authzExtension = new gcp.compute.RegionBackendService(\"authz_extension\", {\n name: \"authz-service\",\n project: \"my-project-name\",\n region: \"us-west1\",\n protocol: \"HTTP2\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n portName: \"grpc\",\n});\nconst defaultAuthzExtension = new gcp.networkservices.AuthzExtension(\"default\", {\n name: \"my-authz-ext\",\n project: \"my-project-name\",\n location: \"us-west1\",\n description: \"my description\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n authority: \"ext11.com\",\n service: authzExtension.selfLink,\n timeout: \"0.1s\",\n failOpen: false,\n forwardHeaders: [\"Authorization\"],\n});\nconst defaultAuthzPolicy = new gcp.networksecurity.AuthzPolicy(\"default\", {\n name: \"my-authz-policy\",\n project: \"my-project-name\",\n location: \"us-west1\",\n description: \"my description\",\n target: {\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n resources: [defaultForwardingRule.selfLink],\n },\n action: \"CUSTOM\",\n customProvider: {\n authzExtension: {\n resources: [defaultAuthzExtension.id],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.Network(\"default\",\n name=\"lb-network\",\n project=\"my-project-name\",\n auto_create_subnetworks=False)\ndefault_subnetwork = gcp.compute.Subnetwork(\"default\",\n name=\"backend-subnet\",\n project=\"my-project-name\",\n region=\"us-west1\",\n ip_cidr_range=\"10.1.2.0/24\",\n network=default.id)\nproxy_only = gcp.compute.Subnetwork(\"proxy_only\",\n name=\"proxy-only-subnet\",\n project=\"my-project-name\",\n region=\"us-west1\",\n ip_cidr_range=\"10.129.0.0/23\",\n purpose=\"REGIONAL_MANAGED_PROXY\",\n role=\"ACTIVE\",\n network=default.id)\ndefault_address = gcp.compute.Address(\"default\",\n name=\"l7-ilb-ip-address\",\n project=\"my-project-name\",\n region=\"us-west1\",\n subnetwork=default_subnetwork.id,\n address_type=\"INTERNAL\",\n purpose=\"GCE_ENDPOINT\")\ndefault_region_health_check = gcp.compute.RegionHealthCheck(\"default\",\n name=\"l7-ilb-basic-check\",\n project=\"my-project-name\",\n region=\"us-west1\",\n http_health_check={\n \"port_specification\": \"USE_SERVING_PORT\",\n })\nurl_map = gcp.compute.RegionBackendService(\"url_map\",\n name=\"l7-ilb-backend-service\",\n project=\"my-project-name\",\n region=\"us-west1\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n health_checks=default_region_health_check.id)\ndefault_region_url_map = gcp.compute.RegionUrlMap(\"default\",\n name=\"l7-ilb-map\",\n project=\"my-project-name\",\n region=\"us-west1\",\n default_service=url_map.id)\ndefault_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy(\"default\",\n name=\"l7-ilb-proxy\",\n project=\"my-project-name\",\n region=\"us-west1\",\n url_map=default_region_url_map.id)\ndefault_forwarding_rule = gcp.compute.ForwardingRule(\"default\",\n name=\"l7-ilb-forwarding-rule\",\n project=\"my-project-name\",\n region=\"us-west1\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n network=default.id,\n subnetwork=default_subnetwork.id,\n ip_protocol=\"TCP\",\n port_range=\"80\",\n target=default_region_target_http_proxy.id,\n ip_address=default_address.id,\n opts = pulumi.ResourceOptions(depends_on=[proxy_only]))\nauthz_extension = gcp.compute.RegionBackendService(\"authz_extension\",\n name=\"authz-service\",\n project=\"my-project-name\",\n region=\"us-west1\",\n protocol=\"HTTP2\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n port_name=\"grpc\")\ndefault_authz_extension = gcp.networkservices.AuthzExtension(\"default\",\n name=\"my-authz-ext\",\n project=\"my-project-name\",\n location=\"us-west1\",\n description=\"my description\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n authority=\"ext11.com\",\n service=authz_extension.self_link,\n timeout=\"0.1s\",\n fail_open=False,\n forward_headers=[\"Authorization\"])\ndefault_authz_policy = gcp.networksecurity.AuthzPolicy(\"default\",\n name=\"my-authz-policy\",\n project=\"my-project-name\",\n location=\"us-west1\",\n description=\"my description\",\n target={\n \"load_balancing_scheme\": \"INTERNAL_MANAGED\",\n \"resources\": [default_forwarding_rule.self_link],\n },\n action=\"CUSTOM\",\n custom_provider={\n \"authz_extension\": {\n \"resources\": [default_authz_extension.id],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.Network(\"default\", new()\n {\n Name = \"lb-network\",\n Project = \"my-project-name\",\n AutoCreateSubnetworks = false,\n });\n\n var defaultSubnetwork = new Gcp.Compute.Subnetwork(\"default\", new()\n {\n Name = \"backend-subnet\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n IpCidrRange = \"10.1.2.0/24\",\n Network = @default.Id,\n });\n\n var proxyOnly = new Gcp.Compute.Subnetwork(\"proxy_only\", new()\n {\n Name = \"proxy-only-subnet\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n IpCidrRange = \"10.129.0.0/23\",\n Purpose = \"REGIONAL_MANAGED_PROXY\",\n Role = \"ACTIVE\",\n Network = @default.Id,\n });\n\n var defaultAddress = new Gcp.Compute.Address(\"default\", new()\n {\n Name = \"l7-ilb-ip-address\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n Subnetwork = defaultSubnetwork.Id,\n AddressType = \"INTERNAL\",\n Purpose = \"GCE_ENDPOINT\",\n });\n\n var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck(\"default\", new()\n {\n Name = \"l7-ilb-basic-check\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n PortSpecification = \"USE_SERVING_PORT\",\n },\n });\n\n var urlMap = new Gcp.Compute.RegionBackendService(\"url_map\", new()\n {\n Name = \"l7-ilb-backend-service\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n HealthChecks = defaultRegionHealthCheck.Id,\n });\n\n var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap(\"default\", new()\n {\n Name = \"l7-ilb-map\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n DefaultService = urlMap.Id,\n });\n\n var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy(\"default\", new()\n {\n Name = \"l7-ilb-proxy\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n UrlMap = defaultRegionUrlMap.Id,\n });\n\n var defaultForwardingRule = new Gcp.Compute.ForwardingRule(\"default\", new()\n {\n Name = \"l7-ilb-forwarding-rule\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Network = @default.Id,\n Subnetwork = defaultSubnetwork.Id,\n IpProtocol = \"TCP\",\n PortRange = \"80\",\n Target = defaultRegionTargetHttpProxy.Id,\n IpAddress = defaultAddress.Id,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n proxyOnly,\n },\n });\n\n var authzExtension = new Gcp.Compute.RegionBackendService(\"authz_extension\", new()\n {\n Name = \"authz-service\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n Protocol = \"HTTP2\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n PortName = \"grpc\",\n });\n\n var defaultAuthzExtension = new Gcp.NetworkServices.AuthzExtension(\"default\", new()\n {\n Name = \"my-authz-ext\",\n Project = \"my-project-name\",\n Location = \"us-west1\",\n Description = \"my description\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Authority = \"ext11.com\",\n Service = authzExtension.SelfLink,\n Timeout = \"0.1s\",\n FailOpen = false,\n ForwardHeaders = new[]\n {\n \"Authorization\",\n },\n });\n\n var defaultAuthzPolicy = new Gcp.NetworkSecurity.AuthzPolicy(\"default\", new()\n {\n Name = \"my-authz-policy\",\n Project = \"my-project-name\",\n Location = \"us-west1\",\n Description = \"my description\",\n Target = new Gcp.NetworkSecurity.Inputs.AuthzPolicyTargetArgs\n {\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Resources = new[]\n {\n defaultForwardingRule.SelfLink,\n },\n },\n Action = \"CUSTOM\",\n CustomProvider = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderArgs\n {\n AuthzExtension = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderAuthzExtensionArgs\n {\n Resources = new[]\n {\n defaultAuthzExtension.Id,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewNetwork(ctx, \"default\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"lb-network\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSubnetwork, err := compute.NewSubnetwork(ctx, \"default\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"backend-subnet\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tproxyOnly, err := compute.NewSubnetwork(ctx, \"proxy_only\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"proxy-only-subnet\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.129.0.0/23\"),\n\t\t\tPurpose: pulumi.String(\"REGIONAL_MANAGED_PROXY\"),\n\t\t\tRole: pulumi.String(\"ACTIVE\"),\n\t\t\tNetwork: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAddress, err := compute.NewAddress(ctx, \"default\", \u0026compute.AddressArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-ip-address\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tAddressType: pulumi.String(\"INTERNAL\"),\n\t\t\tPurpose: pulumi.String(\"GCE_ENDPOINT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, \"default\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-basic-check\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPortSpecification: pulumi.String(\"USE_SERVING_PORT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\turlMap, err := compute.NewRegionBackendService(ctx, \"url_map\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-backend-service\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tHealthChecks: defaultRegionHealthCheck.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, \"default\", \u0026compute.RegionUrlMapArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-map\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tDefaultService: urlMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, \"default\", \u0026compute.RegionTargetHttpProxyArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-proxy\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tUrlMap: defaultRegionUrlMap.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultForwardingRule, err := compute.NewForwardingRule(ctx, \"default\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"l7-ilb-forwarding-rule\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tNetwork: _default.ID(),\n\t\t\tSubnetwork: defaultSubnetwork.ID(),\n\t\t\tIpProtocol: pulumi.String(\"TCP\"),\n\t\t\tPortRange: pulumi.String(\"80\"),\n\t\t\tTarget: defaultRegionTargetHttpProxy.ID(),\n\t\t\tIpAddress: defaultAddress.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tproxyOnly,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthzExtension, err := compute.NewRegionBackendService(ctx, \"authz_extension\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"authz-service\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tProtocol: pulumi.String(\"HTTP2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tPortName: pulumi.String(\"grpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAuthzExtension, err := networkservices.NewAuthzExtension(ctx, \"default\", \u0026networkservices.AuthzExtensionArgs{\n\t\t\tName: pulumi.String(\"my-authz-ext\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tAuthority: pulumi.String(\"ext11.com\"),\n\t\t\tService: authzExtension.SelfLink,\n\t\t\tTimeout: pulumi.String(\"0.1s\"),\n\t\t\tFailOpen: pulumi.Bool(false),\n\t\t\tForwardHeaders: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewAuthzPolicy(ctx, \"default\", \u0026networksecurity.AuthzPolicyArgs{\n\t\t\tName: pulumi.String(\"my-authz-policy\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tTarget: \u0026networksecurity.AuthzPolicyTargetArgs{\n\t\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\tdefaultForwardingRule.SelfLink,\n\t\t\t\t},\n\t\t\t},\n\t\t\tAction: pulumi.String(\"CUSTOM\"),\n\t\t\tCustomProvider: \u0026networksecurity.AuthzPolicyCustomProviderArgs{\n\t\t\t\tAuthzExtension: \u0026networksecurity.AuthzPolicyCustomProviderAuthzExtensionArgs{\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tdefaultAuthzExtension.ID(),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.Address;\nimport com.pulumi.gcp.compute.AddressArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.RegionUrlMap;\nimport com.pulumi.gcp.compute.RegionUrlMapArgs;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxy;\nimport com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.networkservices.AuthzExtension;\nimport com.pulumi.gcp.networkservices.AuthzExtensionArgs;\nimport com.pulumi.gcp.networksecurity.AuthzPolicy;\nimport com.pulumi.gcp.networksecurity.AuthzPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.AuthzPolicyTargetArgs;\nimport com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderArgs;\nimport com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderAuthzExtensionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Network(\"default\", NetworkArgs.builder()\n .name(\"lb-network\")\n .project(\"my-project-name\")\n .autoCreateSubnetworks(false)\n .build());\n\n var defaultSubnetwork = new Subnetwork(\"defaultSubnetwork\", SubnetworkArgs.builder()\n .name(\"backend-subnet\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .ipCidrRange(\"10.1.2.0/24\")\n .network(default_.id())\n .build());\n\n var proxyOnly = new Subnetwork(\"proxyOnly\", SubnetworkArgs.builder()\n .name(\"proxy-only-subnet\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .ipCidrRange(\"10.129.0.0/23\")\n .purpose(\"REGIONAL_MANAGED_PROXY\")\n .role(\"ACTIVE\")\n .network(default_.id())\n .build());\n\n var defaultAddress = new Address(\"defaultAddress\", AddressArgs.builder()\n .name(\"l7-ilb-ip-address\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .subnetwork(defaultSubnetwork.id())\n .addressType(\"INTERNAL\")\n .purpose(\"GCE_ENDPOINT\")\n .build());\n\n var defaultRegionHealthCheck = new RegionHealthCheck(\"defaultRegionHealthCheck\", RegionHealthCheckArgs.builder()\n .name(\"l7-ilb-basic-check\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .portSpecification(\"USE_SERVING_PORT\")\n .build())\n .build());\n\n var urlMap = new RegionBackendService(\"urlMap\", RegionBackendServiceArgs.builder()\n .name(\"l7-ilb-backend-service\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .healthChecks(defaultRegionHealthCheck.id())\n .build());\n\n var defaultRegionUrlMap = new RegionUrlMap(\"defaultRegionUrlMap\", RegionUrlMapArgs.builder()\n .name(\"l7-ilb-map\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .defaultService(urlMap.id())\n .build());\n\n var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy(\"defaultRegionTargetHttpProxy\", RegionTargetHttpProxyArgs.builder()\n .name(\"l7-ilb-proxy\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .urlMap(defaultRegionUrlMap.id())\n .build());\n\n var defaultForwardingRule = new ForwardingRule(\"defaultForwardingRule\", ForwardingRuleArgs.builder()\n .name(\"l7-ilb-forwarding-rule\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .network(default_.id())\n .subnetwork(defaultSubnetwork.id())\n .ipProtocol(\"TCP\")\n .portRange(\"80\")\n .target(defaultRegionTargetHttpProxy.id())\n .ipAddress(defaultAddress.id())\n .build(), CustomResourceOptions.builder()\n .dependsOn(proxyOnly)\n .build());\n\n var authzExtension = new RegionBackendService(\"authzExtension\", RegionBackendServiceArgs.builder()\n .name(\"authz-service\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .protocol(\"HTTP2\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .portName(\"grpc\")\n .build());\n\n var defaultAuthzExtension = new AuthzExtension(\"defaultAuthzExtension\", AuthzExtensionArgs.builder()\n .name(\"my-authz-ext\")\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .description(\"my description\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .authority(\"ext11.com\")\n .service(authzExtension.selfLink())\n .timeout(\"0.1s\")\n .failOpen(false)\n .forwardHeaders(\"Authorization\")\n .build());\n\n var defaultAuthzPolicy = new AuthzPolicy(\"defaultAuthzPolicy\", AuthzPolicyArgs.builder()\n .name(\"my-authz-policy\")\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .description(\"my description\")\n .target(AuthzPolicyTargetArgs.builder()\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .resources(defaultForwardingRule.selfLink())\n .build())\n .action(\"CUSTOM\")\n .customProvider(AuthzPolicyCustomProviderArgs.builder()\n .authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs.builder()\n .resources(defaultAuthzExtension.id())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:Network\n properties:\n name: lb-network\n project: my-project-name\n autoCreateSubnetworks: false\n defaultSubnetwork:\n type: gcp:compute:Subnetwork\n name: default\n properties:\n name: backend-subnet\n project: my-project-name\n region: us-west1\n ipCidrRange: 10.1.2.0/24\n network: ${default.id}\n proxyOnly:\n type: gcp:compute:Subnetwork\n name: proxy_only\n properties:\n name: proxy-only-subnet\n project: my-project-name\n region: us-west1\n ipCidrRange: 10.129.0.0/23\n purpose: REGIONAL_MANAGED_PROXY\n role: ACTIVE\n network: ${default.id}\n defaultAddress:\n type: gcp:compute:Address\n name: default\n properties:\n name: l7-ilb-ip-address\n project: my-project-name\n region: us-west1\n subnetwork: ${defaultSubnetwork.id}\n addressType: INTERNAL\n purpose: GCE_ENDPOINT\n defaultRegionHealthCheck:\n type: gcp:compute:RegionHealthCheck\n name: default\n properties:\n name: l7-ilb-basic-check\n project: my-project-name\n region: us-west1\n httpHealthCheck:\n portSpecification: USE_SERVING_PORT\n urlMap:\n type: gcp:compute:RegionBackendService\n name: url_map\n properties:\n name: l7-ilb-backend-service\n project: my-project-name\n region: us-west1\n loadBalancingScheme: INTERNAL_MANAGED\n healthChecks: ${defaultRegionHealthCheck.id}\n defaultRegionUrlMap:\n type: gcp:compute:RegionUrlMap\n name: default\n properties:\n name: l7-ilb-map\n project: my-project-name\n region: us-west1\n defaultService: ${urlMap.id}\n defaultRegionTargetHttpProxy:\n type: gcp:compute:RegionTargetHttpProxy\n name: default\n properties:\n name: l7-ilb-proxy\n project: my-project-name\n region: us-west1\n urlMap: ${defaultRegionUrlMap.id}\n defaultForwardingRule:\n type: gcp:compute:ForwardingRule\n name: default\n properties:\n name: l7-ilb-forwarding-rule\n project: my-project-name\n region: us-west1\n loadBalancingScheme: INTERNAL_MANAGED\n network: ${default.id}\n subnetwork: ${defaultSubnetwork.id}\n ipProtocol: TCP\n portRange: '80'\n target: ${defaultRegionTargetHttpProxy.id}\n ipAddress: ${defaultAddress.id}\n options:\n dependsOn:\n - ${proxyOnly}\n authzExtension:\n type: gcp:compute:RegionBackendService\n name: authz_extension\n properties:\n name: authz-service\n project: my-project-name\n region: us-west1\n protocol: HTTP2\n loadBalancingScheme: INTERNAL_MANAGED\n portName: grpc\n defaultAuthzExtension:\n type: gcp:networkservices:AuthzExtension\n name: default\n properties:\n name: my-authz-ext\n project: my-project-name\n location: us-west1\n description: my description\n loadBalancingScheme: INTERNAL_MANAGED\n authority: ext11.com\n service: ${authzExtension.selfLink}\n timeout: 0.1s\n failOpen: false\n forwardHeaders:\n - Authorization\n defaultAuthzPolicy:\n type: gcp:networksecurity:AuthzPolicy\n name: default\n properties:\n name: my-authz-policy\n project: my-project-name\n location: us-west1\n description: my description\n target:\n loadBalancingScheme: INTERNAL_MANAGED\n resources:\n - ${defaultForwardingRule.selfLink}\n action: CUSTOM\n customProvider:\n authzExtension:\n resources:\n - ${defaultAuthzExtension.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthzPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}}\n```\n\n", + "properties": { + "action": { + "type": "string", + "description": "When the action is CUSTOM, customProvider must be specified.\nWhen the action is ALLOW, only requests matching the policy will be allowed.\nWhen the action is DENY, only requests matching the policy will be denied.\nWhen a request arrives, the policies are evaluated in the following order:\n1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.\n2. If there are any DENY policies that match the request, the request is denied.\n3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.\n4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.\nPossible values are: `ALLOW`, `DENY`, `CUSTOM`.\n" + }, + "createTime": { + "type": "string", + "description": "The timestamp when the resource was created.\n" + }, + "customProvider": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyCustomProvider:AuthzPolicyCustomProvider", + "description": "Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One\nof cloudIap or authzExtension must be specified.\n" + }, + "description": { + "type": "string", + "description": "A human-readable description of the resource.\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "httpRules": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRule:AuthzPolicyHttpRule" + }, + "description": "A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP\nrule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow\nor Deny Action. Limited to 5 rules.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only\nmanage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels\npresent on the resource.\n" + }, + "location": { + "type": "string", + "description": "The location of the resource.\n" + }, + "name": { + "type": "string", + "description": "Identifier. Name of the AuthzPolicy resource.\n" + }, + "project": { + "type": "string" + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "target": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyTarget:AuthzPolicyTarget", + "description": "Specifies the set of resources to which this policy should be applied to.\nStructure is documented below.\n" + }, + "updateTime": { + "type": "string", + "description": "The timestamp when the resource was updated.\n" + } + }, + "required": [ + "action", + "createTime", + "effectiveLabels", + "location", + "name", + "project", + "target", + "pulumiLabels", + "updateTime" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "When the action is CUSTOM, customProvider must be specified.\nWhen the action is ALLOW, only requests matching the policy will be allowed.\nWhen the action is DENY, only requests matching the policy will be denied.\nWhen a request arrives, the policies are evaluated in the following order:\n1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.\n2. If there are any DENY policies that match the request, the request is denied.\n3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.\n4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.\nPossible values are: `ALLOW`, `DENY`, `CUSTOM`.\n" + }, + "customProvider": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyCustomProvider:AuthzPolicyCustomProvider", + "description": "Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One\nof cloudIap or authzExtension must be specified.\n" + }, + "description": { + "type": "string", + "description": "A human-readable description of the resource.\n" + }, + "httpRules": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRule:AuthzPolicyHttpRule" + }, + "description": "A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP\nrule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow\nor Deny Action. Limited to 5 rules.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only\nmanage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels\npresent on the resource.\n" + }, + "location": { + "type": "string", + "description": "The location of the resource.\n" + }, + "name": { + "type": "string", + "description": "Identifier. Name of the AuthzPolicy resource.\n" + }, + "project": { + "type": "string", + "willReplaceOnChanges": true + }, + "target": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyTarget:AuthzPolicyTarget", + "description": "Specifies the set of resources to which this policy should be applied to.\nStructure is documented below.\n" + } + }, + "requiredInputs": [ + "action", + "location", + "target" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AuthzPolicy resources.\n", + "properties": { + "action": { + "type": "string", + "description": "When the action is CUSTOM, customProvider must be specified.\nWhen the action is ALLOW, only requests matching the policy will be allowed.\nWhen the action is DENY, only requests matching the policy will be denied.\nWhen a request arrives, the policies are evaluated in the following order:\n1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request.\n2. If there are any DENY policies that match the request, the request is denied.\n3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed.\n4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request.\nPossible values are: `ALLOW`, `DENY`, `CUSTOM`.\n" + }, + "createTime": { + "type": "string", + "description": "The timestamp when the resource was created.\n" + }, + "customProvider": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyCustomProvider:AuthzPolicyCustomProvider", + "description": "Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One\nof cloudIap or authzExtension must be specified.\n" + }, + "description": { + "type": "string", + "description": "A human-readable description of the resource.\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "httpRules": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyHttpRule:AuthzPolicyHttpRule" + }, + "description": "A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP\nrule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow\nor Deny Action. Limited to 5 rules.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only\nmanage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels\npresent on the resource.\n" + }, + "location": { + "type": "string", + "description": "The location of the resource.\n" + }, + "name": { + "type": "string", + "description": "Identifier. Name of the AuthzPolicy resource.\n" + }, + "project": { + "type": "string", + "willReplaceOnChanges": true + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "target": { + "$ref": "#/types/gcp:networksecurity/AuthzPolicyTarget:AuthzPolicyTarget", + "description": "Specifies the set of resources to which this policy should be applied to.\nStructure is documented below.\n" + }, + "updateTime": { + "type": "string", + "description": "The timestamp when the resource was updated.\n" + } + }, + "type": "object" + } + }, "gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy": { "description": "ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.\n\n\nTo get more information about ClientTlsPolicy, see:\n\n* [API documentation](https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.clientTlsPolicies)\n* How-to Guides\n * [Service Security](https://cloud.google.com/traffic-director/docs/security-use-cases)\n\n## Example Usage\n\n### Network Security Client Tls Policy Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ClientTlsPolicy(\"default\", {\n name: \"my-client-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n sni: \"secure.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ClientTlsPolicy(\"default\",\n name=\"my-client-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n sni=\"secure.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ClientTlsPolicy(\"default\", new()\n {\n Name = \"my-client-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n Sni = \"secure.example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewClientTlsPolicy(ctx, \"default\", \u0026networksecurity.ClientTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-client-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tSni: pulumi.String(\"secure.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ClientTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ClientTlsPolicy(\"default\", ClientTlsPolicyArgs.builder()\n .name(\"my-client-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .sni(\"secure.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ClientTlsPolicy\n properties:\n name: my-client-tls-policy\n labels:\n foo: bar\n description: my description\n sni: secure.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Security Client Tls Policy Advanced\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networksecurity.ClientTlsPolicy(\"default\", {\n name: \"my-client-tls-policy\",\n labels: {\n foo: \"bar\",\n },\n description: \"my description\",\n clientCertificate: {\n certificateProviderInstance: {\n pluginInstance: \"google_cloud_private_spiffe\",\n },\n },\n serverValidationCas: [{\n grpcEndpoint: {\n targetUri: \"unix:mypath\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networksecurity.ClientTlsPolicy(\"default\",\n name=\"my-client-tls-policy\",\n labels={\n \"foo\": \"bar\",\n },\n description=\"my description\",\n client_certificate={\n \"certificate_provider_instance\": {\n \"plugin_instance\": \"google_cloud_private_spiffe\",\n },\n },\n server_validation_cas=[{\n \"grpc_endpoint\": {\n \"target_uri\": \"unix:mypath\",\n },\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkSecurity.ClientTlsPolicy(\"default\", new()\n {\n Name = \"my-client-tls-policy\",\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Description = \"my description\",\n ClientCertificate = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyClientCertificateArgs\n {\n CertificateProviderInstance = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs\n {\n PluginInstance = \"google_cloud_private_spiffe\",\n },\n },\n ServerValidationCas = new[]\n {\n new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaArgs\n {\n GrpcEndpoint = new Gcp.NetworkSecurity.Inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs\n {\n TargetUri = \"unix:mypath\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networksecurity.NewClientTlsPolicy(ctx, \"default\", \u0026networksecurity.ClientTlsPolicyArgs{\n\t\t\tName: pulumi.String(\"my-client-tls-policy\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tClientCertificate: \u0026networksecurity.ClientTlsPolicyClientCertificateArgs{\n\t\t\t\tCertificateProviderInstance: \u0026networksecurity.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs{\n\t\t\t\t\tPluginInstance: pulumi.String(\"google_cloud_private_spiffe\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tServerValidationCas: networksecurity.ClientTlsPolicyServerValidationCaArray{\n\t\t\t\t\u0026networksecurity.ClientTlsPolicyServerValidationCaArgs{\n\t\t\t\t\tGrpcEndpoint: \u0026networksecurity.ClientTlsPolicyServerValidationCaGrpcEndpointArgs{\n\t\t\t\t\t\tTargetUri: pulumi.String(\"unix:mypath\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networksecurity.ClientTlsPolicy;\nimport com.pulumi.gcp.networksecurity.ClientTlsPolicyArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyClientCertificateArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyServerValidationCaArgs;\nimport com.pulumi.gcp.networksecurity.inputs.ClientTlsPolicyServerValidationCaGrpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new ClientTlsPolicy(\"default\", ClientTlsPolicyArgs.builder()\n .name(\"my-client-tls-policy\")\n .labels(Map.of(\"foo\", \"bar\"))\n .description(\"my description\")\n .clientCertificate(ClientTlsPolicyClientCertificateArgs.builder()\n .certificateProviderInstance(ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs.builder()\n .pluginInstance(\"google_cloud_private_spiffe\")\n .build())\n .build())\n .serverValidationCas(ClientTlsPolicyServerValidationCaArgs.builder()\n .grpcEndpoint(ClientTlsPolicyServerValidationCaGrpcEndpointArgs.builder()\n .targetUri(\"unix:mypath\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networksecurity:ClientTlsPolicy\n properties:\n name: my-client-tls-policy\n labels:\n foo: bar\n description: my description\n clientCertificate:\n certificateProviderInstance:\n pluginInstance: google_cloud_private_spiffe\n serverValidationCas:\n - grpcEndpoint:\n targetUri: unix:mypath\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClientTlsPolicy can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\nWhen using the `pulumi import` command, ClientTlsPolicy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy default {{location}}/{{name}}\n```\n\n", "properties": { @@ -245319,12 +246015,12 @@ "type": "object" } }, - "gcp:networksecurity/mirroringDeployment:MirroringDeployment": { - "description": "## Example Usage\n\n### Network Security Mirroring Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"example-network\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"example-subnet\",\n region: \"us-central1\",\n ipCidrRange: \"10.1.0.0/16\",\n network: network.name,\n});\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"example-hc\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst backendService = new gcp.compute.RegionBackendService(\"backend_service\", {\n name: \"example-bs\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n protocol: \"UDP\",\n loadBalancingScheme: \"INTERNAL\",\n});\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"example-fwr\",\n region: \"us-central1\",\n network: network.name,\n subnetwork: subnetwork.name,\n backendService: backendService.id,\n loadBalancingScheme: \"INTERNAL\",\n ports: [\"6081\"],\n ipProtocol: \"UDP\",\n isMirroringCollector: true,\n});\nconst deploymentGroup = new gcp.networksecurity.MirroringDeploymentGroup(\"deployment_group\", {\n mirroringDeploymentGroupId: \"example-dg\",\n location: \"global\",\n network: network.id,\n});\nconst _default = new gcp.networksecurity.MirroringDeployment(\"default\", {\n mirroringDeploymentId: \"example-deployment\",\n location: \"us-central1-a\",\n forwardingRule: forwardingRule.id,\n mirroringDeploymentGroup: deploymentGroup.id,\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"example-network\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"example-subnet\",\n region=\"us-central1\",\n ip_cidr_range=\"10.1.0.0/16\",\n network=network.name)\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"example-hc\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\nbackend_service = gcp.compute.RegionBackendService(\"backend_service\",\n name=\"example-bs\",\n region=\"us-central1\",\n health_checks=health_check.id,\n protocol=\"UDP\",\n load_balancing_scheme=\"INTERNAL\")\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"example-fwr\",\n region=\"us-central1\",\n network=network.name,\n subnetwork=subnetwork.name,\n backend_service=backend_service.id,\n load_balancing_scheme=\"INTERNAL\",\n ports=[\"6081\"],\n ip_protocol=\"UDP\",\n is_mirroring_collector=True)\ndeployment_group = gcp.networksecurity.MirroringDeploymentGroup(\"deployment_group\",\n mirroring_deployment_group_id=\"example-dg\",\n location=\"global\",\n network=network.id)\ndefault = gcp.networksecurity.MirroringDeployment(\"default\",\n mirroring_deployment_id=\"example-deployment\",\n location=\"us-central1-a\",\n forwarding_rule=forwarding_rule.id,\n mirroring_deployment_group=deployment_group.id,\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"example-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"example-subnet\",\n Region = \"us-central1\",\n IpCidrRange = \"10.1.0.0/16\",\n Network = network.Name,\n });\n\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"example-hc\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backendService = new Gcp.Compute.RegionBackendService(\"backend_service\", new()\n {\n Name = \"example-bs\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n Protocol = \"UDP\",\n LoadBalancingScheme = \"INTERNAL\",\n });\n\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"example-fwr\",\n Region = \"us-central1\",\n Network = network.Name,\n Subnetwork = subnetwork.Name,\n BackendService = backendService.Id,\n LoadBalancingScheme = \"INTERNAL\",\n Ports = new[]\n {\n \"6081\",\n },\n IpProtocol = \"UDP\",\n IsMirroringCollector = true,\n });\n\n var deploymentGroup = new Gcp.NetworkSecurity.MirroringDeploymentGroup(\"deployment_group\", new()\n {\n MirroringDeploymentGroupId = \"example-dg\",\n Location = \"global\",\n Network = network.Id,\n });\n\n var @default = new Gcp.NetworkSecurity.MirroringDeployment(\"default\", new()\n {\n MirroringDeploymentId = \"example-deployment\",\n Location = \"us-central1-a\",\n ForwardingRule = forwardingRule.Id,\n MirroringDeploymentGroup = deploymentGroup.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"example-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tNetwork: network.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"example-hc\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackendService, err := compute.NewRegionBackendService(ctx, \"backend_service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"example-bs\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"UDP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"example-fwr\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tSubnetwork: subnetwork.Name,\n\t\t\tBackendService: backendService.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tPorts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"6081\"),\n\t\t\t},\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tIsMirroringCollector: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeploymentGroup, err := networksecurity.NewMirroringDeploymentGroup(ctx, \"deployment_group\", \u0026networksecurity.MirroringDeploymentGroupArgs{\n\t\t\tMirroringDeploymentGroupId: pulumi.String(\"example-dg\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewMirroringDeployment(ctx, \"default\", \u0026networksecurity.MirroringDeploymentArgs{\n\t\t\tMirroringDeploymentId: pulumi.String(\"example-deployment\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tForwardingRule: forwardingRule.ID(),\n\t\t\tMirroringDeploymentGroup: deploymentGroup.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroup;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroupArgs;\nimport com.pulumi.gcp.networksecurity.MirroringDeployment;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"example-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"example-subnet\")\n .region(\"us-central1\")\n .ipCidrRange(\"10.1.0.0/16\")\n .network(network.name())\n .build());\n\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"example-hc\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var backendService = new RegionBackendService(\"backendService\", RegionBackendServiceArgs.builder()\n .name(\"example-bs\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .protocol(\"UDP\")\n .loadBalancingScheme(\"INTERNAL\")\n .build());\n\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"example-fwr\")\n .region(\"us-central1\")\n .network(network.name())\n .subnetwork(subnetwork.name())\n .backendService(backendService.id())\n .loadBalancingScheme(\"INTERNAL\")\n .ports(6081)\n .ipProtocol(\"UDP\")\n .isMirroringCollector(true)\n .build());\n\n var deploymentGroup = new MirroringDeploymentGroup(\"deploymentGroup\", MirroringDeploymentGroupArgs.builder()\n .mirroringDeploymentGroupId(\"example-dg\")\n .location(\"global\")\n .network(network.id())\n .build());\n\n var default_ = new MirroringDeployment(\"default\", MirroringDeploymentArgs.builder()\n .mirroringDeploymentId(\"example-deployment\")\n .location(\"us-central1-a\")\n .forwardingRule(forwardingRule.id())\n .mirroringDeploymentGroup(deploymentGroup.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: example-network\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: example-subnet\n region: us-central1\n ipCidrRange: 10.1.0.0/16\n network: ${network.name}\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: example-hc\n region: us-central1\n httpHealthCheck:\n port: 80\n backendService:\n type: gcp:compute:RegionBackendService\n name: backend_service\n properties:\n name: example-bs\n region: us-central1\n healthChecks: ${healthCheck.id}\n protocol: UDP\n loadBalancingScheme: INTERNAL\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: example-fwr\n region: us-central1\n network: ${network.name}\n subnetwork: ${subnetwork.name}\n backendService: ${backendService.id}\n loadBalancingScheme: INTERNAL\n ports:\n - 6081\n ipProtocol: UDP\n isMirroringCollector: true\n deploymentGroup:\n type: gcp:networksecurity:MirroringDeploymentGroup\n name: deployment_group\n properties:\n mirroringDeploymentGroupId: example-dg\n location: global\n network: ${network.id}\n default:\n type: gcp:networksecurity:MirroringDeployment\n properties:\n mirroringDeploymentId: example-deployment\n location: us-central1-a\n forwardingRule: ${forwardingRule.id}\n mirroringDeploymentGroup: ${deploymentGroup.id}\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMirroringDeployment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/mirroringDeployments/{{mirroring_deployment_id}}`\n\n* `{{project}}/{{location}}/{{mirroring_deployment_id}}`\n\n* `{{location}}/{{mirroring_deployment_id}}`\n\nWhen using the `pulumi import` command, MirroringDeployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeployment:MirroringDeployment default projects/{{project}}/locations/{{location}}/mirroringDeployments/{{mirroring_deployment_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeployment:MirroringDeployment default {{project}}/{{location}}/{{mirroring_deployment_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeployment:MirroringDeployment default {{location}}/{{mirroring_deployment_id}}\n```\n\n", + "gcp:networksecurity/interceptDeployment:InterceptDeployment": { + "description": "## Example Usage\n\n### Network Security Intercept Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"example-network\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"example-subnet\",\n region: \"us-central1\",\n ipCidrRange: \"10.1.0.0/16\",\n network: network.name,\n});\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"example-hc\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst backendService = new gcp.compute.RegionBackendService(\"backend_service\", {\n name: \"example-bs\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n protocol: \"UDP\",\n loadBalancingScheme: \"INTERNAL\",\n});\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"example-fwr\",\n region: \"us-central1\",\n network: network.name,\n subnetwork: subnetwork.name,\n backendService: backendService.id,\n loadBalancingScheme: \"INTERNAL\",\n ports: [\"6081\"],\n ipProtocol: \"UDP\",\n});\nconst deploymentGroup = new gcp.networksecurity.InterceptDeploymentGroup(\"deployment_group\", {\n interceptDeploymentGroupId: \"example-dg\",\n location: \"global\",\n network: network.id,\n});\nconst _default = new gcp.networksecurity.InterceptDeployment(\"default\", {\n interceptDeploymentId: \"example-deployment\",\n location: \"us-central1-a\",\n forwardingRule: forwardingRule.id,\n interceptDeploymentGroup: deploymentGroup.id,\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"example-network\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"example-subnet\",\n region=\"us-central1\",\n ip_cidr_range=\"10.1.0.0/16\",\n network=network.name)\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"example-hc\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\nbackend_service = gcp.compute.RegionBackendService(\"backend_service\",\n name=\"example-bs\",\n region=\"us-central1\",\n health_checks=health_check.id,\n protocol=\"UDP\",\n load_balancing_scheme=\"INTERNAL\")\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"example-fwr\",\n region=\"us-central1\",\n network=network.name,\n subnetwork=subnetwork.name,\n backend_service=backend_service.id,\n load_balancing_scheme=\"INTERNAL\",\n ports=[\"6081\"],\n ip_protocol=\"UDP\")\ndeployment_group = gcp.networksecurity.InterceptDeploymentGroup(\"deployment_group\",\n intercept_deployment_group_id=\"example-dg\",\n location=\"global\",\n network=network.id)\ndefault = gcp.networksecurity.InterceptDeployment(\"default\",\n intercept_deployment_id=\"example-deployment\",\n location=\"us-central1-a\",\n forwarding_rule=forwarding_rule.id,\n intercept_deployment_group=deployment_group.id,\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"example-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"example-subnet\",\n Region = \"us-central1\",\n IpCidrRange = \"10.1.0.0/16\",\n Network = network.Name,\n });\n\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"example-hc\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backendService = new Gcp.Compute.RegionBackendService(\"backend_service\", new()\n {\n Name = \"example-bs\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n Protocol = \"UDP\",\n LoadBalancingScheme = \"INTERNAL\",\n });\n\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"example-fwr\",\n Region = \"us-central1\",\n Network = network.Name,\n Subnetwork = subnetwork.Name,\n BackendService = backendService.Id,\n LoadBalancingScheme = \"INTERNAL\",\n Ports = new[]\n {\n \"6081\",\n },\n IpProtocol = \"UDP\",\n });\n\n var deploymentGroup = new Gcp.NetworkSecurity.InterceptDeploymentGroup(\"deployment_group\", new()\n {\n InterceptDeploymentGroupId = \"example-dg\",\n Location = \"global\",\n Network = network.Id,\n });\n\n var @default = new Gcp.NetworkSecurity.InterceptDeployment(\"default\", new()\n {\n InterceptDeploymentId = \"example-deployment\",\n Location = \"us-central1-a\",\n ForwardingRule = forwardingRule.Id,\n InterceptDeploymentGroup = deploymentGroup.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"example-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tNetwork: network.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"example-hc\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackendService, err := compute.NewRegionBackendService(ctx, \"backend_service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"example-bs\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"UDP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"example-fwr\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tSubnetwork: subnetwork.Name,\n\t\t\tBackendService: backendService.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tPorts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"6081\"),\n\t\t\t},\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeploymentGroup, err := networksecurity.NewInterceptDeploymentGroup(ctx, \"deployment_group\", \u0026networksecurity.InterceptDeploymentGroupArgs{\n\t\t\tInterceptDeploymentGroupId: pulumi.String(\"example-dg\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewInterceptDeployment(ctx, \"default\", \u0026networksecurity.InterceptDeploymentArgs{\n\t\t\tInterceptDeploymentId: pulumi.String(\"example-deployment\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tForwardingRule: forwardingRule.ID(),\n\t\t\tInterceptDeploymentGroup: deploymentGroup.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.networksecurity.InterceptDeploymentGroup;\nimport com.pulumi.gcp.networksecurity.InterceptDeploymentGroupArgs;\nimport com.pulumi.gcp.networksecurity.InterceptDeployment;\nimport com.pulumi.gcp.networksecurity.InterceptDeploymentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"example-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"example-subnet\")\n .region(\"us-central1\")\n .ipCidrRange(\"10.1.0.0/16\")\n .network(network.name())\n .build());\n\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"example-hc\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var backendService = new RegionBackendService(\"backendService\", RegionBackendServiceArgs.builder()\n .name(\"example-bs\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .protocol(\"UDP\")\n .loadBalancingScheme(\"INTERNAL\")\n .build());\n\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"example-fwr\")\n .region(\"us-central1\")\n .network(network.name())\n .subnetwork(subnetwork.name())\n .backendService(backendService.id())\n .loadBalancingScheme(\"INTERNAL\")\n .ports(6081)\n .ipProtocol(\"UDP\")\n .build());\n\n var deploymentGroup = new InterceptDeploymentGroup(\"deploymentGroup\", InterceptDeploymentGroupArgs.builder()\n .interceptDeploymentGroupId(\"example-dg\")\n .location(\"global\")\n .network(network.id())\n .build());\n\n var default_ = new InterceptDeployment(\"default\", InterceptDeploymentArgs.builder()\n .interceptDeploymentId(\"example-deployment\")\n .location(\"us-central1-a\")\n .forwardingRule(forwardingRule.id())\n .interceptDeploymentGroup(deploymentGroup.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: example-network\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: example-subnet\n region: us-central1\n ipCidrRange: 10.1.0.0/16\n network: ${network.name}\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: example-hc\n region: us-central1\n httpHealthCheck:\n port: 80\n backendService:\n type: gcp:compute:RegionBackendService\n name: backend_service\n properties:\n name: example-bs\n region: us-central1\n healthChecks: ${healthCheck.id}\n protocol: UDP\n loadBalancingScheme: INTERNAL\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: example-fwr\n region: us-central1\n network: ${network.name}\n subnetwork: ${subnetwork.name}\n backendService: ${backendService.id}\n loadBalancingScheme: INTERNAL\n ports:\n - 6081\n ipProtocol: UDP\n deploymentGroup:\n type: gcp:networksecurity:InterceptDeploymentGroup\n name: deployment_group\n properties:\n interceptDeploymentGroupId: example-dg\n location: global\n network: ${network.id}\n default:\n type: gcp:networksecurity:InterceptDeployment\n properties:\n interceptDeploymentId: example-deployment\n location: us-central1-a\n forwardingRule: ${forwardingRule.id}\n interceptDeploymentGroup: ${deploymentGroup.id}\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInterceptDeployment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}`\n\n* `{{project}}/{{location}}/{{intercept_deployment_id}}`\n\n* `{{location}}/{{intercept_deployment_id}}`\n\nWhen using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}}\n```\n\n", "properties": { "createTime": { "type": "string", - "description": "Output only. [Output only] Create time stamp\n" + "description": "Create time stamp\n" }, "effectiveLabels": { "type": "object", @@ -245336,7 +246032,15 @@ }, "forwardingRule": { "type": "string", - "description": "Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n" + "description": "Immutable. The regional load balancer which the intercepted traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n" + }, + "interceptDeploymentGroup": { + "type": "string", + "description": "Immutable. The Intercept Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}`\n" + }, + "interceptDeploymentId": { + "type": "string", + "description": "Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nintercept_deployment_id from the method_signature of Create RPC\n\n\n- - -\n" }, "labels": { "type": "object", @@ -245347,19 +246051,11 @@ }, "location": { "type": "string", - "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeployment`.\n" - }, - "mirroringDeploymentGroup": { - "type": "string", - "description": "Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup}`\n" - }, - "mirroringDeploymentId": { - "type": "string", - "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_id from the method_signature of Create RPC\n\n\n- - -\n" + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`.\n" }, "name": { "type": "string", - "description": "Immutable. Identifier. The name of the MirroringDeployment.\n" + "description": "Identifier. The name of the InterceptDeployment.\n" }, "project": { "type": "string", @@ -245375,24 +246071,24 @@ }, "reconciling": { "type": "boolean", - "description": "Output only. Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" + "description": "Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" }, "state": { "type": "string", - "description": "Output only. Current state of the deployment.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\nOUT_OF_SYNC\nDELETE_FAILED\n" + "description": "Current state of the deployment.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\nOUT_OF_SYNC\nDELETE_FAILED\n" }, "updateTime": { "type": "string", - "description": "Output only. [Output only] Update time stamp\n" + "description": "Update time stamp\n" } }, "required": [ "createTime", "effectiveLabels", "forwardingRule", + "interceptDeploymentGroup", + "interceptDeploymentId", "location", - "mirroringDeploymentGroup", - "mirroringDeploymentId", "name", "project", "reconciling", @@ -245403,7 +246099,17 @@ "inputProperties": { "forwardingRule": { "type": "string", - "description": "Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n", + "description": "Immutable. The regional load balancer which the intercepted traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n", + "willReplaceOnChanges": true + }, + "interceptDeploymentGroup": { + "type": "string", + "description": "Immutable. The Intercept Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}`\n", + "willReplaceOnChanges": true + }, + "interceptDeploymentId": { + "type": "string", + "description": "Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nintercept_deployment_id from the method_signature of Create RPC\n\n\n- - -\n", "willReplaceOnChanges": true }, "labels": { @@ -245415,17 +246121,7 @@ }, "location": { "type": "string", - "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeployment`.\n", - "willReplaceOnChanges": true - }, - "mirroringDeploymentGroup": { - "type": "string", - "description": "Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup}`\n", - "willReplaceOnChanges": true - }, - "mirroringDeploymentId": { - "type": "string", - "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_id from the method_signature of Create RPC\n\n\n- - -\n", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`.\n", "willReplaceOnChanges": true }, "project": { @@ -245436,16 +246132,16 @@ }, "requiredInputs": [ "forwardingRule", - "location", - "mirroringDeploymentGroup", - "mirroringDeploymentId" + "interceptDeploymentGroup", + "interceptDeploymentId", + "location" ], "stateInputs": { - "description": "Input properties used for looking up and filtering MirroringDeployment resources.\n", + "description": "Input properties used for looking up and filtering InterceptDeployment resources.\n", "properties": { "createTime": { "type": "string", - "description": "Output only. [Output only] Create time stamp\n" + "description": "Create time stamp\n" }, "effectiveLabels": { "type": "object", @@ -245457,7 +246153,17 @@ }, "forwardingRule": { "type": "string", - "description": "Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n", + "description": "Immutable. The regional load balancer which the intercepted traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n", + "willReplaceOnChanges": true + }, + "interceptDeploymentGroup": { + "type": "string", + "description": "Immutable. The Intercept Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}`\n", + "willReplaceOnChanges": true + }, + "interceptDeploymentId": { + "type": "string", + "description": "Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nintercept_deployment_id from the method_signature of Create RPC\n\n\n- - -\n", "willReplaceOnChanges": true }, "labels": { @@ -245469,22 +246175,12 @@ }, "location": { "type": "string", - "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeployment`.\n", - "willReplaceOnChanges": true - }, - "mirroringDeploymentGroup": { - "type": "string", - "description": "Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup}`\n", - "willReplaceOnChanges": true - }, - "mirroringDeploymentId": { - "type": "string", - "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_id from the method_signature of Create RPC\n\n\n- - -\n", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`.\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Immutable. Identifier. The name of the MirroringDeployment.\n" + "description": "Identifier. The name of the InterceptDeployment.\n" }, "project": { "type": "string", @@ -245501,29 +246197,29 @@ }, "reconciling": { "type": "boolean", - "description": "Output only. Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" + "description": "Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" }, "state": { "type": "string", - "description": "Output only. Current state of the deployment.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\nOUT_OF_SYNC\nDELETE_FAILED\n" + "description": "Current state of the deployment.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\nOUT_OF_SYNC\nDELETE_FAILED\n" }, "updateTime": { "type": "string", - "description": "Output only. [Output only] Update time stamp\n" + "description": "Update time stamp\n" } }, "type": "object" } }, - "gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup": { - "description": "## Example Usage\n\n### Network Security Mirroring Deployment Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"example-network\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networksecurity.MirroringDeploymentGroup(\"default\", {\n mirroringDeploymentGroupId: \"example-dg\",\n location: \"global\",\n network: network.id,\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"example-network\",\n auto_create_subnetworks=False)\ndefault = gcp.networksecurity.MirroringDeploymentGroup(\"default\",\n mirroring_deployment_group_id=\"example-dg\",\n location=\"global\",\n network=network.id,\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"example-network\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkSecurity.MirroringDeploymentGroup(\"default\", new()\n {\n MirroringDeploymentGroupId = \"example-dg\",\n Location = \"global\",\n Network = network.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewMirroringDeploymentGroup(ctx, \"default\", \u0026networksecurity.MirroringDeploymentGroupArgs{\n\t\t\tMirroringDeploymentGroupId: pulumi.String(\"example-dg\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroup;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"example-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new MirroringDeploymentGroup(\"default\", MirroringDeploymentGroupArgs.builder()\n .mirroringDeploymentGroupId(\"example-dg\")\n .location(\"global\")\n .network(network.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: example-network\n autoCreateSubnetworks: false\n default:\n type: gcp:networksecurity:MirroringDeploymentGroup\n properties:\n mirroringDeploymentGroupId: example-dg\n location: global\n network: ${network.id}\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMirroringDeploymentGroup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/mirroringDeploymentGroups/{{mirroring_deployment_group_id}}`\n\n* `{{project}}/{{location}}/{{mirroring_deployment_group_id}}`\n\n* `{{location}}/{{mirroring_deployment_group_id}}`\n\nWhen using the `pulumi import` command, MirroringDeploymentGroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup default projects/{{project}}/locations/{{location}}/mirroringDeploymentGroups/{{mirroring_deployment_group_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup default {{project}}/{{location}}/{{mirroring_deployment_group_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup default {{location}}/{{mirroring_deployment_group_id}}\n```\n\n", + "gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup": { + "description": "## Example Usage\n\n### Network Security Intercept Deployment Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"example-network\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networksecurity.InterceptDeploymentGroup(\"default\", {\n interceptDeploymentGroupId: \"example-dg\",\n location: \"global\",\n network: network.id,\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"example-network\",\n auto_create_subnetworks=False)\ndefault = gcp.networksecurity.InterceptDeploymentGroup(\"default\",\n intercept_deployment_group_id=\"example-dg\",\n location=\"global\",\n network=network.id,\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"example-network\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkSecurity.InterceptDeploymentGroup(\"default\", new()\n {\n InterceptDeploymentGroupId = \"example-dg\",\n Location = \"global\",\n Network = network.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewInterceptDeploymentGroup(ctx, \"default\", \u0026networksecurity.InterceptDeploymentGroupArgs{\n\t\t\tInterceptDeploymentGroupId: pulumi.String(\"example-dg\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networksecurity.InterceptDeploymentGroup;\nimport com.pulumi.gcp.networksecurity.InterceptDeploymentGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"example-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new InterceptDeploymentGroup(\"default\", InterceptDeploymentGroupArgs.builder()\n .interceptDeploymentGroupId(\"example-dg\")\n .location(\"global\")\n .network(network.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: example-network\n autoCreateSubnetworks: false\n default:\n type: gcp:networksecurity:InterceptDeploymentGroup\n properties:\n interceptDeploymentGroupId: example-dg\n location: global\n network: ${network.id}\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nInterceptDeploymentGroup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}`\n\n* `{{project}}/{{location}}/{{intercept_deployment_group_id}}`\n\n* `{{location}}/{{intercept_deployment_group_id}}`\n\nWhen using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}}\n```\n\n", "properties": { "connectedEndpointGroups": { "type": "array", "items": { - "$ref": "#/types/gcp:networksecurity/MirroringDeploymentGroupConnectedEndpointGroup:MirroringDeploymentGroupConnectedEndpointGroup" + "$ref": "#/types/gcp:networksecurity/InterceptDeploymentGroupConnectedEndpointGroup:InterceptDeploymentGroupConnectedEndpointGroup" }, - "description": "Output only. The list of Mirroring Endpoint Groups that are connected to this resource.\nStructure is documented below.\n" + "description": "Output only. The list of Intercept Endpoint Groups that are connected to this resource.\nStructure is documented below.\n" }, "createTime": { "type": "string", @@ -245537,6 +246233,10 @@ "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", "secret": true }, + "interceptDeploymentGroupId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nintercept_deployment_group_id from the method_signature of Create RPC\n\n\n- - -\n" + }, "labels": { "type": "object", "additionalProperties": { @@ -245546,15 +246246,402 @@ }, "location": { "type": "string", - "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeploymentGroup`.\n" - }, - "mirroringDeploymentGroupId": { - "type": "string", - "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_group_id from the method_signature of Create RPC\n\n\n- - -\n" + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`.\n" }, "name": { "type": "string", - "description": "(Output)\nOutput only. A connected mirroring endpoint group.\n" + "description": "(Output)\nOutput only. A connected intercept endpoint group.\n" + }, + "network": { + "type": "string", + "description": "Required. Immutable. The network that is being used for the deployment. Format is:\nprojects/{project}/global/networks/{network}.\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n" + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "reconciling": { + "type": "boolean", + "description": "Output only. Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" + }, + "state": { + "type": "string", + "description": "Output only. Current state of the deployment group.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. [Output only] Update time stamp\n" + } + }, + "required": [ + "connectedEndpointGroups", + "createTime", + "effectiveLabels", + "interceptDeploymentGroupId", + "location", + "name", + "network", + "project", + "reconciling", + "state", + "pulumiLabels", + "updateTime" + ], + "inputProperties": { + "interceptDeploymentGroupId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nintercept_deployment_group_id from the method_signature of Create RPC\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Labels as key value pairs\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "location": { + "type": "string", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`.\n", + "willReplaceOnChanges": true + }, + "network": { + "type": "string", + "description": "Required. Immutable. The network that is being used for the deployment. Format is:\nprojects/{project}/global/networks/{network}.\n", + "willReplaceOnChanges": true + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "interceptDeploymentGroupId", + "location", + "network" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InterceptDeploymentGroup resources.\n", + "properties": { + "connectedEndpointGroups": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/InterceptDeploymentGroupConnectedEndpointGroup:InterceptDeploymentGroupConnectedEndpointGroup" + }, + "description": "Output only. The list of Intercept Endpoint Groups that are connected to this resource.\nStructure is documented below.\n" + }, + "createTime": { + "type": "string", + "description": "Output only. [Output only] Create time stamp\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "interceptDeploymentGroupId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nintercept_deployment_group_id from the method_signature of Create RPC\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Labels as key value pairs\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "location": { + "type": "string", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`.\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "(Output)\nOutput only. A connected intercept endpoint group.\n" + }, + "network": { + "type": "string", + "description": "Required. Immutable. The network that is being used for the deployment. Format is:\nprojects/{project}/global/networks/{network}.\n", + "willReplaceOnChanges": true + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "reconciling": { + "type": "boolean", + "description": "Output only. Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" + }, + "state": { + "type": "string", + "description": "Output only. Current state of the deployment group.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. [Output only] Update time stamp\n" + } + }, + "type": "object" + } + }, + "gcp:networksecurity/mirroringDeployment:MirroringDeployment": { + "description": "## Example Usage\n\n### Network Security Mirroring Deployment Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"example-network\",\n autoCreateSubnetworks: false,\n});\nconst subnetwork = new gcp.compute.Subnetwork(\"subnetwork\", {\n name: \"example-subnet\",\n region: \"us-central1\",\n ipCidrRange: \"10.1.0.0/16\",\n network: network.name,\n});\nconst healthCheck = new gcp.compute.RegionHealthCheck(\"health_check\", {\n name: \"example-hc\",\n region: \"us-central1\",\n httpHealthCheck: {\n port: 80,\n },\n});\nconst backendService = new gcp.compute.RegionBackendService(\"backend_service\", {\n name: \"example-bs\",\n region: \"us-central1\",\n healthChecks: healthCheck.id,\n protocol: \"UDP\",\n loadBalancingScheme: \"INTERNAL\",\n});\nconst forwardingRule = new gcp.compute.ForwardingRule(\"forwarding_rule\", {\n name: \"example-fwr\",\n region: \"us-central1\",\n network: network.name,\n subnetwork: subnetwork.name,\n backendService: backendService.id,\n loadBalancingScheme: \"INTERNAL\",\n ports: [\"6081\"],\n ipProtocol: \"UDP\",\n isMirroringCollector: true,\n});\nconst deploymentGroup = new gcp.networksecurity.MirroringDeploymentGroup(\"deployment_group\", {\n mirroringDeploymentGroupId: \"example-dg\",\n location: \"global\",\n network: network.id,\n});\nconst _default = new gcp.networksecurity.MirroringDeployment(\"default\", {\n mirroringDeploymentId: \"example-deployment\",\n location: \"us-central1-a\",\n forwardingRule: forwardingRule.id,\n mirroringDeploymentGroup: deploymentGroup.id,\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"example-network\",\n auto_create_subnetworks=False)\nsubnetwork = gcp.compute.Subnetwork(\"subnetwork\",\n name=\"example-subnet\",\n region=\"us-central1\",\n ip_cidr_range=\"10.1.0.0/16\",\n network=network.name)\nhealth_check = gcp.compute.RegionHealthCheck(\"health_check\",\n name=\"example-hc\",\n region=\"us-central1\",\n http_health_check={\n \"port\": 80,\n })\nbackend_service = gcp.compute.RegionBackendService(\"backend_service\",\n name=\"example-bs\",\n region=\"us-central1\",\n health_checks=health_check.id,\n protocol=\"UDP\",\n load_balancing_scheme=\"INTERNAL\")\nforwarding_rule = gcp.compute.ForwardingRule(\"forwarding_rule\",\n name=\"example-fwr\",\n region=\"us-central1\",\n network=network.name,\n subnetwork=subnetwork.name,\n backend_service=backend_service.id,\n load_balancing_scheme=\"INTERNAL\",\n ports=[\"6081\"],\n ip_protocol=\"UDP\",\n is_mirroring_collector=True)\ndeployment_group = gcp.networksecurity.MirroringDeploymentGroup(\"deployment_group\",\n mirroring_deployment_group_id=\"example-dg\",\n location=\"global\",\n network=network.id)\ndefault = gcp.networksecurity.MirroringDeployment(\"default\",\n mirroring_deployment_id=\"example-deployment\",\n location=\"us-central1-a\",\n forwarding_rule=forwarding_rule.id,\n mirroring_deployment_group=deployment_group.id,\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"example-network\",\n AutoCreateSubnetworks = false,\n });\n\n var subnetwork = new Gcp.Compute.Subnetwork(\"subnetwork\", new()\n {\n Name = \"example-subnet\",\n Region = \"us-central1\",\n IpCidrRange = \"10.1.0.0/16\",\n Network = network.Name,\n });\n\n var healthCheck = new Gcp.Compute.RegionHealthCheck(\"health_check\", new()\n {\n Name = \"example-hc\",\n Region = \"us-central1\",\n HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs\n {\n Port = 80,\n },\n });\n\n var backendService = new Gcp.Compute.RegionBackendService(\"backend_service\", new()\n {\n Name = \"example-bs\",\n Region = \"us-central1\",\n HealthChecks = healthCheck.Id,\n Protocol = \"UDP\",\n LoadBalancingScheme = \"INTERNAL\",\n });\n\n var forwardingRule = new Gcp.Compute.ForwardingRule(\"forwarding_rule\", new()\n {\n Name = \"example-fwr\",\n Region = \"us-central1\",\n Network = network.Name,\n Subnetwork = subnetwork.Name,\n BackendService = backendService.Id,\n LoadBalancingScheme = \"INTERNAL\",\n Ports = new[]\n {\n \"6081\",\n },\n IpProtocol = \"UDP\",\n IsMirroringCollector = true,\n });\n\n var deploymentGroup = new Gcp.NetworkSecurity.MirroringDeploymentGroup(\"deployment_group\", new()\n {\n MirroringDeploymentGroupId = \"example-dg\",\n Location = \"global\",\n Network = network.Id,\n });\n\n var @default = new Gcp.NetworkSecurity.MirroringDeployment(\"default\", new()\n {\n MirroringDeploymentId = \"example-deployment\",\n Location = \"us-central1-a\",\n ForwardingRule = forwardingRule.Id,\n MirroringDeploymentGroup = deploymentGroup.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetwork, err := compute.NewSubnetwork(ctx, \"subnetwork\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"example-subnet\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tNetwork: network.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thealthCheck, err := compute.NewRegionHealthCheck(ctx, \"health_check\", \u0026compute.RegionHealthCheckArgs{\n\t\t\tName: pulumi.String(\"example-hc\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHttpHealthCheck: \u0026compute.RegionHealthCheckHttpHealthCheckArgs{\n\t\t\t\tPort: pulumi.Int(80),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbackendService, err := compute.NewRegionBackendService(ctx, \"backend_service\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"example-bs\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tHealthChecks: healthCheck.ID(),\n\t\t\tProtocol: pulumi.String(\"UDP\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tforwardingRule, err := compute.NewForwardingRule(ctx, \"forwarding_rule\", \u0026compute.ForwardingRuleArgs{\n\t\t\tName: pulumi.String(\"example-fwr\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.Name,\n\t\t\tSubnetwork: subnetwork.Name,\n\t\t\tBackendService: backendService.ID(),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL\"),\n\t\t\tPorts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"6081\"),\n\t\t\t},\n\t\t\tIpProtocol: pulumi.String(\"UDP\"),\n\t\t\tIsMirroringCollector: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdeploymentGroup, err := networksecurity.NewMirroringDeploymentGroup(ctx, \"deployment_group\", \u0026networksecurity.MirroringDeploymentGroupArgs{\n\t\t\tMirroringDeploymentGroupId: pulumi.String(\"example-dg\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewMirroringDeployment(ctx, \"default\", \u0026networksecurity.MirroringDeploymentArgs{\n\t\t\tMirroringDeploymentId: pulumi.String(\"example-deployment\"),\n\t\t\tLocation: pulumi.String(\"us-central1-a\"),\n\t\t\tForwardingRule: forwardingRule.ID(),\n\t\t\tMirroringDeploymentGroup: deploymentGroup.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.compute.RegionHealthCheck;\nimport com.pulumi.gcp.compute.RegionHealthCheckArgs;\nimport com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.compute.ForwardingRule;\nimport com.pulumi.gcp.compute.ForwardingRuleArgs;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroup;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroupArgs;\nimport com.pulumi.gcp.networksecurity.MirroringDeployment;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"example-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnetwork = new Subnetwork(\"subnetwork\", SubnetworkArgs.builder()\n .name(\"example-subnet\")\n .region(\"us-central1\")\n .ipCidrRange(\"10.1.0.0/16\")\n .network(network.name())\n .build());\n\n var healthCheck = new RegionHealthCheck(\"healthCheck\", RegionHealthCheckArgs.builder()\n .name(\"example-hc\")\n .region(\"us-central1\")\n .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()\n .port(80)\n .build())\n .build());\n\n var backendService = new RegionBackendService(\"backendService\", RegionBackendServiceArgs.builder()\n .name(\"example-bs\")\n .region(\"us-central1\")\n .healthChecks(healthCheck.id())\n .protocol(\"UDP\")\n .loadBalancingScheme(\"INTERNAL\")\n .build());\n\n var forwardingRule = new ForwardingRule(\"forwardingRule\", ForwardingRuleArgs.builder()\n .name(\"example-fwr\")\n .region(\"us-central1\")\n .network(network.name())\n .subnetwork(subnetwork.name())\n .backendService(backendService.id())\n .loadBalancingScheme(\"INTERNAL\")\n .ports(6081)\n .ipProtocol(\"UDP\")\n .isMirroringCollector(true)\n .build());\n\n var deploymentGroup = new MirroringDeploymentGroup(\"deploymentGroup\", MirroringDeploymentGroupArgs.builder()\n .mirroringDeploymentGroupId(\"example-dg\")\n .location(\"global\")\n .network(network.id())\n .build());\n\n var default_ = new MirroringDeployment(\"default\", MirroringDeploymentArgs.builder()\n .mirroringDeploymentId(\"example-deployment\")\n .location(\"us-central1-a\")\n .forwardingRule(forwardingRule.id())\n .mirroringDeploymentGroup(deploymentGroup.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: example-network\n autoCreateSubnetworks: false\n subnetwork:\n type: gcp:compute:Subnetwork\n properties:\n name: example-subnet\n region: us-central1\n ipCidrRange: 10.1.0.0/16\n network: ${network.name}\n healthCheck:\n type: gcp:compute:RegionHealthCheck\n name: health_check\n properties:\n name: example-hc\n region: us-central1\n httpHealthCheck:\n port: 80\n backendService:\n type: gcp:compute:RegionBackendService\n name: backend_service\n properties:\n name: example-bs\n region: us-central1\n healthChecks: ${healthCheck.id}\n protocol: UDP\n loadBalancingScheme: INTERNAL\n forwardingRule:\n type: gcp:compute:ForwardingRule\n name: forwarding_rule\n properties:\n name: example-fwr\n region: us-central1\n network: ${network.name}\n subnetwork: ${subnetwork.name}\n backendService: ${backendService.id}\n loadBalancingScheme: INTERNAL\n ports:\n - 6081\n ipProtocol: UDP\n isMirroringCollector: true\n deploymentGroup:\n type: gcp:networksecurity:MirroringDeploymentGroup\n name: deployment_group\n properties:\n mirroringDeploymentGroupId: example-dg\n location: global\n network: ${network.id}\n default:\n type: gcp:networksecurity:MirroringDeployment\n properties:\n mirroringDeploymentId: example-deployment\n location: us-central1-a\n forwardingRule: ${forwardingRule.id}\n mirroringDeploymentGroup: ${deploymentGroup.id}\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMirroringDeployment can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/mirroringDeployments/{{mirroring_deployment_id}}`\n\n* `{{project}}/{{location}}/{{mirroring_deployment_id}}`\n\n* `{{location}}/{{mirroring_deployment_id}}`\n\nWhen using the `pulumi import` command, MirroringDeployment can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeployment:MirroringDeployment default projects/{{project}}/locations/{{location}}/mirroringDeployments/{{mirroring_deployment_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeployment:MirroringDeployment default {{project}}/{{location}}/{{mirroring_deployment_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeployment:MirroringDeployment default {{location}}/{{mirroring_deployment_id}}\n```\n\n", + "properties": { + "createTime": { + "type": "string", + "description": "Output only. [Output only] Create time stamp\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "forwardingRule": { + "type": "string", + "description": "Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Labels as key value pairs\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "location": { + "type": "string", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeployment`.\n" + }, + "mirroringDeploymentGroup": { + "type": "string", + "description": "Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup}`\n" + }, + "mirroringDeploymentId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_id from the method_signature of Create RPC\n\n\n- - -\n" + }, + "name": { + "type": "string", + "description": "Immutable. Identifier. The name of the MirroringDeployment.\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n" + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "reconciling": { + "type": "boolean", + "description": "Output only. Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" + }, + "state": { + "type": "string", + "description": "Output only. Current state of the deployment.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\nOUT_OF_SYNC\nDELETE_FAILED\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. [Output only] Update time stamp\n" + } + }, + "required": [ + "createTime", + "effectiveLabels", + "forwardingRule", + "location", + "mirroringDeploymentGroup", + "mirroringDeploymentId", + "name", + "project", + "reconciling", + "state", + "pulumiLabels", + "updateTime" + ], + "inputProperties": { + "forwardingRule": { + "type": "string", + "description": "Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n", + "willReplaceOnChanges": true + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Labels as key value pairs\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "location": { + "type": "string", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeployment`.\n", + "willReplaceOnChanges": true + }, + "mirroringDeploymentGroup": { + "type": "string", + "description": "Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup}`\n", + "willReplaceOnChanges": true + }, + "mirroringDeploymentId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_id from the method_signature of Create RPC\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "forwardingRule", + "location", + "mirroringDeploymentGroup", + "mirroringDeploymentId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MirroringDeployment resources.\n", + "properties": { + "createTime": { + "type": "string", + "description": "Output only. [Output only] Create time stamp\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "forwardingRule": { + "type": "string", + "description": "Required. Immutable. The regional load balancer which the mirrored traffic should be forwarded\nto. Format is:\nprojects/{project}/regions/{region}/forwardingRules/{forwardingRule}\n", + "willReplaceOnChanges": true + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Labels as key value pairs\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "location": { + "type": "string", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeployment`.\n", + "willReplaceOnChanges": true + }, + "mirroringDeploymentGroup": { + "type": "string", + "description": "Required. Immutable. The Mirroring Deployment Group that this resource is part of. Format is:\n`projects/{project}/locations/global/mirroringDeploymentGroups/{mirroringDeploymentGroup}`\n", + "willReplaceOnChanges": true + }, + "mirroringDeploymentId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_id from the method_signature of Create RPC\n\n\n- - -\n", + "willReplaceOnChanges": true + }, + "name": { + "type": "string", + "description": "Immutable. Identifier. The name of the MirroringDeployment.\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "reconciling": { + "type": "boolean", + "description": "Output only. Whether reconciling is in progress, recommended per\nhttps://google.aip.dev/128.\n" + }, + "state": { + "type": "string", + "description": "Output only. Current state of the deployment.\nPossible values:\nSTATE_UNSPECIFIED\nACTIVE\nCREATING\nDELETING\nOUT_OF_SYNC\nDELETE_FAILED\n" + }, + "updateTime": { + "type": "string", + "description": "Output only. [Output only] Update time stamp\n" + } + }, + "type": "object" + } + }, + "gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup": { + "description": "## Example Usage\n\n### Network Security Mirroring Deployment Group Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst network = new gcp.compute.Network(\"network\", {\n name: \"example-network\",\n autoCreateSubnetworks: false,\n});\nconst _default = new gcp.networksecurity.MirroringDeploymentGroup(\"default\", {\n mirroringDeploymentGroupId: \"example-dg\",\n location: \"global\",\n network: network.id,\n labels: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nnetwork = gcp.compute.Network(\"network\",\n name=\"example-network\",\n auto_create_subnetworks=False)\ndefault = gcp.networksecurity.MirroringDeploymentGroup(\"default\",\n mirroring_deployment_group_id=\"example-dg\",\n location=\"global\",\n network=network.id,\n labels={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"example-network\",\n AutoCreateSubnetworks = false,\n });\n\n var @default = new Gcp.NetworkSecurity.MirroringDeploymentGroup(\"default\", new()\n {\n MirroringDeploymentGroupId = \"example-dg\",\n Location = \"global\",\n Network = network.Id,\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"example-network\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networksecurity.NewMirroringDeploymentGroup(ctx, \"default\", \u0026networksecurity.MirroringDeploymentGroupArgs{\n\t\t\tMirroringDeploymentGroupId: pulumi.String(\"example-dg\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t\tNetwork: network.ID(),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroup;\nimport com.pulumi.gcp.networksecurity.MirroringDeploymentGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"example-network\")\n .autoCreateSubnetworks(false)\n .build());\n\n var default_ = new MirroringDeploymentGroup(\"default\", MirroringDeploymentGroupArgs.builder()\n .mirroringDeploymentGroupId(\"example-dg\")\n .location(\"global\")\n .network(network.id())\n .labels(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n network:\n type: gcp:compute:Network\n properties:\n name: example-network\n autoCreateSubnetworks: false\n default:\n type: gcp:networksecurity:MirroringDeploymentGroup\n properties:\n mirroringDeploymentGroupId: example-dg\n location: global\n network: ${network.id}\n labels:\n foo: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nMirroringDeploymentGroup can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/mirroringDeploymentGroups/{{mirroring_deployment_group_id}}`\n\n* `{{project}}/{{location}}/{{mirroring_deployment_group_id}}`\n\n* `{{location}}/{{mirroring_deployment_group_id}}`\n\nWhen using the `pulumi import` command, MirroringDeploymentGroup can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup default projects/{{project}}/locations/{{location}}/mirroringDeploymentGroups/{{mirroring_deployment_group_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup default {{project}}/{{location}}/{{mirroring_deployment_group_id}}\n```\n\n```sh\n$ pulumi import gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup default {{location}}/{{mirroring_deployment_group_id}}\n```\n\n", + "properties": { + "connectedEndpointGroups": { + "type": "array", + "items": { + "$ref": "#/types/gcp:networksecurity/MirroringDeploymentGroupConnectedEndpointGroup:MirroringDeploymentGroupConnectedEndpointGroup" + }, + "description": "Output only. The list of Mirroring Endpoint Groups that are connected to this resource.\nStructure is documented below.\n" + }, + "createTime": { + "type": "string", + "description": "Output only. [Output only] Create time stamp\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Labels as key value pairs\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "location": { + "type": "string", + "description": "Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringDeploymentGroup`.\n" + }, + "mirroringDeploymentGroupId": { + "type": "string", + "description": "Required. Id of the requesting object\nIf auto-generating Id server-side, remove this field and\nmirroring_deployment_group_id from the method_signature of Create RPC\n\n\n- - -\n" + }, + "name": { + "type": "string", + "description": "(Output)\nOutput only. A connected mirroring endpoint group.\n" }, "network": { "type": "string", @@ -246914,6 +248001,273 @@ "type": "object" } }, + "gcp:networkservices/authzExtension:AuthzExtension": { + "description": "AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision.\n\n\nTo get more information about AuthzExtension, see:\n\n* [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions)\n\n## Example Usage\n\n### Network Services Authz Extension Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.compute.RegionBackendService(\"default\", {\n name: \"authz-service\",\n project: \"my-project-name\",\n region: \"us-west1\",\n protocol: \"HTTP2\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n portName: \"grpc\",\n});\nconst defaultAuthzExtension = new gcp.networkservices.AuthzExtension(\"default\", {\n name: \"my-authz-ext\",\n project: \"my-project-name\",\n location: \"us-west1\",\n description: \"my description\",\n loadBalancingScheme: \"INTERNAL_MANAGED\",\n authority: \"ext11.com\",\n service: _default.selfLink,\n timeout: \"0.1s\",\n failOpen: false,\n forwardHeaders: [\"Authorization\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.RegionBackendService(\"default\",\n name=\"authz-service\",\n project=\"my-project-name\",\n region=\"us-west1\",\n protocol=\"HTTP2\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n port_name=\"grpc\")\ndefault_authz_extension = gcp.networkservices.AuthzExtension(\"default\",\n name=\"my-authz-ext\",\n project=\"my-project-name\",\n location=\"us-west1\",\n description=\"my description\",\n load_balancing_scheme=\"INTERNAL_MANAGED\",\n authority=\"ext11.com\",\n service=default.self_link,\n timeout=\"0.1s\",\n fail_open=False,\n forward_headers=[\"Authorization\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.Compute.RegionBackendService(\"default\", new()\n {\n Name = \"authz-service\",\n Project = \"my-project-name\",\n Region = \"us-west1\",\n Protocol = \"HTTP2\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n PortName = \"grpc\",\n });\n\n var defaultAuthzExtension = new Gcp.NetworkServices.AuthzExtension(\"default\", new()\n {\n Name = \"my-authz-ext\",\n Project = \"my-project-name\",\n Location = \"us-west1\",\n Description = \"my description\",\n LoadBalancingScheme = \"INTERNAL_MANAGED\",\n Authority = \"ext11.com\",\n Service = @default.SelfLink,\n Timeout = \"0.1s\",\n FailOpen = false,\n ForwardHeaders = new[]\n {\n \"Authorization\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewRegionBackendService(ctx, \"default\", \u0026compute.RegionBackendServiceArgs{\n\t\t\tName: pulumi.String(\"authz-service\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tRegion: pulumi.String(\"us-west1\"),\n\t\t\tProtocol: pulumi.String(\"HTTP2\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tPortName: pulumi.String(\"grpc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewAuthzExtension(ctx, \"default\", \u0026networkservices.AuthzExtensionArgs{\n\t\t\tName: pulumi.String(\"my-authz-ext\"),\n\t\t\tProject: pulumi.String(\"my-project-name\"),\n\t\t\tLocation: pulumi.String(\"us-west1\"),\n\t\t\tDescription: pulumi.String(\"my description\"),\n\t\t\tLoadBalancingScheme: pulumi.String(\"INTERNAL_MANAGED\"),\n\t\t\tAuthority: pulumi.String(\"ext11.com\"),\n\t\t\tService: _default.SelfLink,\n\t\t\tTimeout: pulumi.String(\"0.1s\"),\n\t\t\tFailOpen: pulumi.Bool(false),\n\t\t\tForwardHeaders: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.RegionBackendService;\nimport com.pulumi.gcp.compute.RegionBackendServiceArgs;\nimport com.pulumi.gcp.networkservices.AuthzExtension;\nimport com.pulumi.gcp.networkservices.AuthzExtensionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new RegionBackendService(\"default\", RegionBackendServiceArgs.builder()\n .name(\"authz-service\")\n .project(\"my-project-name\")\n .region(\"us-west1\")\n .protocol(\"HTTP2\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .portName(\"grpc\")\n .build());\n\n var defaultAuthzExtension = new AuthzExtension(\"defaultAuthzExtension\", AuthzExtensionArgs.builder()\n .name(\"my-authz-ext\")\n .project(\"my-project-name\")\n .location(\"us-west1\")\n .description(\"my description\")\n .loadBalancingScheme(\"INTERNAL_MANAGED\")\n .authority(\"ext11.com\")\n .service(default_.selfLink())\n .timeout(\"0.1s\")\n .failOpen(false)\n .forwardHeaders(\"Authorization\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:compute:RegionBackendService\n properties:\n name: authz-service\n project: my-project-name\n region: us-west1\n protocol: HTTP2\n loadBalancingScheme: INTERNAL_MANAGED\n portName: grpc\n defaultAuthzExtension:\n type: gcp:networkservices:AuthzExtension\n name: default\n properties:\n name: my-authz-ext\n project: my-project-name\n location: us-west1\n description: my description\n loadBalancingScheme: INTERNAL_MANAGED\n authority: ext11.com\n service: ${default.selfLink}\n timeout: 0.1s\n failOpen: false\n forwardHeaders:\n - Authorization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthzExtension can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}`\n\n* `{{project}}/{{location}}/{{name}}`\n\n* `{{location}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}}\n```\n\n", + "properties": { + "authority": { + "type": "string", + "description": "The :authority header in the gRPC request sent from Envoy to the extension service.\n" + }, + "createTime": { + "type": "string", + "description": "The timestamp when the resource was created.\n" + }, + "description": { + "type": "string", + "description": "A human-readable description of the resource.\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "failOpen": { + "type": "boolean", + "description": "Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:\n* If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.\n* If response headers have been delivered, then the HTTP stream to the downstream client is reset.\n" + }, + "forwardHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of labels associated with the AuthzExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "loadBalancingScheme": { + "type": "string", + "description": "All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).\nPossible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`.\n" + }, + "location": { + "type": "string", + "description": "The location of the resource.\n\n\n- - -\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.\u003cresourceName\u003e. The following variables are supported in the metadata Struct:\n{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.\n" + }, + "name": { + "type": "string", + "description": "Identifier. Name of the AuthzExtension resource.\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n" + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "service": { + "type": "string", + "description": "The reference to the service that runs the extension.\nTo configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format:\nhttps://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.\n" + }, + "timeout": { + "type": "string", + "description": "Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.\n" + }, + "updateTime": { + "type": "string", + "description": "The timestamp when the resource was updated.\n" + }, + "wireFormat": { + "type": "string", + "description": "The format of communication supported by the callout extension.\nDefault value is `EXT_PROC_GRPC`.\nPossible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`.\n" + } + }, + "required": [ + "authority", + "createTime", + "effectiveLabels", + "failOpen", + "loadBalancingScheme", + "location", + "name", + "project", + "service", + "pulumiLabels", + "timeout", + "updateTime" + ], + "inputProperties": { + "authority": { + "type": "string", + "description": "The :authority header in the gRPC request sent from Envoy to the extension service.\n" + }, + "description": { + "type": "string", + "description": "A human-readable description of the resource.\n" + }, + "failOpen": { + "type": "boolean", + "description": "Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:\n* If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.\n* If response headers have been delivered, then the HTTP stream to the downstream client is reset.\n" + }, + "forwardHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of labels associated with the AuthzExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "loadBalancingScheme": { + "type": "string", + "description": "All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).\nPossible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`.\n" + }, + "location": { + "type": "string", + "description": "The location of the resource.\n\n\n- - -\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.\u003cresourceName\u003e. The following variables are supported in the metadata Struct:\n{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.\n" + }, + "name": { + "type": "string", + "description": "Identifier. Name of the AuthzExtension resource.\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + }, + "service": { + "type": "string", + "description": "The reference to the service that runs the extension.\nTo configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format:\nhttps://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.\n" + }, + "timeout": { + "type": "string", + "description": "Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.\n" + }, + "wireFormat": { + "type": "string", + "description": "The format of communication supported by the callout extension.\nDefault value is `EXT_PROC_GRPC`.\nPossible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`.\n" + } + }, + "requiredInputs": [ + "authority", + "loadBalancingScheme", + "location", + "service", + "timeout" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AuthzExtension resources.\n", + "properties": { + "authority": { + "type": "string", + "description": "The :authority header in the gRPC request sent from Envoy to the extension service.\n" + }, + "createTime": { + "type": "string", + "description": "The timestamp when the resource was created.\n" + }, + "description": { + "type": "string", + "description": "A human-readable description of the resource.\n" + }, + "effectiveLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.\n", + "secret": true + }, + "failOpen": { + "type": "boolean", + "description": "Determines how the proxy behaves if the call to the extension fails or times out.\nWhen set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens:\n* If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer.\n* If response headers have been delivered, then the HTTP stream to the downstream client is reset.\n" + }, + "forwardHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of labels associated with the AuthzExtension resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.\n" + }, + "loadBalancingScheme": { + "type": "string", + "description": "All backend services and forwarding rules referenced by this extension must share the same load balancing scheme.\nFor more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).\nPossible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`.\n" + }, + "location": { + "type": "string", + "description": "The location of the resource.\n\n\n- - -\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.\u003cresourceName\u003e. The following variables are supported in the metadata Struct:\n{forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name.\n" + }, + "name": { + "type": "string", + "description": "Identifier. Name of the AuthzExtension resource.\n" + }, + "project": { + "type": "string", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", + "willReplaceOnChanges": true + }, + "pulumiLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The combination of labels configured directly on the resource\nand default labels configured on the provider.\n", + "secret": true + }, + "service": { + "type": "string", + "description": "The reference to the service that runs the extension.\nTo configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format:\nhttps://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}.\n" + }, + "timeout": { + "type": "string", + "description": "Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds.\n" + }, + "updateTime": { + "type": "string", + "description": "The timestamp when the resource was updated.\n" + }, + "wireFormat": { + "type": "string", + "description": "The format of communication supported by the callout extension.\nDefault value is `EXT_PROC_GRPC`.\nPossible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`.\n" + } + }, + "type": "object" + } + }, "gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset": { "description": "EdgeCacheKeyset represents a collection of public keys used for validating signed requests.\n\n\nTo get more information about EdgeCacheKeyset, see:\n\n* [API documentation](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheKeysets)\n* How-to Guides\n * [Create keysets](https://cloud.google.com/media-cdn/docs/create-keyset)\n\n\n\n## Example Usage\n\n### Network Services Edge Cache Keyset Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst _default = new gcp.networkservices.EdgeCacheKeyset(\"default\", {\n name: \"my-keyset\",\n description: \"The default keyset\",\n publicKeys: [\n {\n id: \"my-public-key\",\n value: \"FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY\",\n },\n {\n id: \"my-public-key-2\",\n value: \"hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.networkservices.EdgeCacheKeyset(\"default\",\n name=\"my-keyset\",\n description=\"The default keyset\",\n public_keys=[\n {\n \"id\": \"my-public-key\",\n \"value\": \"FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY\",\n },\n {\n \"id\": \"my-public-key-2\",\n \"value\": \"hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM\",\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Gcp.NetworkServices.EdgeCacheKeyset(\"default\", new()\n {\n Name = \"my-keyset\",\n Description = \"The default keyset\",\n PublicKeys = new[]\n {\n new Gcp.NetworkServices.Inputs.EdgeCacheKeysetPublicKeyArgs\n {\n Id = \"my-public-key\",\n Value = \"FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY\",\n },\n new Gcp.NetworkServices.Inputs.EdgeCacheKeysetPublicKeyArgs\n {\n Id = \"my-public-key-2\",\n Value = \"hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkservices.NewEdgeCacheKeyset(ctx, \"default\", \u0026networkservices.EdgeCacheKeysetArgs{\n\t\t\tName: pulumi.String(\"my-keyset\"),\n\t\t\tDescription: pulumi.String(\"The default keyset\"),\n\t\t\tPublicKeys: networkservices.EdgeCacheKeysetPublicKeyArray{\n\t\t\t\t\u0026networkservices.EdgeCacheKeysetPublicKeyArgs{\n\t\t\t\t\tId: pulumi.String(\"my-public-key\"),\n\t\t\t\t\tValue: pulumi.String(\"FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY\"),\n\t\t\t\t},\n\t\t\t\t\u0026networkservices.EdgeCacheKeysetPublicKeyArgs{\n\t\t\t\t\tId: pulumi.String(\"my-public-key-2\"),\n\t\t\t\t\tValue: pulumi.String(\"hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.networkservices.EdgeCacheKeyset;\nimport com.pulumi.gcp.networkservices.EdgeCacheKeysetArgs;\nimport com.pulumi.gcp.networkservices.inputs.EdgeCacheKeysetPublicKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new EdgeCacheKeyset(\"default\", EdgeCacheKeysetArgs.builder()\n .name(\"my-keyset\")\n .description(\"The default keyset\")\n .publicKeys( \n EdgeCacheKeysetPublicKeyArgs.builder()\n .id(\"my-public-key\")\n .value(\"FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY\")\n .build(),\n EdgeCacheKeysetPublicKeyArgs.builder()\n .id(\"my-public-key-2\")\n .value(\"hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: gcp:networkservices:EdgeCacheKeyset\n properties:\n name: my-keyset\n description: The default keyset\n publicKeys:\n - id: my-public-key\n value: FHsTyFHNmvNpw4o7-rp-M1yqMyBF8vXSBRkZtkQ0RKY\n - id: my-public-key-2\n value: hzd03llxB1u5FOLKFkZ6_wCJqC7jtN0bg7xlBqS6WVM\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Network Services Edge Cache Keyset Dual Token\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst secret_basic = new gcp.secretmanager.Secret(\"secret-basic\", {\n secretId: \"secret-name\",\n replication: {\n auto: {},\n },\n});\nconst secret_version_basic = new gcp.secretmanager.SecretVersion(\"secret-version-basic\", {\n secret: secret_basic.id,\n secretData: \"secret-data\",\n});\nconst _default = new gcp.networkservices.EdgeCacheKeyset(\"default\", {\n name: \"my-keyset\",\n description: \"The default keyset\",\n publicKeys: [{\n id: \"my-public-key\",\n managed: true,\n }],\n validationSharedKeys: [{\n secretVersion: secret_version_basic.id,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsecret_basic = gcp.secretmanager.Secret(\"secret-basic\",\n secret_id=\"secret-name\",\n replication={\n \"auto\": {},\n })\nsecret_version_basic = gcp.secretmanager.SecretVersion(\"secret-version-basic\",\n secret=secret_basic.id,\n secret_data=\"secret-data\")\ndefault = gcp.networkservices.EdgeCacheKeyset(\"default\",\n name=\"my-keyset\",\n description=\"The default keyset\",\n public_keys=[{\n \"id\": \"my-public-key\",\n \"managed\": True,\n }],\n validation_shared_keys=[{\n \"secret_version\": secret_version_basic.id,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_basic = new Gcp.SecretManager.Secret(\"secret-basic\", new()\n {\n SecretId = \"secret-name\",\n Replication = new Gcp.SecretManager.Inputs.SecretReplicationArgs\n {\n Auto = null,\n },\n });\n\n var secret_version_basic = new Gcp.SecretManager.SecretVersion(\"secret-version-basic\", new()\n {\n Secret = secret_basic.Id,\n SecretData = \"secret-data\",\n });\n\n var @default = new Gcp.NetworkServices.EdgeCacheKeyset(\"default\", new()\n {\n Name = \"my-keyset\",\n Description = \"The default keyset\",\n PublicKeys = new[]\n {\n new Gcp.NetworkServices.Inputs.EdgeCacheKeysetPublicKeyArgs\n {\n Id = \"my-public-key\",\n Managed = true,\n },\n },\n ValidationSharedKeys = new[]\n {\n new Gcp.NetworkServices.Inputs.EdgeCacheKeysetValidationSharedKeyArgs\n {\n SecretVersion = secret_version_basic.Id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecret(ctx, \"secret-basic\", \u0026secretmanager.SecretArgs{\n\t\t\tSecretId: pulumi.String(\"secret-name\"),\n\t\t\tReplication: \u0026secretmanager.SecretReplicationArgs{\n\t\t\t\tAuto: \u0026secretmanager.SecretReplicationAutoArgs{},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretVersion(ctx, \"secret-version-basic\", \u0026secretmanager.SecretVersionArgs{\n\t\t\tSecret: secret_basic.ID(),\n\t\t\tSecretData: pulumi.String(\"secret-data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = networkservices.NewEdgeCacheKeyset(ctx, \"default\", \u0026networkservices.EdgeCacheKeysetArgs{\n\t\t\tName: pulumi.String(\"my-keyset\"),\n\t\t\tDescription: pulumi.String(\"The default keyset\"),\n\t\t\tPublicKeys: networkservices.EdgeCacheKeysetPublicKeyArray{\n\t\t\t\t\u0026networkservices.EdgeCacheKeysetPublicKeyArgs{\n\t\t\t\t\tId: pulumi.String(\"my-public-key\"),\n\t\t\t\t\tManaged: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tValidationSharedKeys: networkservices.EdgeCacheKeysetValidationSharedKeyArray{\n\t\t\t\t\u0026networkservices.EdgeCacheKeysetValidationSharedKeyArgs{\n\t\t\t\t\tSecretVersion: secret_version_basic.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.Secret;\nimport com.pulumi.gcp.secretmanager.SecretArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationArgs;\nimport com.pulumi.gcp.secretmanager.inputs.SecretReplicationAutoArgs;\nimport com.pulumi.gcp.secretmanager.SecretVersion;\nimport com.pulumi.gcp.secretmanager.SecretVersionArgs;\nimport com.pulumi.gcp.networkservices.EdgeCacheKeyset;\nimport com.pulumi.gcp.networkservices.EdgeCacheKeysetArgs;\nimport com.pulumi.gcp.networkservices.inputs.EdgeCacheKeysetPublicKeyArgs;\nimport com.pulumi.gcp.networkservices.inputs.EdgeCacheKeysetValidationSharedKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var secret_basic = new Secret(\"secret-basic\", SecretArgs.builder()\n .secretId(\"secret-name\")\n .replication(SecretReplicationArgs.builder()\n .auto()\n .build())\n .build());\n\n var secret_version_basic = new SecretVersion(\"secret-version-basic\", SecretVersionArgs.builder()\n .secret(secret_basic.id())\n .secretData(\"secret-data\")\n .build());\n\n var default_ = new EdgeCacheKeyset(\"default\", EdgeCacheKeysetArgs.builder()\n .name(\"my-keyset\")\n .description(\"The default keyset\")\n .publicKeys(EdgeCacheKeysetPublicKeyArgs.builder()\n .id(\"my-public-key\")\n .managed(true)\n .build())\n .validationSharedKeys(EdgeCacheKeysetValidationSharedKeyArgs.builder()\n .secretVersion(secret_version_basic.id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n secret-basic:\n type: gcp:secretmanager:Secret\n properties:\n secretId: secret-name\n replication:\n auto: {}\n secret-version-basic:\n type: gcp:secretmanager:SecretVersion\n properties:\n secret: ${[\"secret-basic\"].id}\n secretData: secret-data\n default:\n type: gcp:networkservices:EdgeCacheKeyset\n properties:\n name: my-keyset\n description: The default keyset\n publicKeys:\n - id: my-public-key\n managed: true\n validationSharedKeys:\n - secretVersion: ${[\"secret-version-basic\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nEdgeCacheKeyset can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/global/edgeCacheKeysets/{{name}}`\n\n* `{{project}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, EdgeCacheKeyset can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset default projects/{{project}}/locations/global/edgeCacheKeysets/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset default {{project}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset default {{name}}\n```\n\n", "properties": { @@ -251355,7 +252709,7 @@ } }, "gcp:oracledatabase/autonomousDatabase:AutonomousDatabase": { - "description": "An AutonomousDatabase resource.\n\n\nTo get more information about AutonomousDatabase, see:\n\n* [API documentation](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases)\n* How-to Guides\n * [Create Autonomous databases](https://cloud.google.com/oracle/database/docs/create-databases)\n\n## Example Usage\n\n### Oracledatabase Autonomous Database Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n database: \"testdb\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n properties: {\n computeCount: 2,\n dataStorageSizeTb: 1,\n dbVersion: \"19c\",\n dbWorkload: \"OLTP\",\n licenseType: \"LICENSE_INCLUDED\",\n },\n deletionProtection: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n database=\"testdb\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n properties={\n \"compute_count\": 2,\n \"data_storage_size_tb\": 1,\n \"db_version\": \"19c\",\n \"db_workload\": \"OLTP\",\n \"license_type\": \"LICENSE_INCLUDED\",\n },\n deletion_protection=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Database = \"testdb\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeTb = 1,\n DbVersion = \"19c\",\n DbWorkload = \"OLTP\",\n LicenseType = \"LICENSE_INCLUDED\",\n },\n DeletionProtection = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDatabase: pulumi.String(\"testdb\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeTb: pulumi.Int(1),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .database(\"testdb\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeTb(\"1\")\n .dbVersion(\"19c\")\n .dbWorkload(\"OLTP\")\n .licenseType(\"LICENSE_INCLUDED\")\n .build())\n .deletionProtection(\"true\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n database: testdb\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n properties:\n computeCount: '2'\n dataStorageSizeTb: '1'\n dbVersion: 19c\n dbWorkload: OLTP\n licenseType: LICENSE_INCLUDED\n deletionProtection: 'true'\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Oracledatabase Autonomous Database Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n displayName: \"autonomousDatabase displayname\",\n database: \"testdatabase\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n labels: {\n \"label-one\": \"value-one\",\n },\n properties: {\n computeCount: 2,\n dataStorageSizeGb: 48,\n dbVersion: \"19c\",\n dbEdition: \"STANDARD_EDITION\",\n dbWorkload: \"OLTP\",\n isAutoScalingEnabled: true,\n licenseType: \"BRING_YOUR_OWN_LICENSE\",\n backupRetentionPeriodDays: 60,\n characterSet: \"AL32UTF8\",\n isStorageAutoScalingEnabled: false,\n maintenanceScheduleType: \"REGULAR\",\n mtlsConnectionRequired: false,\n nCharacterSet: \"AL16UTF16\",\n operationsInsightsState: \"NOT_ENABLED\",\n customerContacts: [{\n email: \"xyz@example.com\",\n }],\n privateEndpointIp: \"10.5.0.11\",\n privateEndpointLabel: \"testhost\",\n },\n deletionProtection: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n display_name=\"autonomousDatabase displayname\",\n database=\"testdatabase\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n labels={\n \"label-one\": \"value-one\",\n },\n properties={\n \"compute_count\": 2,\n \"data_storage_size_gb\": 48,\n \"db_version\": \"19c\",\n \"db_edition\": \"STANDARD_EDITION\",\n \"db_workload\": \"OLTP\",\n \"is_auto_scaling_enabled\": True,\n \"license_type\": \"BRING_YOUR_OWN_LICENSE\",\n \"backup_retention_period_days\": 60,\n \"character_set\": \"AL32UTF8\",\n \"is_storage_auto_scaling_enabled\": False,\n \"maintenance_schedule_type\": \"REGULAR\",\n \"mtls_connection_required\": False,\n \"n_character_set\": \"AL16UTF16\",\n \"operations_insights_state\": \"NOT_ENABLED\",\n \"customer_contacts\": [{\n \"email\": \"xyz@example.com\",\n }],\n \"private_endpoint_ip\": \"10.5.0.11\",\n \"private_endpoint_label\": \"testhost\",\n },\n deletion_protection=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n DisplayName = \"autonomousDatabase displayname\",\n Database = \"testdatabase\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeGb = 48,\n DbVersion = \"19c\",\n DbEdition = \"STANDARD_EDITION\",\n DbWorkload = \"OLTP\",\n IsAutoScalingEnabled = true,\n LicenseType = \"BRING_YOUR_OWN_LICENSE\",\n BackupRetentionPeriodDays = 60,\n CharacterSet = \"AL32UTF8\",\n IsStorageAutoScalingEnabled = false,\n MaintenanceScheduleType = \"REGULAR\",\n MtlsConnectionRequired = false,\n NCharacterSet = \"AL16UTF16\",\n OperationsInsightsState = \"NOT_ENABLED\",\n CustomerContacts = new[]\n {\n new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesCustomerContactArgs\n {\n Email = \"xyz@example.com\",\n },\n },\n PrivateEndpointIp = \"10.5.0.11\",\n PrivateEndpointLabel = \"testhost\",\n },\n DeletionProtection = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDisplayName: pulumi.String(\"autonomousDatabase displayname\"),\n\t\t\tDatabase: pulumi.String(\"testdatabase\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeGb: pulumi.Int(48),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbEdition: pulumi.String(\"STANDARD_EDITION\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tIsAutoScalingEnabled: pulumi.Bool(true),\n\t\t\t\tLicenseType: pulumi.String(\"BRING_YOUR_OWN_LICENSE\"),\n\t\t\t\tBackupRetentionPeriodDays: pulumi.Int(60),\n\t\t\t\tCharacterSet: pulumi.String(\"AL32UTF8\"),\n\t\t\t\tIsStorageAutoScalingEnabled: pulumi.Bool(false),\n\t\t\t\tMaintenanceScheduleType: pulumi.String(\"REGULAR\"),\n\t\t\t\tMtlsConnectionRequired: pulumi.Bool(false),\n\t\t\t\tNCharacterSet: pulumi.String(\"AL16UTF16\"),\n\t\t\t\tOperationsInsightsState: pulumi.String(\"NOT_ENABLED\"),\n\t\t\t\tCustomerContacts: oracledatabase.AutonomousDatabasePropertiesCustomerContactArray{\n\t\t\t\t\t\u0026oracledatabase.AutonomousDatabasePropertiesCustomerContactArgs{\n\t\t\t\t\t\tEmail: pulumi.String(\"xyz@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateEndpointIp: pulumi.String(\"10.5.0.11\"),\n\t\t\t\tPrivateEndpointLabel: pulumi.String(\"testhost\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .displayName(\"autonomousDatabase displayname\")\n .database(\"testdatabase\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeGb(\"48\")\n .dbVersion(\"19c\")\n .dbEdition(\"STANDARD_EDITION\")\n .dbWorkload(\"OLTP\")\n .isAutoScalingEnabled(\"true\")\n .licenseType(\"BRING_YOUR_OWN_LICENSE\")\n .backupRetentionPeriodDays(\"60\")\n .characterSet(\"AL32UTF8\")\n .isStorageAutoScalingEnabled(\"false\")\n .maintenanceScheduleType(\"REGULAR\")\n .mtlsConnectionRequired(\"false\")\n .nCharacterSet(\"AL16UTF16\")\n .operationsInsightsState(\"NOT_ENABLED\")\n .customerContacts(AutonomousDatabasePropertiesCustomerContactArgs.builder()\n .email(\"xyz@example.com\")\n .build())\n .privateEndpointIp(\"10.5.0.11\")\n .privateEndpointLabel(\"testhost\")\n .build())\n .deletionProtection(\"true\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n displayName: autonomousDatabase displayname\n database: testdatabase\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n labels:\n label-one: value-one\n properties:\n computeCount: '2'\n dataStorageSizeGb: '48'\n dbVersion: 19c\n dbEdition: STANDARD_EDITION\n dbWorkload: OLTP\n isAutoScalingEnabled: 'true'\n licenseType: BRING_YOUR_OWN_LICENSE\n backupRetentionPeriodDays: '60'\n characterSet: AL32UTF8\n isStorageAutoScalingEnabled: 'false'\n maintenanceScheduleType: REGULAR\n mtlsConnectionRequired: 'false'\n nCharacterSet: AL16UTF16\n operationsInsightsState: NOT_ENABLED\n customerContacts:\n - email: xyz@example.com\n privateEndpointIp: 10.5.0.11\n privateEndpointLabel: testhost\n deletionProtection: 'true'\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutonomousDatabase can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}`\n\n* `{{project}}/{{location}}/{{autonomous_database_id}}`\n\n* `{{location}}/{{autonomous_database_id}}`\n\nWhen using the `pulumi import` command, AutonomousDatabase can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{project}}/{{location}}/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{location}}/{{autonomous_database_id}}\n```\n\n", + "description": "An AutonomousDatabase resource.\n\n\nTo get more information about AutonomousDatabase, see:\n\n* [API documentation](https://cloud.google.com/oracle/database/docs/reference/rest/v1/projects.locations.autonomousDatabases)\n* How-to Guides\n * [Create Autonomous databases](https://cloud.google.com/oracle/database/docs/create-databases)\n\n## Example Usage\n\n### Oracledatabase Autonomous Database Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n database: \"mydatabase\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n properties: {\n computeCount: 2,\n dataStorageSizeTb: 1,\n dbVersion: \"19c\",\n dbWorkload: \"OLTP\",\n licenseType: \"LICENSE_INCLUDED\",\n },\n deletionProtection: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n database=\"mydatabase\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n properties={\n \"compute_count\": 2,\n \"data_storage_size_tb\": 1,\n \"db_version\": \"19c\",\n \"db_workload\": \"OLTP\",\n \"license_type\": \"LICENSE_INCLUDED\",\n },\n deletion_protection=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n Database = \"mydatabase\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeTb = 1,\n DbVersion = \"19c\",\n DbWorkload = \"OLTP\",\n LicenseType = \"LICENSE_INCLUDED\",\n },\n DeletionProtection = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDatabase: pulumi.String(\"mydatabase\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeTb: pulumi.Int(1),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tLicenseType: pulumi.String(\"LICENSE_INCLUDED\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .database(\"mydatabase\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeTb(\"1\")\n .dbVersion(\"19c\")\n .dbWorkload(\"OLTP\")\n .licenseType(\"LICENSE_INCLUDED\")\n .build())\n .deletionProtection(\"true\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n database: mydatabase\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n properties:\n computeCount: '2'\n dataStorageSizeTb: '1'\n dbVersion: 19c\n dbWorkload: OLTP\n licenseType: LICENSE_INCLUDED\n deletionProtection: 'true'\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Oracledatabase Autonomous Database Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getNetwork({\n name: \"new\",\n project: \"my-project\",\n});\nconst myADB = new gcp.oracledatabase.AutonomousDatabase(\"myADB\", {\n autonomousDatabaseId: \"my-instance\",\n location: \"us-east4\",\n project: \"my-project\",\n displayName: \"autonomousDatabase displayname\",\n database: \"mydatabase\",\n adminPassword: \"123Abpassword\",\n network: _default.then(_default =\u003e _default.id),\n cidr: \"10.5.0.0/24\",\n labels: {\n \"label-one\": \"value-one\",\n },\n properties: {\n computeCount: 2,\n dataStorageSizeGb: 48,\n dbVersion: \"19c\",\n dbEdition: \"STANDARD_EDITION\",\n dbWorkload: \"OLTP\",\n isAutoScalingEnabled: true,\n licenseType: \"BRING_YOUR_OWN_LICENSE\",\n backupRetentionPeriodDays: 60,\n characterSet: \"AL32UTF8\",\n isStorageAutoScalingEnabled: false,\n maintenanceScheduleType: \"REGULAR\",\n mtlsConnectionRequired: false,\n nCharacterSet: \"AL16UTF16\",\n operationsInsightsState: \"NOT_ENABLED\",\n customerContacts: [{\n email: \"xyz@example.com\",\n }],\n privateEndpointIp: \"10.5.0.11\",\n privateEndpointLabel: \"testhost\",\n },\n deletionProtection: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_network(name=\"new\",\n project=\"my-project\")\nmy_adb = gcp.oracledatabase.AutonomousDatabase(\"myADB\",\n autonomous_database_id=\"my-instance\",\n location=\"us-east4\",\n project=\"my-project\",\n display_name=\"autonomousDatabase displayname\",\n database=\"mydatabase\",\n admin_password=\"123Abpassword\",\n network=default.id,\n cidr=\"10.5.0.0/24\",\n labels={\n \"label-one\": \"value-one\",\n },\n properties={\n \"compute_count\": 2,\n \"data_storage_size_gb\": 48,\n \"db_version\": \"19c\",\n \"db_edition\": \"STANDARD_EDITION\",\n \"db_workload\": \"OLTP\",\n \"is_auto_scaling_enabled\": True,\n \"license_type\": \"BRING_YOUR_OWN_LICENSE\",\n \"backup_retention_period_days\": 60,\n \"character_set\": \"AL32UTF8\",\n \"is_storage_auto_scaling_enabled\": False,\n \"maintenance_schedule_type\": \"REGULAR\",\n \"mtls_connection_required\": False,\n \"n_character_set\": \"AL16UTF16\",\n \"operations_insights_state\": \"NOT_ENABLED\",\n \"customer_contacts\": [{\n \"email\": \"xyz@example.com\",\n }],\n \"private_endpoint_ip\": \"10.5.0.11\",\n \"private_endpoint_label\": \"testhost\",\n },\n deletion_protection=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetNetwork.Invoke(new()\n {\n Name = \"new\",\n Project = \"my-project\",\n });\n\n var myADB = new Gcp.OracleDatabase.AutonomousDatabase(\"myADB\", new()\n {\n AutonomousDatabaseId = \"my-instance\",\n Location = \"us-east4\",\n Project = \"my-project\",\n DisplayName = \"autonomousDatabase displayname\",\n Database = \"mydatabase\",\n AdminPassword = \"123Abpassword\",\n Network = @default.Apply(@default =\u003e @default.Apply(getNetworkResult =\u003e getNetworkResult.Id)),\n Cidr = \"10.5.0.0/24\",\n Labels = \n {\n { \"label-one\", \"value-one\" },\n },\n Properties = new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesArgs\n {\n ComputeCount = 2,\n DataStorageSizeGb = 48,\n DbVersion = \"19c\",\n DbEdition = \"STANDARD_EDITION\",\n DbWorkload = \"OLTP\",\n IsAutoScalingEnabled = true,\n LicenseType = \"BRING_YOUR_OWN_LICENSE\",\n BackupRetentionPeriodDays = 60,\n CharacterSet = \"AL32UTF8\",\n IsStorageAutoScalingEnabled = false,\n MaintenanceScheduleType = \"REGULAR\",\n MtlsConnectionRequired = false,\n NCharacterSet = \"AL16UTF16\",\n OperationsInsightsState = \"NOT_ENABLED\",\n CustomerContacts = new[]\n {\n new Gcp.OracleDatabase.Inputs.AutonomousDatabasePropertiesCustomerContactArgs\n {\n Email = \"xyz@example.com\",\n },\n },\n PrivateEndpointIp = \"10.5.0.11\",\n PrivateEndpointLabel = \"testhost\",\n },\n DeletionProtection = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/oracledatabase\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.LookupNetwork(ctx, \u0026compute.LookupNetworkArgs{\n\t\t\tName: \"new\",\n\t\t\tProject: pulumi.StringRef(\"my-project\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oracledatabase.NewAutonomousDatabase(ctx, \"myADB\", \u0026oracledatabase.AutonomousDatabaseArgs{\n\t\t\tAutonomousDatabaseId: pulumi.String(\"my-instance\"),\n\t\t\tLocation: pulumi.String(\"us-east4\"),\n\t\t\tProject: pulumi.String(\"my-project\"),\n\t\t\tDisplayName: pulumi.String(\"autonomousDatabase displayname\"),\n\t\t\tDatabase: pulumi.String(\"mydatabase\"),\n\t\t\tAdminPassword: pulumi.String(\"123Abpassword\"),\n\t\t\tNetwork: pulumi.String(_default.Id),\n\t\t\tCidr: pulumi.String(\"10.5.0.0/24\"),\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"label-one\": pulumi.String(\"value-one\"),\n\t\t\t},\n\t\t\tProperties: \u0026oracledatabase.AutonomousDatabasePropertiesArgs{\n\t\t\t\tComputeCount: pulumi.Float64(2),\n\t\t\t\tDataStorageSizeGb: pulumi.Int(48),\n\t\t\t\tDbVersion: pulumi.String(\"19c\"),\n\t\t\t\tDbEdition: pulumi.String(\"STANDARD_EDITION\"),\n\t\t\t\tDbWorkload: pulumi.String(\"OLTP\"),\n\t\t\t\tIsAutoScalingEnabled: pulumi.Bool(true),\n\t\t\t\tLicenseType: pulumi.String(\"BRING_YOUR_OWN_LICENSE\"),\n\t\t\t\tBackupRetentionPeriodDays: pulumi.Int(60),\n\t\t\t\tCharacterSet: pulumi.String(\"AL32UTF8\"),\n\t\t\t\tIsStorageAutoScalingEnabled: pulumi.Bool(false),\n\t\t\t\tMaintenanceScheduleType: pulumi.String(\"REGULAR\"),\n\t\t\t\tMtlsConnectionRequired: pulumi.Bool(false),\n\t\t\t\tNCharacterSet: pulumi.String(\"AL16UTF16\"),\n\t\t\t\tOperationsInsightsState: pulumi.String(\"NOT_ENABLED\"),\n\t\t\t\tCustomerContacts: oracledatabase.AutonomousDatabasePropertiesCustomerContactArray{\n\t\t\t\t\t\u0026oracledatabase.AutonomousDatabasePropertiesCustomerContactArgs{\n\t\t\t\t\t\tEmail: pulumi.String(\"xyz@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tPrivateEndpointIp: pulumi.String(\"10.5.0.11\"),\n\t\t\t\tPrivateEndpointLabel: pulumi.String(\"testhost\"),\n\t\t\t},\n\t\t\tDeletionProtection: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetNetworkArgs;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabase;\nimport com.pulumi.gcp.oracledatabase.AutonomousDatabaseArgs;\nimport com.pulumi.gcp.oracledatabase.inputs.AutonomousDatabasePropertiesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getNetwork(GetNetworkArgs.builder()\n .name(\"new\")\n .project(\"my-project\")\n .build());\n\n var myADB = new AutonomousDatabase(\"myADB\", AutonomousDatabaseArgs.builder()\n .autonomousDatabaseId(\"my-instance\")\n .location(\"us-east4\")\n .project(\"my-project\")\n .displayName(\"autonomousDatabase displayname\")\n .database(\"mydatabase\")\n .adminPassword(\"123Abpassword\")\n .network(default_.id())\n .cidr(\"10.5.0.0/24\")\n .labels(Map.of(\"label-one\", \"value-one\"))\n .properties(AutonomousDatabasePropertiesArgs.builder()\n .computeCount(\"2\")\n .dataStorageSizeGb(\"48\")\n .dbVersion(\"19c\")\n .dbEdition(\"STANDARD_EDITION\")\n .dbWorkload(\"OLTP\")\n .isAutoScalingEnabled(\"true\")\n .licenseType(\"BRING_YOUR_OWN_LICENSE\")\n .backupRetentionPeriodDays(\"60\")\n .characterSet(\"AL32UTF8\")\n .isStorageAutoScalingEnabled(\"false\")\n .maintenanceScheduleType(\"REGULAR\")\n .mtlsConnectionRequired(\"false\")\n .nCharacterSet(\"AL16UTF16\")\n .operationsInsightsState(\"NOT_ENABLED\")\n .customerContacts(AutonomousDatabasePropertiesCustomerContactArgs.builder()\n .email(\"xyz@example.com\")\n .build())\n .privateEndpointIp(\"10.5.0.11\")\n .privateEndpointLabel(\"testhost\")\n .build())\n .deletionProtection(\"true\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myADB:\n type: gcp:oracledatabase:AutonomousDatabase\n properties:\n autonomousDatabaseId: my-instance\n location: us-east4\n project: my-project\n displayName: autonomousDatabase displayname\n database: mydatabase\n adminPassword: 123Abpassword\n network: ${default.id}\n cidr: 10.5.0.0/24\n labels:\n label-one: value-one\n properties:\n computeCount: '2'\n dataStorageSizeGb: '48'\n dbVersion: 19c\n dbEdition: STANDARD_EDITION\n dbWorkload: OLTP\n isAutoScalingEnabled: 'true'\n licenseType: BRING_YOUR_OWN_LICENSE\n backupRetentionPeriodDays: '60'\n characterSet: AL32UTF8\n isStorageAutoScalingEnabled: 'false'\n maintenanceScheduleType: REGULAR\n mtlsConnectionRequired: 'false'\n nCharacterSet: AL16UTF16\n operationsInsightsState: NOT_ENABLED\n customerContacts:\n - email: xyz@example.com\n privateEndpointIp: 10.5.0.11\n privateEndpointLabel: testhost\n deletionProtection: 'true'\nvariables:\n default:\n fn::invoke:\n function: gcp:compute:getNetwork\n arguments:\n name: new\n project: my-project\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAutonomousDatabase can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}`\n\n* `{{project}}/{{location}}/{{autonomous_database_id}}`\n\n* `{{location}}/{{autonomous_database_id}}`\n\nWhen using the `pulumi import` command, AutonomousDatabase can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default projects/{{project}}/locations/{{location}}/autonomousDatabases/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{project}}/{{location}}/{{autonomous_database_id}}\n```\n\n```sh\n$ pulumi import gcp:oracledatabase/autonomousDatabase:AutonomousDatabase default {{location}}/{{autonomous_database_id}}\n```\n\n", "properties": { "adminPassword": { "type": "string", @@ -253189,7 +254543,7 @@ } }, "gcp:orgpolicy/policy:Policy": { - "description": "Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.\n\n\nTo get more information about Policy, see:\n\n* [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.policies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints)\n * [Supported Services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services)\n\n## Example Usage\n\n### Org Policy Policy Enforce\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Project(\"basic\", {\n projectId: \"id\",\n name: \"id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload`,\n parent: pulumi.interpolate`projects/${basic.name}`,\n spec: {\n rules: [{\n enforce: \"FALSE\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Project(\"basic\",\n project_id=\"id\",\n name=\"id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.name.apply(lambda name: f\"projects/{name}/policies/iam.disableServiceAccountKeyUpload\"),\n parent=basic.name.apply(lambda name: f\"projects/{name}\"),\n spec={\n \"rules\": [{\n \"enforce\": \"FALSE\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Project(\"basic\", new()\n {\n ProjectId = \"id\",\n Name = \"id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.Name.Apply(name =\u003e $\"projects/{name}/policies/iam.disableServiceAccountKeyUpload\"),\n Parent = basic.Name.Apply(name =\u003e $\"projects/{name}\"),\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Enforce = \"FALSE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewProject(ctx, \"basic\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"id\"),\n\t\t\tName: pulumi.String(\"id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/policies/iam.disableServiceAccountKeyUpload\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"FALSE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Project(\"basic\", ProjectArgs.builder()\n .projectId(\"id\")\n .name(\"id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.name().applyValue(name -\u003e String.format(\"projects/%s/policies/iam.disableServiceAccountKeyUpload\", name)))\n .parent(basic.name().applyValue(name -\u003e String.format(\"projects/%s\", name)))\n .spec(PolicySpecArgs.builder()\n .rules(PolicySpecRuleArgs.builder()\n .enforce(\"FALSE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload\n parent: projects/${basic.name}\n spec:\n rules:\n - enforce: FALSE\n basic:\n type: gcp:organizations:Project\n properties:\n projectId: id\n name: id\n orgId: '123456789'\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Folder\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Folder(\"basic\", {\n parent: \"organizations/123456789\",\n displayName: \"folder\",\n deletionProtection: false,\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`${basic.name}/policies/gcp.resourceLocations`,\n parent: basic.name,\n spec: {\n inheritFromParent: true,\n rules: [{\n denyAll: \"TRUE\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Folder(\"basic\",\n parent=\"organizations/123456789\",\n display_name=\"folder\",\n deletion_protection=False)\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.name.apply(lambda name: f\"{name}/policies/gcp.resourceLocations\"),\n parent=basic.name,\n spec={\n \"inherit_from_parent\": True,\n \"rules\": [{\n \"deny_all\": \"TRUE\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Folder(\"basic\", new()\n {\n Parent = \"organizations/123456789\",\n DisplayName = \"folder\",\n DeletionProtection = false,\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.Name.Apply(name =\u003e $\"{name}/policies/gcp.resourceLocations\"),\n Parent = basic.Name,\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n InheritFromParent = true,\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n DenyAll = \"TRUE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewFolder(ctx, \"basic\", \u0026organizations.FolderArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDisplayName: pulumi.String(\"folder\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/policies/gcp.resourceLocations\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.Name,\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tInheritFromParent: pulumi.Bool(true),\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tDenyAll: pulumi.String(\"TRUE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Folder(\"basic\", FolderArgs.builder()\n .parent(\"organizations/123456789\")\n .displayName(\"folder\")\n .deletionProtection(false)\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.name().applyValue(name -\u003e String.format(\"%s/policies/gcp.resourceLocations\", name)))\n .parent(basic.name())\n .spec(PolicySpecArgs.builder()\n .inheritFromParent(true)\n .rules(PolicySpecRuleArgs.builder()\n .denyAll(\"TRUE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: ${basic.name}/policies/gcp.resourceLocations\n parent: ${basic.name}\n spec:\n inheritFromParent: true\n rules:\n - denyAll: TRUE\n basic:\n type: gcp:organizations:Folder\n properties:\n parent: organizations/123456789\n displayName: folder\n deletionProtection: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Organization\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: \"organizations/123456789/policies/gcp.detailedAuditLoggingMode\",\n parent: \"organizations/123456789\",\n spec: {\n reset: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=\"organizations/123456789/policies/gcp.detailedAuditLoggingMode\",\n parent=\"organizations/123456789\",\n spec={\n \"reset\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = \"organizations/123456789/policies/gcp.detailedAuditLoggingMode\",\n Parent = \"organizations/123456789\",\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Reset = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: pulumi.String(\"organizations/123456789/policies/gcp.detailedAuditLoggingMode\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tReset: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(\"organizations/123456789/policies/gcp.detailedAuditLoggingMode\")\n .parent(\"organizations/123456789\")\n .spec(PolicySpecArgs.builder()\n .reset(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: organizations/123456789/policies/gcp.detailedAuditLoggingMode\n parent: organizations/123456789\n spec:\n reset: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Project\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Project(\"basic\", {\n projectId: \"id\",\n name: \"id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`projects/${basic.name}/policies/gcp.resourceLocations`,\n parent: pulumi.interpolate`projects/${basic.name}`,\n spec: {\n rules: [\n {\n condition: {\n description: \"A sample condition for the policy\",\n expression: \"resource.matchTagId('tagKeys/123', 'tagValues/345')\",\n location: \"sample-location.log\",\n title: \"sample-condition\",\n },\n values: {\n allowedValues: [\"projects/allowed-project\"],\n deniedValues: [\"projects/denied-project\"],\n },\n },\n {\n allowAll: \"TRUE\",\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Project(\"basic\",\n project_id=\"id\",\n name=\"id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.name.apply(lambda name: f\"projects/{name}/policies/gcp.resourceLocations\"),\n parent=basic.name.apply(lambda name: f\"projects/{name}\"),\n spec={\n \"rules\": [\n {\n \"condition\": {\n \"description\": \"A sample condition for the policy\",\n \"expression\": \"resource.matchTagId('tagKeys/123', 'tagValues/345')\",\n \"location\": \"sample-location.log\",\n \"title\": \"sample-condition\",\n },\n \"values\": {\n \"allowed_values\": [\"projects/allowed-project\"],\n \"denied_values\": [\"projects/denied-project\"],\n },\n },\n {\n \"allow_all\": \"TRUE\",\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Project(\"basic\", new()\n {\n ProjectId = \"id\",\n Name = \"id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.Name.Apply(name =\u003e $\"projects/{name}/policies/gcp.resourceLocations\"),\n Parent = basic.Name.Apply(name =\u003e $\"projects/{name}\"),\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Condition = new Gcp.OrgPolicy.Inputs.PolicySpecRuleConditionArgs\n {\n Description = \"A sample condition for the policy\",\n Expression = \"resource.matchTagId('tagKeys/123', 'tagValues/345')\",\n Location = \"sample-location.log\",\n Title = \"sample-condition\",\n },\n Values = new Gcp.OrgPolicy.Inputs.PolicySpecRuleValuesArgs\n {\n AllowedValues = new[]\n {\n \"projects/allowed-project\",\n },\n DeniedValues = new[]\n {\n \"projects/denied-project\",\n },\n },\n },\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n AllowAll = \"TRUE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewProject(ctx, \"basic\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"id\"),\n\t\t\tName: pulumi.String(\"id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/policies/gcp.resourceLocations\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tCondition: \u0026orgpolicy.PolicySpecRuleConditionArgs{\n\t\t\t\t\t\t\tDescription: pulumi.String(\"A sample condition for the policy\"),\n\t\t\t\t\t\t\tExpression: pulumi.String(\"resource.matchTagId('tagKeys/123', 'tagValues/345')\"),\n\t\t\t\t\t\t\tLocation: pulumi.String(\"sample-location.log\"),\n\t\t\t\t\t\t\tTitle: pulumi.String(\"sample-condition\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tValues: \u0026orgpolicy.PolicySpecRuleValuesArgs{\n\t\t\t\t\t\t\tAllowedValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"projects/allowed-project\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tDeniedValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"projects/denied-project\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tAllowAll: pulumi.String(\"TRUE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Project(\"basic\", ProjectArgs.builder()\n .projectId(\"id\")\n .name(\"id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.name().applyValue(name -\u003e String.format(\"projects/%s/policies/gcp.resourceLocations\", name)))\n .parent(basic.name().applyValue(name -\u003e String.format(\"projects/%s\", name)))\n .spec(PolicySpecArgs.builder()\n .rules( \n PolicySpecRuleArgs.builder()\n .condition(PolicySpecRuleConditionArgs.builder()\n .description(\"A sample condition for the policy\")\n .expression(\"resource.matchTagId('tagKeys/123', 'tagValues/345')\")\n .location(\"sample-location.log\")\n .title(\"sample-condition\")\n .build())\n .values(PolicySpecRuleValuesArgs.builder()\n .allowedValues(\"projects/allowed-project\")\n .deniedValues(\"projects/denied-project\")\n .build())\n .build(),\n PolicySpecRuleArgs.builder()\n .allowAll(\"TRUE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: projects/${basic.name}/policies/gcp.resourceLocations\n parent: projects/${basic.name}\n spec:\n rules:\n - condition:\n description: A sample condition for the policy\n expression: resource.matchTagId('tagKeys/123', 'tagValues/345')\n location: sample-location.log\n title: sample-condition\n values:\n allowedValues:\n - projects/allowed-project\n deniedValues:\n - projects/denied-project\n - allowAll: TRUE\n basic:\n type: gcp:organizations:Project\n properties:\n projectId: id\n name: id\n orgId: '123456789'\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Dry Run Spec\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst constraint = new gcp.orgpolicy.CustomConstraint(\"constraint\", {\n name: \"custom.disableGkeAutoUpgrade_40289\",\n parent: \"organizations/123456789\",\n displayName: \"Disable GKE auto upgrade\",\n description: \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n actionType: \"ALLOW\",\n condition: \"resource.management.autoUpgrade == false\",\n methodTypes: [\"CREATE\"],\n resourceTypes: [\"container.googleapis.com/NodePool\"],\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,\n parent: \"organizations/123456789\",\n spec: {\n rules: [{\n enforce: \"FALSE\",\n }],\n },\n dryRunSpec: {\n inheritFromParent: false,\n reset: false,\n rules: [{\n enforce: \"FALSE\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconstraint = gcp.orgpolicy.CustomConstraint(\"constraint\",\n name=\"custom.disableGkeAutoUpgrade_40289\",\n parent=\"organizations/123456789\",\n display_name=\"Disable GKE auto upgrade\",\n description=\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n action_type=\"ALLOW\",\n condition=\"resource.management.autoUpgrade == false\",\n method_types=[\"CREATE\"],\n resource_types=[\"container.googleapis.com/NodePool\"])\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=constraint.name.apply(lambda name: f\"organizations/123456789/policies/{name}\"),\n parent=\"organizations/123456789\",\n spec={\n \"rules\": [{\n \"enforce\": \"FALSE\",\n }],\n },\n dry_run_spec={\n \"inherit_from_parent\": False,\n \"reset\": False,\n \"rules\": [{\n \"enforce\": \"FALSE\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var constraint = new Gcp.OrgPolicy.CustomConstraint(\"constraint\", new()\n {\n Name = \"custom.disableGkeAutoUpgrade_40289\",\n Parent = \"organizations/123456789\",\n DisplayName = \"Disable GKE auto upgrade\",\n Description = \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n ActionType = \"ALLOW\",\n Condition = \"resource.management.autoUpgrade == false\",\n MethodTypes = new[]\n {\n \"CREATE\",\n },\n ResourceTypes = new[]\n {\n \"container.googleapis.com/NodePool\",\n },\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = constraint.Name.Apply(name =\u003e $\"organizations/123456789/policies/{name}\"),\n Parent = \"organizations/123456789\",\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Enforce = \"FALSE\",\n },\n },\n },\n DryRunSpec = new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecArgs\n {\n InheritFromParent = false,\n Reset = false,\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecRuleArgs\n {\n Enforce = \"FALSE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tconstraint, err := orgpolicy.NewCustomConstraint(ctx, \"constraint\", \u0026orgpolicy.CustomConstraintArgs{\n\t\t\tName: pulumi.String(\"custom.disableGkeAutoUpgrade_40289\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDisplayName: pulumi.String(\"Disable GKE auto upgrade\"),\n\t\t\tDescription: pulumi.String(\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\"),\n\t\t\tActionType: pulumi.String(\"ALLOW\"),\n\t\t\tCondition: pulumi.String(\"resource.management.autoUpgrade == false\"),\n\t\t\tMethodTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE\"),\n\t\t\t},\n\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"container.googleapis.com/NodePool\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: constraint.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"organizations/123456789/policies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"FALSE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDryRunSpec: \u0026orgpolicy.PolicyDryRunSpecArgs{\n\t\t\t\tInheritFromParent: pulumi.Bool(false),\n\t\t\t\tReset: pulumi.Bool(false),\n\t\t\t\tRules: orgpolicy.PolicyDryRunSpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicyDryRunSpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"FALSE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.orgpolicy.CustomConstraint;\nimport com.pulumi.gcp.orgpolicy.CustomConstraintArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicyDryRunSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var constraint = new CustomConstraint(\"constraint\", CustomConstraintArgs.builder()\n .name(\"custom.disableGkeAutoUpgrade_40289\")\n .parent(\"organizations/123456789\")\n .displayName(\"Disable GKE auto upgrade\")\n .description(\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\")\n .actionType(\"ALLOW\")\n .condition(\"resource.management.autoUpgrade == false\")\n .methodTypes(\"CREATE\")\n .resourceTypes(\"container.googleapis.com/NodePool\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(constraint.name().applyValue(name -\u003e String.format(\"organizations/123456789/policies/%s\", name)))\n .parent(\"organizations/123456789\")\n .spec(PolicySpecArgs.builder()\n .rules(PolicySpecRuleArgs.builder()\n .enforce(\"FALSE\")\n .build())\n .build())\n .dryRunSpec(PolicyDryRunSpecArgs.builder()\n .inheritFromParent(false)\n .reset(false)\n .rules(PolicyDryRunSpecRuleArgs.builder()\n .enforce(\"FALSE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n constraint:\n type: gcp:orgpolicy:CustomConstraint\n properties:\n name: custom.disableGkeAutoUpgrade_40289\n parent: organizations/123456789\n displayName: Disable GKE auto upgrade\n description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\n actionType: ALLOW\n condition: resource.management.autoUpgrade == false\n methodTypes:\n - CREATE\n resourceTypes:\n - container.googleapis.com/NodePool\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: organizations/123456789/policies/${constraint.name}\n parent: organizations/123456789\n spec:\n rules:\n - enforce: FALSE\n dryRunSpec:\n inheritFromParent: false\n reset: false\n rules:\n - enforce: FALSE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPolicy can be imported using any of these accepted formats:\n\n* `{{parent}}/policies/{{name}}`\n\nWhen using the `pulumi import` command, Policy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}\n```\n\n", + "description": "Defines an organization policy which is used to specify constraints for configurations of Google Cloud resources.\n\n\nTo get more information about Policy, see:\n\n* [API documentation](https://cloud.google.com/resource-manager/docs/reference/orgpolicy/rest/v2/organizations.policies)\n* How-to Guides\n * [Official Documentation](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints)\n * [Supported Services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services)\n\n## Example Usage\n\n### Org Policy Policy Enforce\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Project(\"basic\", {\n projectId: \"id\",\n name: \"id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`projects/${basic.projectId}/policies/iam.disableServiceAccountKeyUpload`,\n parent: pulumi.interpolate`projects/${basic.projectId}`,\n spec: {\n rules: [{\n enforce: \"FALSE\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Project(\"basic\",\n project_id=\"id\",\n name=\"id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.project_id.apply(lambda project_id: f\"projects/{project_id}/policies/iam.disableServiceAccountKeyUpload\"),\n parent=basic.project_id.apply(lambda project_id: f\"projects/{project_id}\"),\n spec={\n \"rules\": [{\n \"enforce\": \"FALSE\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Project(\"basic\", new()\n {\n ProjectId = \"id\",\n Name = \"id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}/policies/iam.disableServiceAccountKeyUpload\"),\n Parent = basic.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}\"),\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Enforce = \"FALSE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewProject(ctx, \"basic\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"id\"),\n\t\t\tName: pulumi.String(\"id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/policies/iam.disableServiceAccountKeyUpload\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"FALSE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Project(\"basic\", ProjectArgs.builder()\n .projectId(\"id\")\n .name(\"id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.projectId().applyValue(projectId -\u003e String.format(\"projects/%s/policies/iam.disableServiceAccountKeyUpload\", projectId)))\n .parent(basic.projectId().applyValue(projectId -\u003e String.format(\"projects/%s\", projectId)))\n .spec(PolicySpecArgs.builder()\n .rules(PolicySpecRuleArgs.builder()\n .enforce(\"FALSE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: projects/${basic.projectId}/policies/iam.disableServiceAccountKeyUpload\n parent: projects/${basic.projectId}\n spec:\n rules:\n - enforce: FALSE\n basic:\n type: gcp:organizations:Project\n properties:\n projectId: id\n name: id\n orgId: '123456789'\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Folder\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Folder(\"basic\", {\n parent: \"organizations/123456789\",\n displayName: \"folder\",\n deletionProtection: false,\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`${basic.name}/policies/gcp.resourceLocations`,\n parent: basic.name,\n spec: {\n inheritFromParent: true,\n rules: [{\n denyAll: \"TRUE\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Folder(\"basic\",\n parent=\"organizations/123456789\",\n display_name=\"folder\",\n deletion_protection=False)\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.name.apply(lambda name: f\"{name}/policies/gcp.resourceLocations\"),\n parent=basic.name,\n spec={\n \"inherit_from_parent\": True,\n \"rules\": [{\n \"deny_all\": \"TRUE\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Folder(\"basic\", new()\n {\n Parent = \"organizations/123456789\",\n DisplayName = \"folder\",\n DeletionProtection = false,\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.Name.Apply(name =\u003e $\"{name}/policies/gcp.resourceLocations\"),\n Parent = basic.Name,\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n InheritFromParent = true,\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n DenyAll = \"TRUE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewFolder(ctx, \"basic\", \u0026organizations.FolderArgs{\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDisplayName: pulumi.String(\"folder\"),\n\t\t\tDeletionProtection: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v/policies/gcp.resourceLocations\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.Name,\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tInheritFromParent: pulumi.Bool(true),\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tDenyAll: pulumi.String(\"TRUE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Folder;\nimport com.pulumi.gcp.organizations.FolderArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Folder(\"basic\", FolderArgs.builder()\n .parent(\"organizations/123456789\")\n .displayName(\"folder\")\n .deletionProtection(false)\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.name().applyValue(name -\u003e String.format(\"%s/policies/gcp.resourceLocations\", name)))\n .parent(basic.name())\n .spec(PolicySpecArgs.builder()\n .inheritFromParent(true)\n .rules(PolicySpecRuleArgs.builder()\n .denyAll(\"TRUE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: ${basic.name}/policies/gcp.resourceLocations\n parent: ${basic.name}\n spec:\n inheritFromParent: true\n rules:\n - denyAll: TRUE\n basic:\n type: gcp:organizations:Folder\n properties:\n parent: organizations/123456789\n displayName: folder\n deletionProtection: false\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Organization\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: \"organizations/123456789/policies/gcp.detailedAuditLoggingMode\",\n parent: \"organizations/123456789\",\n spec: {\n reset: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=\"organizations/123456789/policies/gcp.detailedAuditLoggingMode\",\n parent=\"organizations/123456789\",\n spec={\n \"reset\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = \"organizations/123456789/policies/gcp.detailedAuditLoggingMode\",\n Parent = \"organizations/123456789\",\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Reset = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: pulumi.String(\"organizations/123456789/policies/gcp.detailedAuditLoggingMode\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tReset: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(\"organizations/123456789/policies/gcp.detailedAuditLoggingMode\")\n .parent(\"organizations/123456789\")\n .spec(PolicySpecArgs.builder()\n .reset(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: organizations/123456789/policies/gcp.detailedAuditLoggingMode\n parent: organizations/123456789\n spec:\n reset: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Project\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Project(\"basic\", {\n projectId: \"id\",\n name: \"id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`projects/${basic.projectId}/policies/gcp.resourceLocations`,\n parent: pulumi.interpolate`projects/${basic.projectId}`,\n spec: {\n rules: [\n {\n condition: {\n description: \"A sample condition for the policy\",\n expression: \"resource.matchTagId('tagKeys/123', 'tagValues/345')\",\n location: \"sample-location.log\",\n title: \"sample-condition\",\n },\n values: {\n allowedValues: [\"projects/allowed-project\"],\n deniedValues: [\"projects/denied-project\"],\n },\n },\n {\n allowAll: \"TRUE\",\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Project(\"basic\",\n project_id=\"id\",\n name=\"id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.project_id.apply(lambda project_id: f\"projects/{project_id}/policies/gcp.resourceLocations\"),\n parent=basic.project_id.apply(lambda project_id: f\"projects/{project_id}\"),\n spec={\n \"rules\": [\n {\n \"condition\": {\n \"description\": \"A sample condition for the policy\",\n \"expression\": \"resource.matchTagId('tagKeys/123', 'tagValues/345')\",\n \"location\": \"sample-location.log\",\n \"title\": \"sample-condition\",\n },\n \"values\": {\n \"allowed_values\": [\"projects/allowed-project\"],\n \"denied_values\": [\"projects/denied-project\"],\n },\n },\n {\n \"allow_all\": \"TRUE\",\n },\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Project(\"basic\", new()\n {\n ProjectId = \"id\",\n Name = \"id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}/policies/gcp.resourceLocations\"),\n Parent = basic.ProjectId.Apply(projectId =\u003e $\"projects/{projectId}\"),\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Condition = new Gcp.OrgPolicy.Inputs.PolicySpecRuleConditionArgs\n {\n Description = \"A sample condition for the policy\",\n Expression = \"resource.matchTagId('tagKeys/123', 'tagValues/345')\",\n Location = \"sample-location.log\",\n Title = \"sample-condition\",\n },\n Values = new Gcp.OrgPolicy.Inputs.PolicySpecRuleValuesArgs\n {\n AllowedValues = new[]\n {\n \"projects/allowed-project\",\n },\n DeniedValues = new[]\n {\n \"projects/denied-project\",\n },\n },\n },\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n AllowAll = \"TRUE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewProject(ctx, \"basic\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"id\"),\n\t\t\tName: pulumi.String(\"id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/policies/gcp.resourceLocations\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.ProjectId.ApplyT(func(projectId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", projectId), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tCondition: \u0026orgpolicy.PolicySpecRuleConditionArgs{\n\t\t\t\t\t\t\tDescription: pulumi.String(\"A sample condition for the policy\"),\n\t\t\t\t\t\t\tExpression: pulumi.String(\"resource.matchTagId('tagKeys/123', 'tagValues/345')\"),\n\t\t\t\t\t\t\tLocation: pulumi.String(\"sample-location.log\"),\n\t\t\t\t\t\t\tTitle: pulumi.String(\"sample-condition\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tValues: \u0026orgpolicy.PolicySpecRuleValuesArgs{\n\t\t\t\t\t\t\tAllowedValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"projects/allowed-project\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tDeniedValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"projects/denied-project\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tAllowAll: pulumi.String(\"TRUE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Project(\"basic\", ProjectArgs.builder()\n .projectId(\"id\")\n .name(\"id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.projectId().applyValue(projectId -\u003e String.format(\"projects/%s/policies/gcp.resourceLocations\", projectId)))\n .parent(basic.projectId().applyValue(projectId -\u003e String.format(\"projects/%s\", projectId)))\n .spec(PolicySpecArgs.builder()\n .rules( \n PolicySpecRuleArgs.builder()\n .condition(PolicySpecRuleConditionArgs.builder()\n .description(\"A sample condition for the policy\")\n .expression(\"resource.matchTagId('tagKeys/123', 'tagValues/345')\")\n .location(\"sample-location.log\")\n .title(\"sample-condition\")\n .build())\n .values(PolicySpecRuleValuesArgs.builder()\n .allowedValues(\"projects/allowed-project\")\n .deniedValues(\"projects/denied-project\")\n .build())\n .build(),\n PolicySpecRuleArgs.builder()\n .allowAll(\"TRUE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: projects/${basic.projectId}/policies/gcp.resourceLocations\n parent: projects/${basic.projectId}\n spec:\n rules:\n - condition:\n description: A sample condition for the policy\n expression: resource.matchTagId('tagKeys/123', 'tagValues/345')\n location: sample-location.log\n title: sample-condition\n values:\n allowedValues:\n - projects/allowed-project\n deniedValues:\n - projects/denied-project\n - allowAll: TRUE\n basic:\n type: gcp:organizations:Project\n properties:\n projectId: id\n name: id\n orgId: '123456789'\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Dry Run Spec\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst constraint = new gcp.orgpolicy.CustomConstraint(\"constraint\", {\n name: \"custom.disableGkeAutoUpgrade_40289\",\n parent: \"organizations/123456789\",\n displayName: \"Disable GKE auto upgrade\",\n description: \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n actionType: \"ALLOW\",\n condition: \"resource.management.autoUpgrade == false\",\n methodTypes: [\"CREATE\"],\n resourceTypes: [\"container.googleapis.com/NodePool\"],\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`organizations/123456789/policies/${constraint.name}`,\n parent: \"organizations/123456789\",\n spec: {\n rules: [{\n enforce: \"FALSE\",\n }],\n },\n dryRunSpec: {\n inheritFromParent: false,\n reset: false,\n rules: [{\n enforce: \"FALSE\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nconstraint = gcp.orgpolicy.CustomConstraint(\"constraint\",\n name=\"custom.disableGkeAutoUpgrade_40289\",\n parent=\"organizations/123456789\",\n display_name=\"Disable GKE auto upgrade\",\n description=\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n action_type=\"ALLOW\",\n condition=\"resource.management.autoUpgrade == false\",\n method_types=[\"CREATE\"],\n resource_types=[\"container.googleapis.com/NodePool\"])\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=constraint.name.apply(lambda name: f\"organizations/123456789/policies/{name}\"),\n parent=\"organizations/123456789\",\n spec={\n \"rules\": [{\n \"enforce\": \"FALSE\",\n }],\n },\n dry_run_spec={\n \"inherit_from_parent\": False,\n \"reset\": False,\n \"rules\": [{\n \"enforce\": \"FALSE\",\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var constraint = new Gcp.OrgPolicy.CustomConstraint(\"constraint\", new()\n {\n Name = \"custom.disableGkeAutoUpgrade_40289\",\n Parent = \"organizations/123456789\",\n DisplayName = \"Disable GKE auto upgrade\",\n Description = \"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\",\n ActionType = \"ALLOW\",\n Condition = \"resource.management.autoUpgrade == false\",\n MethodTypes = new[]\n {\n \"CREATE\",\n },\n ResourceTypes = new[]\n {\n \"container.googleapis.com/NodePool\",\n },\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = constraint.Name.Apply(name =\u003e $\"organizations/123456789/policies/{name}\"),\n Parent = \"organizations/123456789\",\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Enforce = \"FALSE\",\n },\n },\n },\n DryRunSpec = new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecArgs\n {\n InheritFromParent = false,\n Reset = false,\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicyDryRunSpecRuleArgs\n {\n Enforce = \"FALSE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tconstraint, err := orgpolicy.NewCustomConstraint(ctx, \"constraint\", \u0026orgpolicy.CustomConstraintArgs{\n\t\t\tName: pulumi.String(\"custom.disableGkeAutoUpgrade_40289\"),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tDisplayName: pulumi.String(\"Disable GKE auto upgrade\"),\n\t\t\tDescription: pulumi.String(\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\"),\n\t\t\tActionType: pulumi.String(\"ALLOW\"),\n\t\t\tCondition: pulumi.String(\"resource.management.autoUpgrade == false\"),\n\t\t\tMethodTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CREATE\"),\n\t\t\t},\n\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"container.googleapis.com/NodePool\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: constraint.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"organizations/123456789/policies/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: pulumi.String(\"organizations/123456789\"),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"FALSE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDryRunSpec: \u0026orgpolicy.PolicyDryRunSpecArgs{\n\t\t\t\tInheritFromParent: pulumi.Bool(false),\n\t\t\t\tReset: pulumi.Bool(false),\n\t\t\t\tRules: orgpolicy.PolicyDryRunSpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicyDryRunSpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"FALSE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.orgpolicy.CustomConstraint;\nimport com.pulumi.gcp.orgpolicy.CustomConstraintArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicyDryRunSpecArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var constraint = new CustomConstraint(\"constraint\", CustomConstraintArgs.builder()\n .name(\"custom.disableGkeAutoUpgrade_40289\")\n .parent(\"organizations/123456789\")\n .displayName(\"Disable GKE auto upgrade\")\n .description(\"Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\")\n .actionType(\"ALLOW\")\n .condition(\"resource.management.autoUpgrade == false\")\n .methodTypes(\"CREATE\")\n .resourceTypes(\"container.googleapis.com/NodePool\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(constraint.name().applyValue(name -\u003e String.format(\"organizations/123456789/policies/%s\", name)))\n .parent(\"organizations/123456789\")\n .spec(PolicySpecArgs.builder()\n .rules(PolicySpecRuleArgs.builder()\n .enforce(\"FALSE\")\n .build())\n .build())\n .dryRunSpec(PolicyDryRunSpecArgs.builder()\n .inheritFromParent(false)\n .reset(false)\n .rules(PolicyDryRunSpecRuleArgs.builder()\n .enforce(\"FALSE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n constraint:\n type: gcp:orgpolicy:CustomConstraint\n properties:\n name: custom.disableGkeAutoUpgrade_40289\n parent: organizations/123456789\n displayName: Disable GKE auto upgrade\n description: Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.\n actionType: ALLOW\n condition: resource.management.autoUpgrade == false\n methodTypes:\n - CREATE\n resourceTypes:\n - container.googleapis.com/NodePool\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: organizations/123456789/policies/${constraint.name}\n parent: organizations/123456789\n spec:\n rules:\n - enforce: FALSE\n dryRunSpec:\n inheritFromParent: false\n reset: false\n rules:\n - enforce: FALSE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Org Policy Policy Parameters Enforce\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst basic = new gcp.organizations.Project(\"basic\", {\n projectId: \"id\",\n name: \"id\",\n orgId: \"123456789\",\n deletionPolicy: \"DELETE\",\n});\nconst primary = new gcp.orgpolicy.Policy(\"primary\", {\n name: pulumi.interpolate`projects/${basic.name}/policies/compute.managed.restrictDiskCreation`,\n parent: pulumi.interpolate`projects/${basic.name}`,\n spec: {\n rules: [{\n enforce: \"TRUE\",\n parameters: JSON.stringify({\n isSizeLimitCheck: true,\n allowedDiskTypes: [\n \"pd-ssd\",\n \"pd-standard\",\n ],\n }),\n }],\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_gcp as gcp\n\nbasic = gcp.organizations.Project(\"basic\",\n project_id=\"id\",\n name=\"id\",\n org_id=\"123456789\",\n deletion_policy=\"DELETE\")\nprimary = gcp.orgpolicy.Policy(\"primary\",\n name=basic.name.apply(lambda name: f\"projects/{name}/policies/compute.managed.restrictDiskCreation\"),\n parent=basic.name.apply(lambda name: f\"projects/{name}\"),\n spec={\n \"rules\": [{\n \"enforce\": \"TRUE\",\n \"parameters\": json.dumps({\n \"isSizeLimitCheck\": True,\n \"allowedDiskTypes\": [\n \"pd-ssd\",\n \"pd-standard\",\n ],\n }),\n }],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var basic = new Gcp.Organizations.Project(\"basic\", new()\n {\n ProjectId = \"id\",\n Name = \"id\",\n OrgId = \"123456789\",\n DeletionPolicy = \"DELETE\",\n });\n\n var primary = new Gcp.OrgPolicy.Policy(\"primary\", new()\n {\n Name = basic.Name.Apply(name =\u003e $\"projects/{name}/policies/compute.managed.restrictDiskCreation\"),\n Parent = basic.Name.Apply(name =\u003e $\"projects/{name}\"),\n Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs\n {\n Rules = new[]\n {\n new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs\n {\n Enforce = \"TRUE\",\n Parameters = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"isSizeLimitCheck\"] = true,\n [\"allowedDiskTypes\"] = new[]\n {\n \"pd-ssd\",\n \"pd-standard\",\n },\n }),\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbasic, err := organizations.NewProject(ctx, \"basic\", \u0026organizations.ProjectArgs{\n\t\t\tProjectId: pulumi.String(\"id\"),\n\t\t\tName: pulumi.String(\"id\"),\n\t\t\tOrgId: pulumi.String(\"123456789\"),\n\t\t\tDeletionPolicy: pulumi.String(\"DELETE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"isSizeLimitCheck\": true,\n\t\t\t\"allowedDiskTypes\": []string{\n\t\t\t\t\"pd-ssd\",\n\t\t\t\t\"pd-standard\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = orgpolicy.NewPolicy(ctx, \"primary\", \u0026orgpolicy.PolicyArgs{\n\t\t\tName: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v/policies/compute.managed.restrictDiskCreation\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tParent: basic.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"projects/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tSpec: \u0026orgpolicy.PolicySpecArgs{\n\t\t\t\tRules: orgpolicy.PolicySpecRuleArray{\n\t\t\t\t\t\u0026orgpolicy.PolicySpecRuleArgs{\n\t\t\t\t\t\tEnforce: pulumi.String(\"TRUE\"),\n\t\t\t\t\t\tParameters: pulumi.String(json0),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.Project;\nimport com.pulumi.gcp.organizations.ProjectArgs;\nimport com.pulumi.gcp.orgpolicy.Policy;\nimport com.pulumi.gcp.orgpolicy.PolicyArgs;\nimport com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var basic = new Project(\"basic\", ProjectArgs.builder()\n .projectId(\"id\")\n .name(\"id\")\n .orgId(\"123456789\")\n .deletionPolicy(\"DELETE\")\n .build());\n\n var primary = new Policy(\"primary\", PolicyArgs.builder()\n .name(basic.name().applyValue(name -\u003e String.format(\"projects/%s/policies/compute.managed.restrictDiskCreation\", name)))\n .parent(basic.name().applyValue(name -\u003e String.format(\"projects/%s\", name)))\n .spec(PolicySpecArgs.builder()\n .rules(PolicySpecRuleArgs.builder()\n .enforce(\"TRUE\")\n .parameters(serializeJson(\n jsonObject(\n jsonProperty(\"isSizeLimitCheck\", true),\n jsonProperty(\"allowedDiskTypes\", jsonArray(\n \"pd-ssd\", \n \"pd-standard\"\n ))\n )))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: gcp:orgpolicy:Policy\n properties:\n name: projects/${basic.name}/policies/compute.managed.restrictDiskCreation\n parent: projects/${basic.name}\n spec:\n rules:\n - enforce: TRUE\n parameters:\n fn::toJSON:\n isSizeLimitCheck: true\n allowedDiskTypes:\n - pd-ssd\n - pd-standard\n basic:\n type: gcp:organizations:Project\n properties:\n projectId: id\n name: id\n orgId: '123456789'\n deletionPolicy: DELETE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nPolicy can be imported using any of these accepted formats:\n\n* `{{parent}}/policies/{{name}}`\n\nWhen using the `pulumi import` command, Policy can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:orgpolicy/policy:Policy default {{parent}}/policies/{{name}}\n```\n\n", "properties": { "dryRunSpec": { "$ref": "#/types/gcp:orgpolicy/PolicyDryRunSpec:PolicyDryRunSpec", @@ -269399,7 +270753,7 @@ }, "databaseVersion": { "type": "string", - "description": "The MySQL, PostgreSQL or\nSQL Server version to use. Supported values include `MYSQL_5_6`,\n`MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`,\n`POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`,\n`SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`.\n`SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`,\n`SQLSERVER_2019_WEB`.\n[Database Version Policies](https://cloud.google.com/sql/docs/db-versions)\nincludes an up-to-date reference of supported versions.\n" + "description": "The MySQL, PostgreSQL or\nSQL Server version to use. Supported values include `MYSQL_5_6`,\n`MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`,\n`POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`,\n`SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`.\n`SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`,\n`SQLSERVER_2019_WEB`.\n[Database Version Policies](https://cloud.google.com/sql/docs/db-versions)\nincludes an up-to-date reference of supported versions.\n" }, "deletionProtection": { "type": "boolean", @@ -269531,7 +270885,7 @@ }, "databaseVersion": { "type": "string", - "description": "The MySQL, PostgreSQL or\nSQL Server version to use. Supported values include `MYSQL_5_6`,\n`MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`,\n`POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`,\n`SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`.\n`SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`,\n`SQLSERVER_2019_WEB`.\n[Database Version Policies](https://cloud.google.com/sql/docs/db-versions)\nincludes an up-to-date reference of supported versions.\n" + "description": "The MySQL, PostgreSQL or\nSQL Server version to use. Supported values include `MYSQL_5_6`,\n`MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`,\n`POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`,\n`SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`.\n`SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`,\n`SQLSERVER_2019_WEB`.\n[Database Version Policies](https://cloud.google.com/sql/docs/db-versions)\nincludes an up-to-date reference of supported versions.\n" }, "deletionProtection": { "type": "boolean", @@ -269618,7 +270972,7 @@ }, "databaseVersion": { "type": "string", - "description": "The MySQL, PostgreSQL or\nSQL Server version to use. Supported values include `MYSQL_5_6`,\n`MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`,\n`POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`,\n`SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`.\n`SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`,\n`SQLSERVER_2019_WEB`.\n[Database Version Policies](https://cloud.google.com/sql/docs/db-versions)\nincludes an up-to-date reference of supported versions.\n" + "description": "The MySQL, PostgreSQL or\nSQL Server version to use. Supported values include `MYSQL_5_6`,\n`MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`,\n`POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`,\n`SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`.\n`SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`,\n`SQLSERVER_2019_WEB`.\n[Database Version Policies](https://cloud.google.com/sql/docs/db-versions)\nincludes an up-to-date reference of supported versions.\n" }, "deletionProtection": { "type": "boolean", @@ -273793,7 +275147,7 @@ } }, "gcp:tpu/v2Vm:V2Vm": { - "description": "## Example Usage\n\n### Tpu V2 Vm Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n runtime_version=\"tpu-vm-tf-2.13.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n runtimeVersion: tpu-vm-tf-2.13.0\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Tpu V2 Vm Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst availableGetV2AcceleratorTypes = gcp.tpu.getV2AcceleratorTypes({});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"tpu-net\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"tpu-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"tpu-sa\",\n displayName: \"Test TPU VM\",\n});\nconst disk = new gcp.compute.Disk(\"disk\", {\n name: \"tpu-disk\",\n image: \"debian-cloud/debian-11\",\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-c\",\n});\n// Wait after service account creation to limit eventual consistency errors.\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [sa],\n});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n description: \"Text description of the TPU.\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n acceleratorConfig: {\n type: \"V2\",\n topology: \"2x2\",\n },\n cidrBlock: \"10.0.0.0/29\",\n networkConfig: {\n canIpForward: true,\n enableExternalIps: true,\n network: network.id,\n subnetwork: subnet.id,\n },\n schedulingConfig: {\n preemptible: true,\n },\n shieldedInstanceConfig: {\n enableSecureBoot: true,\n },\n serviceAccount: {\n email: sa.email,\n scopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n dataDisks: [{\n sourceDisk: disk.id,\n mode: \"READ_ONLY\",\n }],\n labels: {\n foo: \"bar\",\n },\n metadata: {\n foo: \"bar\",\n },\n tags: [\"foo\"],\n}, {\n dependsOn: [wait60Seconds],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\navailable = gcp.tpu.get_v2_runtime_versions()\navailable_get_v2_accelerator_types = gcp.tpu.get_v2_accelerator_types()\nnetwork = gcp.compute.Network(\"network\",\n name=\"tpu-net\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"tpu-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=network.id)\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"tpu-sa\",\n display_name=\"Test TPU VM\")\ndisk = gcp.compute.Disk(\"disk\",\n name=\"tpu-disk\",\n image=\"debian-cloud/debian-11\",\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-c\")\n# Wait after service account creation to limit eventual consistency errors.\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[sa]))\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n description=\"Text description of the TPU.\",\n runtime_version=\"tpu-vm-tf-2.13.0\",\n accelerator_config={\n \"type\": \"V2\",\n \"topology\": \"2x2\",\n },\n cidr_block=\"10.0.0.0/29\",\n network_config={\n \"can_ip_forward\": True,\n \"enable_external_ips\": True,\n \"network\": network.id,\n \"subnetwork\": subnet.id,\n },\n scheduling_config={\n \"preemptible\": True,\n },\n shielded_instance_config={\n \"enable_secure_boot\": True,\n },\n service_account={\n \"email\": sa.email,\n \"scopes\": [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n data_disks=[{\n \"source_disk\": disk.id,\n \"mode\": \"READ_ONLY\",\n }],\n labels={\n \"foo\": \"bar\",\n },\n metadata={\n \"foo\": \"bar\",\n },\n tags=[\"foo\"],\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var availableGetV2AcceleratorTypes = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tpu-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"tpu-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"tpu-sa\",\n DisplayName = \"Test TPU VM\",\n });\n\n var disk = new Gcp.Compute.Disk(\"disk\", new()\n {\n Name = \"tpu-disk\",\n Image = \"debian-cloud/debian-11\",\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-c\",\n });\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sa,\n },\n });\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n Description = \"Text description of the TPU.\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n AcceleratorConfig = new Gcp.Tpu.Inputs.V2VmAcceleratorConfigArgs\n {\n Type = \"V2\",\n Topology = \"2x2\",\n },\n CidrBlock = \"10.0.0.0/29\",\n NetworkConfig = new Gcp.Tpu.Inputs.V2VmNetworkConfigArgs\n {\n CanIpForward = true,\n EnableExternalIps = true,\n Network = network.Id,\n Subnetwork = subnet.Id,\n },\n SchedulingConfig = new Gcp.Tpu.Inputs.V2VmSchedulingConfigArgs\n {\n Preemptible = true,\n },\n ShieldedInstanceConfig = new Gcp.Tpu.Inputs.V2VmShieldedInstanceConfigArgs\n {\n EnableSecureBoot = true,\n },\n ServiceAccount = new Gcp.Tpu.Inputs.V2VmServiceAccountArgs\n {\n Email = sa.Email,\n Scopes = new[]\n {\n \"https://www.googleapis.com/auth/cloud-platform\",\n },\n },\n DataDisks = new[]\n {\n new Gcp.Tpu.Inputs.V2VmDataDiskArgs\n {\n SourceDisk = disk.Id,\n Mode = \"READ_ONLY\",\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n Tags = new[]\n {\n \"foo\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"tpu-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test TPU VM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdisk, err := compute.NewDisk(ctx, \"disk\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"tpu-disk\"),\n\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait after service account creation to limit eventual consistency errors.\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tDescription: pulumi.String(\"Text description of the TPU.\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t\tAcceleratorConfig: \u0026tpu.V2VmAcceleratorConfigArgs{\n\t\t\t\tType: pulumi.String(\"V2\"),\n\t\t\t\tTopology: pulumi.String(\"2x2\"),\n\t\t\t},\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/29\"),\n\t\t\tNetworkConfig: \u0026tpu.V2VmNetworkConfigArgs{\n\t\t\t\tCanIpForward: pulumi.Bool(true),\n\t\t\t\tEnableExternalIps: pulumi.Bool(true),\n\t\t\t\tNetwork: network.ID(),\n\t\t\t\tSubnetwork: subnet.ID(),\n\t\t\t},\n\t\t\tSchedulingConfig: \u0026tpu.V2VmSchedulingConfigArgs{\n\t\t\t\tPreemptible: pulumi.Bool(true),\n\t\t\t},\n\t\t\tShieldedInstanceConfig: \u0026tpu.V2VmShieldedInstanceConfigArgs{\n\t\t\t\tEnableSecureBoot: pulumi.Bool(true),\n\t\t\t},\n\t\t\tServiceAccount: \u0026tpu.V2VmServiceAccountArgs{\n\t\t\t\tEmail: sa.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataDisks: tpu.V2VmDataDiskArray{\n\t\t\t\t\u0026tpu.V2VmDataDiskArgs{\n\t\t\t\t\tSourceDisk: disk.ID(),\n\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmAcceleratorConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmNetworkConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmSchedulingConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmShieldedInstanceConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmServiceAccountArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmDataDiskArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n final var availableGetV2AcceleratorTypes = TpuFunctions.getV2AcceleratorTypes();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tpu-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"tpu-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"tpu-sa\")\n .displayName(\"Test TPU VM\")\n .build());\n\n var disk = new Disk(\"disk\", DiskArgs.builder()\n .name(\"tpu-disk\")\n .image(\"debian-cloud/debian-11\")\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-c\")\n .build());\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sa)\n .build());\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .description(\"Text description of the TPU.\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .acceleratorConfig(V2VmAcceleratorConfigArgs.builder()\n .type(\"V2\")\n .topology(\"2x2\")\n .build())\n .cidrBlock(\"10.0.0.0/29\")\n .networkConfig(V2VmNetworkConfigArgs.builder()\n .canIpForward(true)\n .enableExternalIps(true)\n .network(network.id())\n .subnetwork(subnet.id())\n .build())\n .schedulingConfig(V2VmSchedulingConfigArgs.builder()\n .preemptible(true)\n .build())\n .shieldedInstanceConfig(V2VmShieldedInstanceConfigArgs.builder()\n .enableSecureBoot(true)\n .build())\n .serviceAccount(V2VmServiceAccountArgs.builder()\n .email(sa.email())\n .scopes(\"https://www.googleapis.com/auth/cloud-platform\")\n .build())\n .dataDisks(V2VmDataDiskArgs.builder()\n .sourceDisk(disk.id())\n .mode(\"READ_ONLY\")\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .metadata(Map.of(\"foo\", \"bar\"))\n .tags(\"foo\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n description: Text description of the TPU.\n runtimeVersion: tpu-vm-tf-2.13.0\n acceleratorConfig:\n type: V2\n topology: 2x2\n cidrBlock: 10.0.0.0/29\n networkConfig:\n canIpForward: true\n enableExternalIps: true\n network: ${network.id}\n subnetwork: ${subnet.id}\n schedulingConfig:\n preemptible: true\n shieldedInstanceConfig:\n enableSecureBoot: true\n serviceAccount:\n email: ${sa.email}\n scopes:\n - https://www.googleapis.com/auth/cloud-platform\n dataDisks:\n - sourceDisk: ${disk.id}\n mode: READ_ONLY\n labels:\n foo: bar\n metadata:\n foo: bar\n tags:\n - foo\n options:\n dependsOn:\n - ${wait60Seconds}\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: tpu-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: tpu-net\n autoCreateSubnetworks: false\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: tpu-sa\n displayName: Test TPU VM\n disk:\n type: gcp:compute:Disk\n properties:\n name: tpu-disk\n image: debian-cloud/debian-11\n size: 10\n type: pd-ssd\n zone: us-central1-c\n # Wait after service account creation to limit eventual consistency errors.\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${sa}\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n availableGetV2AcceleratorTypes:\n fn::invoke:\n function: gcp:tpu:getV2AcceleratorTypes\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVm can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/nodes/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Vm can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default projects/{{project}}/locations/{{zone}}/nodes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{name}}\n```\n\n", + "description": "## Example Usage\n\n### Tpu V2 Vm Basic\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\navailable = gcp.tpu.get_v2_runtime_versions()\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n runtime_version=\"tpu-vm-tf-2.13.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n runtimeVersion: tpu-vm-tf-2.13.0\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n### Tpu V2 Vm Full\n\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\nimport * as time from \"@pulumi/time\";\n\nconst available = gcp.tpu.getV2RuntimeVersions({});\nconst availableGetV2AcceleratorTypes = gcp.tpu.getV2AcceleratorTypes({});\nconst network = new gcp.compute.Network(\"network\", {\n name: \"tpu-net\",\n autoCreateSubnetworks: false,\n});\nconst subnet = new gcp.compute.Subnetwork(\"subnet\", {\n name: \"tpu-subnet\",\n ipCidrRange: \"10.0.0.0/16\",\n region: \"us-central1\",\n network: network.id,\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"tpu-sa\",\n displayName: \"Test TPU VM\",\n});\nconst disk = new gcp.compute.Disk(\"disk\", {\n name: \"tpu-disk\",\n image: \"debian-cloud/debian-11\",\n size: 10,\n type: \"pd-ssd\",\n zone: \"us-central1-c\",\n});\n// Wait after service account creation to limit eventual consistency errors.\nconst wait60Seconds = new time.index.Sleep(\"wait_60_seconds\", {createDuration: \"60s\"}, {\n dependsOn: [sa],\n});\nconst tpu = new gcp.tpu.V2Vm(\"tpu\", {\n name: \"test-tpu\",\n zone: \"us-central1-c\",\n description: \"Text description of the TPU.\",\n runtimeVersion: \"tpu-vm-tf-2.13.0\",\n acceleratorConfig: {\n type: \"V2\",\n topology: \"2x2\",\n },\n cidrBlock: \"10.0.0.0/29\",\n networkConfig: {\n canIpForward: true,\n enableExternalIps: true,\n network: network.id,\n subnetwork: subnet.id,\n queueCount: 32,\n },\n schedulingConfig: {\n preemptible: true,\n },\n shieldedInstanceConfig: {\n enableSecureBoot: true,\n },\n serviceAccount: {\n email: sa.email,\n scopes: [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n dataDisks: [{\n sourceDisk: disk.id,\n mode: \"READ_ONLY\",\n }],\n labels: {\n foo: \"bar\",\n },\n metadata: {\n foo: \"bar\",\n },\n tags: [\"foo\"],\n}, {\n dependsOn: [wait60Seconds],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\nimport pulumi_time as time\n\navailable = gcp.tpu.get_v2_runtime_versions()\navailable_get_v2_accelerator_types = gcp.tpu.get_v2_accelerator_types()\nnetwork = gcp.compute.Network(\"network\",\n name=\"tpu-net\",\n auto_create_subnetworks=False)\nsubnet = gcp.compute.Subnetwork(\"subnet\",\n name=\"tpu-subnet\",\n ip_cidr_range=\"10.0.0.0/16\",\n region=\"us-central1\",\n network=network.id)\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"tpu-sa\",\n display_name=\"Test TPU VM\")\ndisk = gcp.compute.Disk(\"disk\",\n name=\"tpu-disk\",\n image=\"debian-cloud/debian-11\",\n size=10,\n type=\"pd-ssd\",\n zone=\"us-central1-c\")\n# Wait after service account creation to limit eventual consistency errors.\nwait60_seconds = time.index.Sleep(\"wait_60_seconds\", create_duration=60s,\nopts = pulumi.ResourceOptions(depends_on=[sa]))\ntpu = gcp.tpu.V2Vm(\"tpu\",\n name=\"test-tpu\",\n zone=\"us-central1-c\",\n description=\"Text description of the TPU.\",\n runtime_version=\"tpu-vm-tf-2.13.0\",\n accelerator_config={\n \"type\": \"V2\",\n \"topology\": \"2x2\",\n },\n cidr_block=\"10.0.0.0/29\",\n network_config={\n \"can_ip_forward\": True,\n \"enable_external_ips\": True,\n \"network\": network.id,\n \"subnetwork\": subnet.id,\n \"queue_count\": 32,\n },\n scheduling_config={\n \"preemptible\": True,\n },\n shielded_instance_config={\n \"enable_secure_boot\": True,\n },\n service_account={\n \"email\": sa.email,\n \"scopes\": [\"https://www.googleapis.com/auth/cloud-platform\"],\n },\n data_disks=[{\n \"source_disk\": disk.id,\n \"mode\": \"READ_ONLY\",\n }],\n labels={\n \"foo\": \"bar\",\n },\n metadata={\n \"foo\": \"bar\",\n },\n tags=[\"foo\"],\n opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\nusing Time = Pulumi.Time;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var available = Gcp.Tpu.GetV2RuntimeVersions.Invoke();\n\n var availableGetV2AcceleratorTypes = Gcp.Tpu.GetV2AcceleratorTypes.Invoke();\n\n var network = new Gcp.Compute.Network(\"network\", new()\n {\n Name = \"tpu-net\",\n AutoCreateSubnetworks = false,\n });\n\n var subnet = new Gcp.Compute.Subnetwork(\"subnet\", new()\n {\n Name = \"tpu-subnet\",\n IpCidrRange = \"10.0.0.0/16\",\n Region = \"us-central1\",\n Network = network.Id,\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"tpu-sa\",\n DisplayName = \"Test TPU VM\",\n });\n\n var disk = new Gcp.Compute.Disk(\"disk\", new()\n {\n Name = \"tpu-disk\",\n Image = \"debian-cloud/debian-11\",\n Size = 10,\n Type = \"pd-ssd\",\n Zone = \"us-central1-c\",\n });\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Time.Index.Sleep(\"wait_60_seconds\", new()\n {\n CreateDuration = \"60s\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n sa,\n },\n });\n\n var tpu = new Gcp.Tpu.V2Vm(\"tpu\", new()\n {\n Name = \"test-tpu\",\n Zone = \"us-central1-c\",\n Description = \"Text description of the TPU.\",\n RuntimeVersion = \"tpu-vm-tf-2.13.0\",\n AcceleratorConfig = new Gcp.Tpu.Inputs.V2VmAcceleratorConfigArgs\n {\n Type = \"V2\",\n Topology = \"2x2\",\n },\n CidrBlock = \"10.0.0.0/29\",\n NetworkConfig = new Gcp.Tpu.Inputs.V2VmNetworkConfigArgs\n {\n CanIpForward = true,\n EnableExternalIps = true,\n Network = network.Id,\n Subnetwork = subnet.Id,\n QueueCount = 32,\n },\n SchedulingConfig = new Gcp.Tpu.Inputs.V2VmSchedulingConfigArgs\n {\n Preemptible = true,\n },\n ShieldedInstanceConfig = new Gcp.Tpu.Inputs.V2VmShieldedInstanceConfigArgs\n {\n EnableSecureBoot = true,\n },\n ServiceAccount = new Gcp.Tpu.Inputs.V2VmServiceAccountArgs\n {\n Email = sa.Email,\n Scopes = new[]\n {\n \"https://www.googleapis.com/auth/cloud-platform\",\n },\n },\n DataDisks = new[]\n {\n new Gcp.Tpu.Inputs.V2VmDataDiskArgs\n {\n SourceDisk = disk.Id,\n Mode = \"READ_ONLY\",\n },\n },\n Labels = \n {\n { \"foo\", \"bar\" },\n },\n Metadata = \n {\n { \"foo\", \"bar\" },\n },\n Tags = new[]\n {\n \"foo\",\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n wait60Seconds,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/tpu\"\n\t\"github.com/pulumi/pulumi-time/sdk/go/time\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tpu.GetV2RuntimeVersions(ctx, \u0026tpu.GetV2RuntimeVersionsArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.GetV2AcceleratorTypes(ctx, \u0026tpu.GetV2AcceleratorTypesArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnetwork, err := compute.NewNetwork(ctx, \"network\", \u0026compute.NetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-net\"),\n\t\t\tAutoCreateSubnetworks: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnet, err := compute.NewSubnetwork(ctx, \"subnet\", \u0026compute.SubnetworkArgs{\n\t\t\tName: pulumi.String(\"tpu-subnet\"),\n\t\t\tIpCidrRange: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tRegion: pulumi.String(\"us-central1\"),\n\t\t\tNetwork: network.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"tpu-sa\"),\n\t\t\tDisplayName: pulumi.String(\"Test TPU VM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdisk, err := compute.NewDisk(ctx, \"disk\", \u0026compute.DiskArgs{\n\t\t\tName: pulumi.String(\"tpu-disk\"),\n\t\t\tImage: pulumi.String(\"debian-cloud/debian-11\"),\n\t\t\tSize: pulumi.Int(10),\n\t\t\tType: pulumi.String(\"pd-ssd\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wait after service account creation to limit eventual consistency errors.\n\t\twait60Seconds, err := time.NewSleep(ctx, \"wait_60_seconds\", \u0026time.SleepArgs{\n\t\t\tCreateDuration: \"60s\",\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsa,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tpu.NewV2Vm(ctx, \"tpu\", \u0026tpu.V2VmArgs{\n\t\t\tName: pulumi.String(\"test-tpu\"),\n\t\t\tZone: pulumi.String(\"us-central1-c\"),\n\t\t\tDescription: pulumi.String(\"Text description of the TPU.\"),\n\t\t\tRuntimeVersion: pulumi.String(\"tpu-vm-tf-2.13.0\"),\n\t\t\tAcceleratorConfig: \u0026tpu.V2VmAcceleratorConfigArgs{\n\t\t\t\tType: pulumi.String(\"V2\"),\n\t\t\t\tTopology: pulumi.String(\"2x2\"),\n\t\t\t},\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/29\"),\n\t\t\tNetworkConfig: \u0026tpu.V2VmNetworkConfigArgs{\n\t\t\t\tCanIpForward: pulumi.Bool(true),\n\t\t\t\tEnableExternalIps: pulumi.Bool(true),\n\t\t\t\tNetwork: network.ID(),\n\t\t\t\tSubnetwork: subnet.ID(),\n\t\t\t\tQueueCount: pulumi.Int(32),\n\t\t\t},\n\t\t\tSchedulingConfig: \u0026tpu.V2VmSchedulingConfigArgs{\n\t\t\t\tPreemptible: pulumi.Bool(true),\n\t\t\t},\n\t\t\tShieldedInstanceConfig: \u0026tpu.V2VmShieldedInstanceConfigArgs{\n\t\t\t\tEnableSecureBoot: pulumi.Bool(true),\n\t\t\t},\n\t\t\tServiceAccount: \u0026tpu.V2VmServiceAccountArgs{\n\t\t\t\tEmail: sa.Email,\n\t\t\t\tScopes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"https://www.googleapis.com/auth/cloud-platform\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDataDisks: tpu.V2VmDataDiskArray{\n\t\t\t\t\u0026tpu.V2VmDataDiskArgs{\n\t\t\t\t\tSourceDisk: disk.ID(),\n\t\t\t\t\tMode: pulumi.String(\"READ_ONLY\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLabels: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tMetadata: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"foo\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twait60Seconds,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tpu.TpuFunctions;\nimport com.pulumi.gcp.tpu.inputs.GetV2RuntimeVersionsArgs;\nimport com.pulumi.gcp.tpu.inputs.GetV2AcceleratorTypesArgs;\nimport com.pulumi.gcp.compute.Network;\nimport com.pulumi.gcp.compute.NetworkArgs;\nimport com.pulumi.gcp.compute.Subnetwork;\nimport com.pulumi.gcp.compute.SubnetworkArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.compute.Disk;\nimport com.pulumi.gcp.compute.DiskArgs;\nimport com.pulumi.time.sleep;\nimport com.pulumi.time.SleepArgs;\nimport com.pulumi.gcp.tpu.V2Vm;\nimport com.pulumi.gcp.tpu.V2VmArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmAcceleratorConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmNetworkConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmSchedulingConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmShieldedInstanceConfigArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmServiceAccountArgs;\nimport com.pulumi.gcp.tpu.inputs.V2VmDataDiskArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var available = TpuFunctions.getV2RuntimeVersions();\n\n final var availableGetV2AcceleratorTypes = TpuFunctions.getV2AcceleratorTypes();\n\n var network = new Network(\"network\", NetworkArgs.builder()\n .name(\"tpu-net\")\n .autoCreateSubnetworks(false)\n .build());\n\n var subnet = new Subnetwork(\"subnet\", SubnetworkArgs.builder()\n .name(\"tpu-subnet\")\n .ipCidrRange(\"10.0.0.0/16\")\n .region(\"us-central1\")\n .network(network.id())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder()\n .accountId(\"tpu-sa\")\n .displayName(\"Test TPU VM\")\n .build());\n\n var disk = new Disk(\"disk\", DiskArgs.builder()\n .name(\"tpu-disk\")\n .image(\"debian-cloud/debian-11\")\n .size(10)\n .type(\"pd-ssd\")\n .zone(\"us-central1-c\")\n .build());\n\n // Wait after service account creation to limit eventual consistency errors.\n var wait60Seconds = new Sleep(\"wait60Seconds\", SleepArgs.builder()\n .createDuration(\"60s\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(sa)\n .build());\n\n var tpu = new V2Vm(\"tpu\", V2VmArgs.builder()\n .name(\"test-tpu\")\n .zone(\"us-central1-c\")\n .description(\"Text description of the TPU.\")\n .runtimeVersion(\"tpu-vm-tf-2.13.0\")\n .acceleratorConfig(V2VmAcceleratorConfigArgs.builder()\n .type(\"V2\")\n .topology(\"2x2\")\n .build())\n .cidrBlock(\"10.0.0.0/29\")\n .networkConfig(V2VmNetworkConfigArgs.builder()\n .canIpForward(true)\n .enableExternalIps(true)\n .network(network.id())\n .subnetwork(subnet.id())\n .queueCount(32)\n .build())\n .schedulingConfig(V2VmSchedulingConfigArgs.builder()\n .preemptible(true)\n .build())\n .shieldedInstanceConfig(V2VmShieldedInstanceConfigArgs.builder()\n .enableSecureBoot(true)\n .build())\n .serviceAccount(V2VmServiceAccountArgs.builder()\n .email(sa.email())\n .scopes(\"https://www.googleapis.com/auth/cloud-platform\")\n .build())\n .dataDisks(V2VmDataDiskArgs.builder()\n .sourceDisk(disk.id())\n .mode(\"READ_ONLY\")\n .build())\n .labels(Map.of(\"foo\", \"bar\"))\n .metadata(Map.of(\"foo\", \"bar\"))\n .tags(\"foo\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(wait60Seconds)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tpu:\n type: gcp:tpu:V2Vm\n properties:\n name: test-tpu\n zone: us-central1-c\n description: Text description of the TPU.\n runtimeVersion: tpu-vm-tf-2.13.0\n acceleratorConfig:\n type: V2\n topology: 2x2\n cidrBlock: 10.0.0.0/29\n networkConfig:\n canIpForward: true\n enableExternalIps: true\n network: ${network.id}\n subnetwork: ${subnet.id}\n queueCount: 32\n schedulingConfig:\n preemptible: true\n shieldedInstanceConfig:\n enableSecureBoot: true\n serviceAccount:\n email: ${sa.email}\n scopes:\n - https://www.googleapis.com/auth/cloud-platform\n dataDisks:\n - sourceDisk: ${disk.id}\n mode: READ_ONLY\n labels:\n foo: bar\n metadata:\n foo: bar\n tags:\n - foo\n options:\n dependsOn:\n - ${wait60Seconds}\n subnet:\n type: gcp:compute:Subnetwork\n properties:\n name: tpu-subnet\n ipCidrRange: 10.0.0.0/16\n region: us-central1\n network: ${network.id}\n network:\n type: gcp:compute:Network\n properties:\n name: tpu-net\n autoCreateSubnetworks: false\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: tpu-sa\n displayName: Test TPU VM\n disk:\n type: gcp:compute:Disk\n properties:\n name: tpu-disk\n image: debian-cloud/debian-11\n size: 10\n type: pd-ssd\n zone: us-central1-c\n # Wait after service account creation to limit eventual consistency errors.\n wait60Seconds:\n type: time:sleep\n name: wait_60_seconds\n properties:\n createDuration: 60s\n options:\n dependsOn:\n - ${sa}\nvariables:\n available:\n fn::invoke:\n function: gcp:tpu:getV2RuntimeVersions\n arguments: {}\n availableGetV2AcceleratorTypes:\n fn::invoke:\n function: gcp:tpu:getV2AcceleratorTypes\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nVm can be imported using any of these accepted formats:\n\n* `projects/{{project}}/locations/{{zone}}/nodes/{{name}}`\n\n* `{{project}}/{{zone}}/{{name}}`\n\n* `{{zone}}/{{name}}`\n\n* `{{name}}`\n\nWhen using the `pulumi import` command, Vm can be imported using one of the formats above. For example:\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default projects/{{project}}/locations/{{zone}}/nodes/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{project}}/{{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{zone}}/{{name}}\n```\n\n```sh\n$ pulumi import gcp:tpu/v2Vm:V2Vm default {{name}}\n```\n\n", "properties": { "acceleratorConfig": { "$ref": "#/types/gcp:tpu/V2VmAcceleratorConfig:V2VmAcceleratorConfig", @@ -273864,6 +275218,13 @@ "$ref": "#/types/gcp:tpu/V2VmNetworkConfig:V2VmNetworkConfig", "description": "Network configurations for the TPU node.\nStructure is documented below.\n" }, + "networkConfigs": { + "type": "array", + "items": { + "$ref": "#/types/gcp:tpu/V2VmNetworkConfig:V2VmNetworkConfig" + }, + "description": "Repeated network configurations for the TPU node. This field is used to specify multiple\nnetwork configs for the TPU node.\nStructure is documented below.\n" + }, "networkEndpoints": { "type": "array", "items": { @@ -273998,6 +275359,14 @@ "description": "Network configurations for the TPU node.\nStructure is documented below.\n", "willReplaceOnChanges": true }, + "networkConfigs": { + "type": "array", + "items": { + "$ref": "#/types/gcp:tpu/V2VmNetworkConfig:V2VmNetworkConfig" + }, + "description": "Repeated network configurations for the TPU node. This field is used to specify multiple\nnetwork configs for the TPU node.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, "project": { "type": "string", "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the provider project is used.\n", @@ -274116,6 +275485,14 @@ "description": "Network configurations for the TPU node.\nStructure is documented below.\n", "willReplaceOnChanges": true }, + "networkConfigs": { + "type": "array", + "items": { + "$ref": "#/types/gcp:tpu/V2VmNetworkConfig:V2VmNetworkConfig" + }, + "description": "Repeated network configurations for the TPU node. This field is used to specify multiple\nnetwork configs for the TPU node.\nStructure is documented below.\n", + "willReplaceOnChanges": true + }, "networkEndpoints": { "type": "array", "items": { @@ -283380,7 +284757,7 @@ "properties": { "location": { "type": "string", - "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", + "description": "The name of the repository's location. In addition to specific regions,\nspecial values for multi-region locations are `asia`, `europe`, and `us`.\nSee [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations),\nor use the\ngcp.artifactregistry.getLocations\ndata source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified,\nthe value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no\nlocation is specified, it is taken from the provider configuration.\n", "willReplaceOnChanges": true }, "project": { @@ -289302,6 +290679,9 @@ "network": { "type": "string" }, + "networkTier": { + "type": "string" + }, "noAutomateDnsZone": { "type": "boolean" }, @@ -289361,6 +290741,7 @@ "metadataFilters", "name", "network", + "networkTier", "noAutomateDnsZone", "portRange", "pscConnectionId", diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterArgs.cs index cfcfa228ce..5127dad685 100644 --- a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterArgs.cs +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterArgs.cs @@ -26,15 +26,6 @@ public sealed class ServicePerimetersServicePerimeterArgs : global::Pulumi.Resou [Input("description")] public Input? Description { get; set; } - /// - /// (Output) - /// An opaque identifier for the current version of the ServicePerimeter. This - /// identifier does not follow any specific format. If an etag is not provided, the - /// operation will be performed as if a valid etag is provided. - /// - [Input("etag")] - public Input? Etag { get; set; } - /// /// Resource name for the ServicePerimeter. The short_name component must /// begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterGetArgs.cs b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterGetArgs.cs index a64bc847e1..f5e8672278 100644 --- a/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterGetArgs.cs +++ b/sdk/dotnet/AccessContextManager/Inputs/ServicePerimetersServicePerimeterGetArgs.cs @@ -26,15 +26,6 @@ public sealed class ServicePerimetersServicePerimeterGetArgs : global::Pulumi.Re [Input("description")] public Input? Description { get; set; } - /// - /// (Output) - /// An opaque identifier for the current version of the ServicePerimeter. This - /// identifier does not follow any specific format. If an etag is not provided, the - /// operation will be performed as if a valid etag is provided. - /// - [Input("etag")] - public Input? Etag { get; set; } - /// /// Resource name for the ServicePerimeter. The short_name component must /// begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimetersServicePerimeter.cs b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimetersServicePerimeter.cs index b28966da4a..a0088fc132 100644 --- a/sdk/dotnet/AccessContextManager/Outputs/ServicePerimetersServicePerimeter.cs +++ b/sdk/dotnet/AccessContextManager/Outputs/ServicePerimetersServicePerimeter.cs @@ -24,13 +24,6 @@ public sealed class ServicePerimetersServicePerimeter /// public readonly string? Description; /// - /// (Output) - /// An opaque identifier for the current version of the ServicePerimeter. This - /// identifier does not follow any specific format. If an etag is not provided, the - /// operation will be performed as if a valid etag is provided. - /// - public readonly string? Etag; - /// /// Resource name for the ServicePerimeter. The short_name component must /// begin with a letter and only include alphanumeric and '_'. /// Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -98,8 +91,6 @@ private ServicePerimetersServicePerimeter( string? description, - string? etag, - string name, string? perimeterType, @@ -116,7 +107,6 @@ private ServicePerimetersServicePerimeter( { CreateTime = createTime; Description = description; - Etag = etag; Name = name; PerimeterType = perimeterType; Spec = spec; diff --git a/sdk/dotnet/AccessContextManager/ServicePerimeter.cs b/sdk/dotnet/AccessContextManager/ServicePerimeter.cs index efb9511c0a..1d0a597c78 100644 --- a/sdk/dotnet/AccessContextManager/ServicePerimeter.cs +++ b/sdk/dotnet/AccessContextManager/ServicePerimeter.cs @@ -356,14 +356,6 @@ public partial class ServicePerimeter : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; - /// - /// An opaque identifier for the current version of the ServicePerimeter. This - /// identifier does not follow any specific format. If an etag is not provided, the - /// operation will be performed as if a valid etag is provided. - /// - [Output("etag")] - public Output Etag { get; private set; } = null!; - /// /// Resource name for the ServicePerimeter. The short_name component must /// begin with a letter and only include alphanumeric and '_'. @@ -600,14 +592,6 @@ public sealed class ServicePerimeterState : global::Pulumi.ResourceArgs [Input("description")] public Input? Description { get; set; } - /// - /// An opaque identifier for the current version of the ServicePerimeter. This - /// identifier does not follow any specific format. If an etag is not provided, the - /// operation will be performed as if a valid etag is provided. - /// - [Input("etag")] - public Input? Etag { get; set; } - /// /// Resource name for the ServicePerimeter. The short_name component must /// begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/dotnet/ArtifactRegistry/GetRepositoryIamPolicy.cs b/sdk/dotnet/ArtifactRegistry/GetRepositoryIamPolicy.cs index cf665460ea..9b749400e3 100644 --- a/sdk/dotnet/ArtifactRegistry/GetRepositoryIamPolicy.cs +++ b/sdk/dotnet/ArtifactRegistry/GetRepositoryIamPolicy.cs @@ -97,8 +97,12 @@ public static Output Invoke(GetRepositoryIamPolicy public sealed class GetRepositoryIamPolicyArgs : global::Pulumi.InvokeArgs { /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -127,8 +131,12 @@ public GetRepositoryIamPolicyArgs() public sealed class GetRepositoryIamPolicyInvokeArgs : global::Pulumi.InvokeArgs { /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// diff --git a/sdk/dotnet/ArtifactRegistry/Repository.cs b/sdk/dotnet/ArtifactRegistry/Repository.cs index b186034a02..8d2d7e60d0 100644 --- a/sdk/dotnet/ArtifactRegistry/Repository.cs +++ b/sdk/dotnet/ArtifactRegistry/Repository.cs @@ -40,6 +40,26 @@ namespace Pulumi.Gcp.ArtifactRegistry /// /// }); /// ``` + /// ### Artifact Registry Repository Multi Region + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var my_repo = new Gcp.ArtifactRegistry.Repository("my-repo", new() + /// { + /// RepositoryId = "my-repository", + /// Description = "example docker repository", + /// Location = "us", + /// Format = "DOCKER", + /// }); + /// + /// }); + /// ``` /// ### Artifact Registry Repository Docker /// /// ```csharp @@ -793,8 +813,6 @@ namespace Pulumi.Gcp.ArtifactRegistry /// /// * `{{location}}/{{repository_id}}` /// - /// * `{{repository_id}}` - /// /// When using the `pulumi import` command, Repository can be imported using one of the formats above. For example: /// /// ```sh @@ -808,10 +826,6 @@ namespace Pulumi.Gcp.ArtifactRegistry /// ```sh /// $ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}} /// ``` - /// - /// ```sh - /// $ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}} - /// ``` /// [GcpResourceType("gcp:artifactregistry/repository:Repository")] public partial class Repository : global::Pulumi.CustomResource @@ -863,9 +877,6 @@ public partial class Repository : global::Pulumi.CustomResource /// can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). /// You can only create alpha formats if you are a member of the /// [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - /// - /// - /// - - - /// [Output("format")] public Output Format { get; private set; } = null!; @@ -893,7 +904,12 @@ public partial class Repository : global::Pulumi.CustomResource public Output?> Labels { get; private set; } = null!; /// - /// The name of the location this repository is located in. + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. /// [Output("location")] public Output Location { get; private set; } = null!; @@ -946,6 +962,9 @@ public partial class Repository : global::Pulumi.CustomResource /// /// The last part of the repository name, for example: /// "repo1" + /// + /// + /// - - - /// [Output("repositoryId")] public Output RepositoryId { get; private set; } = null!; @@ -1055,9 +1074,6 @@ public InputList CleanupPolicies /// can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). /// You can only create alpha formats if you are a member of the /// [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - /// - /// - /// - - - /// [Input("format", required: true)] public Input Format { get; set; } = null!; @@ -1091,7 +1107,12 @@ public InputMap Labels } /// - /// The name of the location this repository is located in. + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. /// [Input("location")] public Input? Location { get; set; } @@ -1130,6 +1151,9 @@ public InputMap Labels /// /// The last part of the repository name, for example: /// "repo1" + /// + /// + /// - - - /// [Input("repositoryId", required: true)] public Input RepositoryId { get; set; } = null!; @@ -1212,9 +1236,6 @@ public InputMap EffectiveLabels /// can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). /// You can only create alpha formats if you are a member of the /// [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - /// - /// - /// - - - /// [Input("format")] public Input? Format { get; set; } @@ -1248,7 +1269,12 @@ public InputMap Labels } /// - /// The name of the location this repository is located in. + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. /// [Input("location")] public Input? Location { get; set; } @@ -1311,6 +1337,9 @@ public InputMap PulumiLabels /// /// The last part of the repository name, for example: /// "repo1" + /// + /// + /// - - - /// [Input("repositoryId")] public Input? RepositoryId { get; set; } diff --git a/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs b/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs index 592bcd4a80..bdfd374480 100644 --- a/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs +++ b/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs @@ -260,8 +260,12 @@ public partial class RepositoryIamBinding : global::Pulumi.CustomResource public Output Etag { get; private set; } = null!; /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -355,8 +359,12 @@ public sealed class RepositoryIamBindingArgs : global::Pulumi.ResourceArgs public Input? Condition { get; set; } /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -424,8 +432,12 @@ public sealed class RepositoryIamBindingState : global::Pulumi.ResourceArgs public Input? Etag { get; set; } /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// diff --git a/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs b/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs index b325d4180f..0a08931cd2 100644 --- a/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs +++ b/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs @@ -260,8 +260,12 @@ public partial class RepositoryIamMember : global::Pulumi.CustomResource public Output Etag { get; private set; } = null!; /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -355,8 +359,12 @@ public sealed class RepositoryIamMemberArgs : global::Pulumi.ResourceArgs public Input? Condition { get; set; } /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -418,8 +426,12 @@ public sealed class RepositoryIamMemberState : global::Pulumi.ResourceArgs public Input? Etag { get; set; } /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// diff --git a/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs b/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs index ffef93f8ed..9fc2c3ed43 100644 --- a/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs +++ b/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs @@ -257,8 +257,12 @@ public partial class RepositoryIamPolicy : global::Pulumi.CustomResource public Output Etag { get; private set; } = null!; /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -332,8 +336,12 @@ public static RepositoryIamPolicy Get(string name, Input id, RepositoryI public sealed class RepositoryIamPolicyArgs : global::Pulumi.ResourceArgs { /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// @@ -375,8 +383,12 @@ public sealed class RepositoryIamPolicyState : global::Pulumi.ResourceArgs public Input? Etag { get; set; } /// - /// The name of the location this repository is located in. - /// Used to find the parent resource to bind the IAM policy to. If not specified, + /// The name of the repository's location. In addition to specific regions, + /// special values for multi-region locations are `asia`, `europe`, and `us`. + /// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + /// or use the + /// gcp.artifactregistry.getLocations + /// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, /// the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no /// location is specified, it is taken from the provider configuration. /// diff --git a/sdk/dotnet/Compute/GetGlobalForwardingRule.cs b/sdk/dotnet/Compute/GetGlobalForwardingRule.cs index a5845faa36..1e01886a3e 100644 --- a/sdk/dotnet/Compute/GetGlobalForwardingRule.cs +++ b/sdk/dotnet/Compute/GetGlobalForwardingRule.cs @@ -153,6 +153,7 @@ public sealed class GetGlobalForwardingRuleResult public readonly ImmutableArray MetadataFilters; public readonly string Name; public readonly string Network; + public readonly string NetworkTier; public readonly bool NoAutomateDnsZone; public readonly string PortRange; public readonly string? Project; @@ -197,6 +198,8 @@ private GetGlobalForwardingRuleResult( string network, + string networkTier, + bool noAutomateDnsZone, string portRange, @@ -234,6 +237,7 @@ private GetGlobalForwardingRuleResult( MetadataFilters = metadataFilters; Name = name; Network = network; + NetworkTier = networkTier; NoAutomateDnsZone = noAutomateDnsZone; PortRange = portRange; Project = project; diff --git a/sdk/dotnet/Compute/GlobalForwardingRule.cs b/sdk/dotnet/Compute/GlobalForwardingRule.cs index 62680397b0..d3662c1c0f 100644 --- a/sdk/dotnet/Compute/GlobalForwardingRule.cs +++ b/sdk/dotnet/Compute/GlobalForwardingRule.cs @@ -323,6 +323,7 @@ namespace Pulumi.Gcp.Compute /// Target = defaultTargetHttpProxy.Id, /// PortRange = "80", /// LoadBalancingScheme = "EXTERNAL_MANAGED", + /// NetworkTier = "PREMIUM", /// }); /// /// }); @@ -801,6 +802,21 @@ public partial class GlobalForwardingRule : global::Pulumi.CustomResource [Output("network")] public Output Network { get; private set; } = null!; + /// + /// This signifies the networking tier used for configuring + /// this load balancer and can only take the following values: + /// `PREMIUM`, `STANDARD`. + /// For regional ForwardingRule, the valid values are `PREMIUM` and + /// `STANDARD`. For GlobalForwardingRule, the valid value is + /// `PREMIUM`. + /// If this field is not specified, it is assumed to be `PREMIUM`. + /// If `IPAddress` is specified, this value must be equal to the + /// networkTier of the Address. + /// Possible values are: `PREMIUM`, `STANDARD`. + /// + [Output("networkTier")] + public Output NetworkTier { get; private set; } = null!; + /// /// This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. /// @@ -1105,6 +1121,21 @@ public InputList MetadataFilters [Input("network")] public Input? Network { get; set; } + /// + /// This signifies the networking tier used for configuring + /// this load balancer and can only take the following values: + /// `PREMIUM`, `STANDARD`. + /// For regional ForwardingRule, the valid values are `PREMIUM` and + /// `STANDARD`. For GlobalForwardingRule, the valid value is + /// `PREMIUM`. + /// If this field is not specified, it is assumed to be `PREMIUM`. + /// If `IPAddress` is specified, this value must be equal to the + /// networkTier of the Address. + /// Possible values are: `PREMIUM`, `STANDARD`. + /// + [Input("networkTier")] + public Input? NetworkTier { get; set; } + /// /// This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. /// @@ -1382,6 +1413,21 @@ public InputList MetadataFilte [Input("network")] public Input? Network { get; set; } + /// + /// This signifies the networking tier used for configuring + /// this load balancer and can only take the following values: + /// `PREMIUM`, `STANDARD`. + /// For regional ForwardingRule, the valid values are `PREMIUM` and + /// `STANDARD`. For GlobalForwardingRule, the valid value is + /// `PREMIUM`. + /// If this field is not specified, it is assumed to be `PREMIUM`. + /// If `IPAddress` is specified, this value must be equal to the + /// networkTier of the Address. + /// Possible values are: `PREMIUM`, `STANDARD`. + /// + [Input("networkTier")] + public Input? NetworkTier { get; set; } + /// /// This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. /// diff --git a/sdk/dotnet/Compute/ProjectCloudArmorTier.cs b/sdk/dotnet/Compute/ProjectCloudArmorTier.cs index 43858548ca..5e9196b2b1 100644 --- a/sdk/dotnet/Compute/ProjectCloudArmorTier.cs +++ b/sdk/dotnet/Compute/ProjectCloudArmorTier.cs @@ -100,7 +100,7 @@ public partial class ProjectCloudArmorTier : global::Pulumi.CustomResource { /// /// Managed protection tier to be set. - /// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + /// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. /// /// /// - - - @@ -163,7 +163,7 @@ public sealed class ProjectCloudArmorTierArgs : global::Pulumi.ResourceArgs { /// /// Managed protection tier to be set. - /// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + /// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. /// /// /// - - - @@ -188,7 +188,7 @@ public sealed class ProjectCloudArmorTierState : global::Pulumi.ResourceArgs { /// /// Managed protection tier to be set. - /// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + /// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. /// /// /// - - - diff --git a/sdk/dotnet/Firebase/DatabaseInstance.cs b/sdk/dotnet/Firebase/DatabaseInstance.cs index 41926a74b1..e21546dc3f 100644 --- a/sdk/dotnet/Firebase/DatabaseInstance.cs +++ b/sdk/dotnet/Firebase/DatabaseInstance.cs @@ -59,6 +59,7 @@ namespace Pulumi.Gcp.Firebase /// using System.Linq; /// using Pulumi; /// using Gcp = Pulumi.Gcp; + /// using Time = Pulumi.Time; /// /// return await Deployment.RunAsync(() => /// { @@ -74,15 +75,40 @@ namespace Pulumi.Gcp.Firebase /// }, /// }); /// + /// var firebase = new Gcp.Projects.Service("firebase", new() + /// { + /// Project = @default.ProjectId, + /// ServiceName = "firebase.googleapis.com", + /// DisableOnDestroy = false, + /// }); + /// /// var defaultProject = new Gcp.Firebase.Project("default", new() /// { /// ProjectID = @default.ProjectId, + /// }, new CustomResourceOptions + /// { + /// DependsOn = + /// { + /// firebase, + /// }, /// }); /// /// var firebaseDatabase = new Gcp.Projects.Service("firebase_database", new() /// { /// Project = defaultProject.ProjectID, /// ServiceName = "firebasedatabase.googleapis.com", + /// DisableOnDestroy = false, + /// }); + /// + /// var wait60Seconds = new Time.Index.Sleep("wait_60_seconds", new() + /// { + /// CreateDuration = "60s", + /// }, new CustomResourceOptions + /// { + /// DependsOn = + /// { + /// firebaseDatabase, + /// }, /// }); /// /// var defaultDatabaseInstance = new Gcp.Firebase.DatabaseInstance("default", new() @@ -95,7 +121,7 @@ namespace Pulumi.Gcp.Firebase /// { /// DependsOn = /// { - /// firebaseDatabase, + /// wait60Seconds, /// }, /// }); /// diff --git a/sdk/dotnet/Firebase/HostingVersion.cs b/sdk/dotnet/Firebase/HostingVersion.cs index fbbb5f8bd2..929f5b76d1 100644 --- a/sdk/dotnet/Firebase/HostingVersion.cs +++ b/sdk/dotnet/Firebase/HostingVersion.cs @@ -54,6 +54,94 @@ namespace Pulumi.Gcp.Firebase /// /// }); /// ``` + /// ### Firebasehosting Version Headers + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = new Gcp.Firebase.HostingSite("default", new() + /// { + /// Project = "my-project-name", + /// SiteId = "site-id", + /// }); + /// + /// var defaultHostingVersion = new Gcp.Firebase.HostingVersion("default", new() + /// { + /// SiteId = @default.SiteId, + /// Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs + /// { + /// Headers = new[] + /// { + /// new Gcp.Firebase.Inputs.HostingVersionConfigHeaderArgs + /// { + /// Glob = "/headers/**", + /// Headers = + /// { + /// { "my-header", "my-value" }, + /// }, + /// }, + /// }, + /// }, + /// }); + /// + /// var defaultHostingRelease = new Gcp.Firebase.HostingRelease("default", new() + /// { + /// SiteId = @default.SiteId, + /// VersionName = defaultHostingVersion.Name, + /// Message = "With custom headers", + /// }); + /// + /// }); + /// ``` + /// ### Firebasehosting Version Headers Regex + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = new Gcp.Firebase.HostingSite("default", new() + /// { + /// Project = "my-project-name", + /// SiteId = "site-id", + /// }); + /// + /// var defaultHostingVersion = new Gcp.Firebase.HostingVersion("default", new() + /// { + /// SiteId = @default.SiteId, + /// Config = new Gcp.Firebase.Inputs.HostingVersionConfigArgs + /// { + /// Headers = new[] + /// { + /// new Gcp.Firebase.Inputs.HostingVersionConfigHeaderArgs + /// { + /// Regex = "^~/headers$", + /// Headers = + /// { + /// { "my-header", "my-value" }, + /// }, + /// }, + /// }, + /// }, + /// }); + /// + /// var defaultHostingRelease = new Gcp.Firebase.HostingRelease("default", new() + /// { + /// SiteId = @default.SiteId, + /// VersionName = defaultHostingVersion.Name, + /// Message = "With custom headers", + /// }); + /// + /// }); + /// ``` /// ### Firebasehosting Version Path /// /// ```csharp diff --git a/sdk/dotnet/Firebase/Inputs/HostingVersionConfigArgs.cs b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigArgs.cs index cc46aa3eb6..d14340d1db 100644 --- a/sdk/dotnet/Firebase/Inputs/HostingVersionConfigArgs.cs +++ b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigArgs.cs @@ -12,6 +12,20 @@ namespace Pulumi.Gcp.Firebase.Inputs public sealed class HostingVersionConfigArgs : global::Pulumi.ResourceArgs { + [Input("headers")] + private InputList? _headers; + + /// + /// An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + /// triggers Hosting to apply the specified custom response headers. + /// Structure is documented below. + /// + public InputList Headers + { + get => _headers ?? (_headers = new InputList()); + set => _headers = value; + } + [Input("redirects")] private InputList? _redirects; diff --git a/sdk/dotnet/Firebase/Inputs/HostingVersionConfigGetArgs.cs b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigGetArgs.cs index 5b99b564d7..6ec4476342 100644 --- a/sdk/dotnet/Firebase/Inputs/HostingVersionConfigGetArgs.cs +++ b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigGetArgs.cs @@ -12,6 +12,20 @@ namespace Pulumi.Gcp.Firebase.Inputs public sealed class HostingVersionConfigGetArgs : global::Pulumi.ResourceArgs { + [Input("headers")] + private InputList? _headers; + + /// + /// An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + /// triggers Hosting to apply the specified custom response headers. + /// Structure is documented below. + /// + public InputList Headers + { + get => _headers ?? (_headers = new InputList()); + set => _headers = value; + } + [Input("redirects")] private InputList? _redirects; diff --git a/sdk/dotnet/Firebase/Inputs/HostingVersionConfigHeaderArgs.cs b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigHeaderArgs.cs new file mode 100644 index 0000000000..bbeb68012e --- /dev/null +++ b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigHeaderArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.Firebase.Inputs +{ + + public sealed class HostingVersionConfigHeaderArgs : global::Pulumi.ResourceArgs + { + /// + /// The user-supplied glob to match against the request URL path. + /// + [Input("glob")] + public Input? Glob { get; set; } + + [Input("headers", required: true)] + private InputMap? _headers; + + /// + /// The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + /// + public InputMap Headers + { + get => _headers ?? (_headers = new InputMap()); + set => _headers = value; + } + + /// + /// The user-supplied RE2 regular expression to match against the request URL path. + /// + [Input("regex")] + public Input? Regex { get; set; } + + public HostingVersionConfigHeaderArgs() + { + } + public static new HostingVersionConfigHeaderArgs Empty => new HostingVersionConfigHeaderArgs(); + } +} diff --git a/sdk/dotnet/Firebase/Inputs/HostingVersionConfigHeaderGetArgs.cs b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigHeaderGetArgs.cs new file mode 100644 index 0000000000..9b3210edc7 --- /dev/null +++ b/sdk/dotnet/Firebase/Inputs/HostingVersionConfigHeaderGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.Firebase.Inputs +{ + + public sealed class HostingVersionConfigHeaderGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The user-supplied glob to match against the request URL path. + /// + [Input("glob")] + public Input? Glob { get; set; } + + [Input("headers", required: true)] + private InputMap? _headers; + + /// + /// The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + /// + public InputMap Headers + { + get => _headers ?? (_headers = new InputMap()); + set => _headers = value; + } + + /// + /// The user-supplied RE2 regular expression to match against the request URL path. + /// + [Input("regex")] + public Input? Regex { get; set; } + + public HostingVersionConfigHeaderGetArgs() + { + } + public static new HostingVersionConfigHeaderGetArgs Empty => new HostingVersionConfigHeaderGetArgs(); + } +} diff --git a/sdk/dotnet/Firebase/Outputs/HostingVersionConfig.cs b/sdk/dotnet/Firebase/Outputs/HostingVersionConfig.cs index 704b3da9fe..25a6c5487e 100644 --- a/sdk/dotnet/Firebase/Outputs/HostingVersionConfig.cs +++ b/sdk/dotnet/Firebase/Outputs/HostingVersionConfig.cs @@ -13,6 +13,12 @@ namespace Pulumi.Gcp.Firebase.Outputs [OutputType] public sealed class HostingVersionConfig { + /// + /// An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + /// triggers Hosting to apply the specified custom response headers. + /// Structure is documented below. + /// + public readonly ImmutableArray Headers; /// /// An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, /// triggers Hosting to respond with a redirect to the specified destination path. @@ -28,10 +34,13 @@ public sealed class HostingVersionConfig [OutputConstructor] private HostingVersionConfig( + ImmutableArray headers, + ImmutableArray redirects, ImmutableArray rewrites) { + Headers = headers; Redirects = redirects; Rewrites = rewrites; } diff --git a/sdk/dotnet/Firebase/Outputs/HostingVersionConfigHeader.cs b/sdk/dotnet/Firebase/Outputs/HostingVersionConfigHeader.cs new file mode 100644 index 0000000000..968b44fd42 --- /dev/null +++ b/sdk/dotnet/Firebase/Outputs/HostingVersionConfigHeader.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.Firebase.Outputs +{ + + [OutputType] + public sealed class HostingVersionConfigHeader + { + /// + /// The user-supplied glob to match against the request URL path. + /// + public readonly string? Glob; + /// + /// The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + /// + public readonly ImmutableDictionary Headers; + /// + /// The user-supplied RE2 regular expression to match against the request URL path. + /// + public readonly string? Regex; + + [OutputConstructor] + private HostingVersionConfigHeader( + string? glob, + + ImmutableDictionary headers, + + string? regex) + { + Glob = glob; + Headers = headers; + Regex = regex; + } + } +} diff --git a/sdk/dotnet/Firebase/Project.cs b/sdk/dotnet/Firebase/Project.cs index 09f1038731..944957d607 100644 --- a/sdk/dotnet/Firebase/Project.cs +++ b/sdk/dotnet/Firebase/Project.cs @@ -10,7 +10,7 @@ namespace Pulumi.Gcp.Firebase { /// - /// A Google Cloud Firebase instance. This enables Firebase resources on a given google project. + /// A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project. /// Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP /// identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. /// Once Firebase has been added to a Google Project it cannot be removed. @@ -92,7 +92,7 @@ public partial class Project : global::Pulumi.CustomResource public Output ProjectID { get; private set; } = null!; /// - /// The number of the google project that firebase is enabled on. + /// The number of the Google Project that Firebase is enabled on. /// [Output("projectNumber")] public Output ProjectNumber { get; private set; } = null!; @@ -172,7 +172,7 @@ public sealed class ProjectState : global::Pulumi.ResourceArgs public Input? ProjectID { get; set; } /// - /// The number of the google project that firebase is enabled on. + /// The number of the Google Project that Firebase is enabled on. /// [Input("projectNumber")] public Input? ProjectNumber { get; set; } diff --git a/sdk/dotnet/IdentityPlatform/Config.cs b/sdk/dotnet/IdentityPlatform/Config.cs index af538d68b4..2caeb5f489 100644 --- a/sdk/dotnet/IdentityPlatform/Config.cs +++ b/sdk/dotnet/IdentityPlatform/Config.cs @@ -113,7 +113,7 @@ namespace Pulumi.Gcp.IdentityPlatform /// SignUpQuotaConfig = new Gcp.IdentityPlatform.Inputs.ConfigQuotaSignUpQuotaConfigArgs /// { /// Quota = 1000, - /// StartTime = "", + /// StartTime = "2014-10-02T15:01:23Z", /// QuotaDuration = "7200s", /// }, /// }, diff --git a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaArgs.cs b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaArgs.cs index 4d4cb1b773..a75d14748a 100644 --- a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaArgs.cs +++ b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Gcp.IdentityPlatform.Inputs public sealed class ConfigQuotaArgs : global::Pulumi.ResourceArgs { /// - /// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + /// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. /// Structure is documented below. /// [Input("signUpQuotaConfig")] diff --git a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaGetArgs.cs b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaGetArgs.cs index 93664ebec8..5fd1ce48d4 100644 --- a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaGetArgs.cs +++ b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaGetArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Gcp.IdentityPlatform.Inputs public sealed class ConfigQuotaGetArgs : global::Pulumi.ResourceArgs { /// - /// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + /// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. /// Structure is documented below. /// [Input("signUpQuotaConfig")] diff --git a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigArgs.cs b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigArgs.cs index 932007c855..ff69de922f 100644 --- a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigArgs.cs +++ b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Gcp.IdentityPlatform.Inputs public sealed class ConfigQuotaSignUpQuotaConfigArgs : global::Pulumi.ResourceArgs { /// - /// A sign up APIs quota that customers can override temporarily. + /// A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. /// [Input("quota")] public Input? Quota { get; set; } diff --git a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigGetArgs.cs b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigGetArgs.cs index abb320b6dd..7da7b5a3bf 100644 --- a/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigGetArgs.cs +++ b/sdk/dotnet/IdentityPlatform/Inputs/ConfigQuotaSignUpQuotaConfigGetArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.Gcp.IdentityPlatform.Inputs public sealed class ConfigQuotaSignUpQuotaConfigGetArgs : global::Pulumi.ResourceArgs { /// - /// A sign up APIs quota that customers can override temporarily. + /// A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. /// [Input("quota")] public Input? Quota { get; set; } diff --git a/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuota.cs b/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuota.cs index bd3e37c6b4..a6c137cfe5 100644 --- a/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuota.cs +++ b/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuota.cs @@ -14,7 +14,7 @@ namespace Pulumi.Gcp.IdentityPlatform.Outputs public sealed class ConfigQuota { /// - /// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + /// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. /// Structure is documented below. /// public readonly Outputs.ConfigQuotaSignUpQuotaConfig? SignUpQuotaConfig; diff --git a/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuotaSignUpQuotaConfig.cs b/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuotaSignUpQuotaConfig.cs index 00acef522e..b06498f9ac 100644 --- a/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuotaSignUpQuotaConfig.cs +++ b/sdk/dotnet/IdentityPlatform/Outputs/ConfigQuotaSignUpQuotaConfig.cs @@ -14,7 +14,7 @@ namespace Pulumi.Gcp.IdentityPlatform.Outputs public sealed class ConfigQuotaSignUpQuotaConfig { /// - /// A sign up APIs quota that customers can override temporarily. + /// A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. /// public readonly int? Quota; /// diff --git a/sdk/dotnet/Looker/Instance.cs b/sdk/dotnet/Looker/Instance.cs index e9bdd64968..7744608431 100644 --- a/sdk/dotnet/Looker/Instance.cs +++ b/sdk/dotnet/Looker/Instance.cs @@ -477,8 +477,11 @@ public partial class Instance : global::Pulumi.CustomResource /// these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard /// instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - /// LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - /// Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - /// "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + /// - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + /// nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + /// value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + /// "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + /// "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] /// [Output("platformEdition")] public Output PlatformEdition { get; private set; } = null!; @@ -657,8 +660,11 @@ public sealed class InstanceArgs : global::Pulumi.ResourceArgs /// these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard /// instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - /// LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - /// Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - /// "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + /// - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + /// nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + /// value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + /// "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + /// "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] /// [Input("platformEdition")] public Input? PlatformEdition { get; set; } @@ -829,8 +835,11 @@ public sealed class InstanceState : global::Pulumi.ResourceArgs /// these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard /// instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - /// LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - /// Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - /// "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + /// - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + /// nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + /// value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + /// "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + /// "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] /// [Input("platformEdition")] public Input? PlatformEdition { get; set; } diff --git a/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.cs b/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.cs index 4406733869..d64d0f4e0f 100644 --- a/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.cs +++ b/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.cs @@ -15,14 +15,14 @@ public sealed class SpokeLinkedRouterApplianceInstancesInstanceArgs : global::Pu /// /// The IP address on the VM to use for peering. /// - [Input("ipAddress")] - public Input? IpAddress { get; set; } + [Input("ipAddress", required: true)] + public Input IpAddress { get; set; } = null!; /// /// The URI of the virtual machine resource /// - [Input("virtualMachine")] - public Input? VirtualMachine { get; set; } + [Input("virtualMachine", required: true)] + public Input VirtualMachine { get; set; } = null!; public SpokeLinkedRouterApplianceInstancesInstanceArgs() { diff --git a/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceGetArgs.cs b/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceGetArgs.cs index f8162a056a..0caf7afb28 100644 --- a/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceGetArgs.cs +++ b/sdk/dotnet/NetworkConnectivity/Inputs/SpokeLinkedRouterApplianceInstancesInstanceGetArgs.cs @@ -15,14 +15,14 @@ public sealed class SpokeLinkedRouterApplianceInstancesInstanceGetArgs : global: /// /// The IP address on the VM to use for peering. /// - [Input("ipAddress")] - public Input? IpAddress { get; set; } + [Input("ipAddress", required: true)] + public Input IpAddress { get; set; } = null!; /// /// The URI of the virtual machine resource /// - [Input("virtualMachine")] - public Input? VirtualMachine { get; set; } + [Input("virtualMachine", required: true)] + public Input VirtualMachine { get; set; } = null!; public SpokeLinkedRouterApplianceInstancesInstanceGetArgs() { diff --git a/sdk/dotnet/NetworkConnectivity/Outputs/SpokeLinkedRouterApplianceInstancesInstance.cs b/sdk/dotnet/NetworkConnectivity/Outputs/SpokeLinkedRouterApplianceInstancesInstance.cs index de0f3e905e..6132c16d27 100644 --- a/sdk/dotnet/NetworkConnectivity/Outputs/SpokeLinkedRouterApplianceInstancesInstance.cs +++ b/sdk/dotnet/NetworkConnectivity/Outputs/SpokeLinkedRouterApplianceInstancesInstance.cs @@ -16,17 +16,17 @@ public sealed class SpokeLinkedRouterApplianceInstancesInstance /// /// The IP address on the VM to use for peering. /// - public readonly string? IpAddress; + public readonly string IpAddress; /// /// The URI of the virtual machine resource /// - public readonly string? VirtualMachine; + public readonly string VirtualMachine; [OutputConstructor] private SpokeLinkedRouterApplianceInstancesInstance( - string? ipAddress, + string ipAddress, - string? virtualMachine) + string virtualMachine) { IpAddress = ipAddress; VirtualMachine = virtualMachine; diff --git a/sdk/dotnet/NetworkSecurity/AuthzPolicy.cs b/sdk/dotnet/NetworkSecurity/AuthzPolicy.cs new file mode 100644 index 0000000000..d401b89dd5 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/AuthzPolicy.cs @@ -0,0 +1,567 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity +{ + /// + /// AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. + /// + /// To get more information about AuthzPolicy, see: + /// + /// * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies) + /// + /// ## Example Usage + /// + /// ### Network Services Authz Policy Advanced + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = new Gcp.Compute.Network("default", new() + /// { + /// Name = "lb-network", + /// Project = "my-project-name", + /// AutoCreateSubnetworks = false, + /// }); + /// + /// var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new() + /// { + /// Name = "backend-subnet", + /// Project = "my-project-name", + /// Region = "us-west1", + /// IpCidrRange = "10.1.2.0/24", + /// Network = @default.Id, + /// }); + /// + /// var proxyOnly = new Gcp.Compute.Subnetwork("proxy_only", new() + /// { + /// Name = "proxy-only-subnet", + /// Project = "my-project-name", + /// Region = "us-west1", + /// IpCidrRange = "10.129.0.0/23", + /// Purpose = "REGIONAL_MANAGED_PROXY", + /// Role = "ACTIVE", + /// Network = @default.Id, + /// }); + /// + /// var defaultAddress = new Gcp.Compute.Address("default", new() + /// { + /// Name = "l7-ilb-ip-address", + /// Project = "my-project-name", + /// Region = "us-west1", + /// Subnetwork = defaultSubnetwork.Id, + /// AddressType = "INTERNAL", + /// Purpose = "GCE_ENDPOINT", + /// }); + /// + /// var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new() + /// { + /// Name = "l7-ilb-basic-check", + /// Project = "my-project-name", + /// Region = "us-west1", + /// HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs + /// { + /// PortSpecification = "USE_SERVING_PORT", + /// }, + /// }); + /// + /// var urlMap = new Gcp.Compute.RegionBackendService("url_map", new() + /// { + /// Name = "l7-ilb-backend-service", + /// Project = "my-project-name", + /// Region = "us-west1", + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// HealthChecks = defaultRegionHealthCheck.Id, + /// }); + /// + /// var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new() + /// { + /// Name = "l7-ilb-map", + /// Project = "my-project-name", + /// Region = "us-west1", + /// DefaultService = urlMap.Id, + /// }); + /// + /// var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new() + /// { + /// Name = "l7-ilb-proxy", + /// Project = "my-project-name", + /// Region = "us-west1", + /// UrlMap = defaultRegionUrlMap.Id, + /// }); + /// + /// var defaultForwardingRule = new Gcp.Compute.ForwardingRule("default", new() + /// { + /// Name = "l7-ilb-forwarding-rule", + /// Project = "my-project-name", + /// Region = "us-west1", + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// Network = @default.Id, + /// Subnetwork = defaultSubnetwork.Id, + /// IpProtocol = "TCP", + /// PortRange = "80", + /// Target = defaultRegionTargetHttpProxy.Id, + /// IpAddress = defaultAddress.Id, + /// }, new CustomResourceOptions + /// { + /// DependsOn = + /// { + /// proxyOnly, + /// }, + /// }); + /// + /// var authzExtension = new Gcp.Compute.RegionBackendService("authz_extension", new() + /// { + /// Name = "authz-service", + /// Project = "my-project-name", + /// Region = "us-west1", + /// Protocol = "HTTP2", + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// PortName = "grpc", + /// }); + /// + /// var defaultAuthzExtension = new Gcp.NetworkServices.AuthzExtension("default", new() + /// { + /// Name = "my-authz-ext", + /// Project = "my-project-name", + /// Location = "us-west1", + /// Description = "my description", + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// Authority = "ext11.com", + /// Service = authzExtension.SelfLink, + /// Timeout = "0.1s", + /// FailOpen = false, + /// ForwardHeaders = new[] + /// { + /// "Authorization", + /// }, + /// }); + /// + /// var defaultAuthzPolicy = new Gcp.NetworkSecurity.AuthzPolicy("default", new() + /// { + /// Name = "my-authz-policy", + /// Project = "my-project-name", + /// Location = "us-west1", + /// Description = "my description", + /// Target = new Gcp.NetworkSecurity.Inputs.AuthzPolicyTargetArgs + /// { + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// Resources = new[] + /// { + /// defaultForwardingRule.SelfLink, + /// }, + /// }, + /// Action = "CUSTOM", + /// CustomProvider = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderArgs + /// { + /// AuthzExtension = new Gcp.NetworkSecurity.Inputs.AuthzPolicyCustomProviderAuthzExtensionArgs + /// { + /// Resources = new[] + /// { + /// defaultAuthzExtension.Id, + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// AuthzPolicy can be imported using any of these accepted formats: + /// + /// * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}` + /// + /// * `{{project}}/{{location}}/{{name}}` + /// + /// * `{{location}}/{{name}}` + /// + /// * `{{name}}` + /// + /// When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}} + /// ``` + /// + [GcpResourceType("gcp:networksecurity/authzPolicy:AuthzPolicy")] + public partial class AuthzPolicy : global::Pulumi.CustomResource + { + /// + /// When the action is CUSTOM, customProvider must be specified. + /// When the action is ALLOW, only requests matching the policy will be allowed. + /// When the action is DENY, only requests matching the policy will be denied. + /// When a request arrives, the policies are evaluated in the following order: + /// 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + /// 2. If there are any DENY policies that match the request, the request is denied. + /// 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + /// 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + /// Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + /// + [Output("action")] + public Output Action { get; private set; } = null!; + + /// + /// The timestamp when the resource was created. + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + /// of cloudIap or authzExtension must be specified. + /// + [Output("customProvider")] + public Output CustomProvider { get; private set; } = null!; + + /// + /// A human-readable description of the resource. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + [Output("effectiveLabels")] + public Output> EffectiveLabels { get; private set; } = null!; + + /// + /// A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + /// rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + /// or Deny Action. Limited to 5 rules. + /// + [Output("httpRules")] + public Output> HttpRules { get; private set; } = null!; + + /// + /// Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + /// manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + /// present on the resource. + /// + [Output("labels")] + public Output?> Labels { get; private set; } = null!; + + /// + /// The location of the resource. + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// Identifier. Name of the AuthzPolicy resource. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + [Output("project")] + public Output Project { get; private set; } = null!; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + [Output("pulumiLabels")] + public Output> PulumiLabels { get; private set; } = null!; + + /// + /// Specifies the set of resources to which this policy should be applied to. + /// Structure is documented below. + /// + [Output("target")] + public Output Target { get; private set; } = null!; + + /// + /// The timestamp when the resource was updated. + /// + [Output("updateTime")] + public Output UpdateTime { get; private set; } = null!; + + + /// + /// Create a AuthzPolicy resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public AuthzPolicy(string name, AuthzPolicyArgs args, CustomResourceOptions? options = null) + : base("gcp:networksecurity/authzPolicy:AuthzPolicy", name, args ?? new AuthzPolicyArgs(), MakeResourceOptions(options, "")) + { + } + + private AuthzPolicy(string name, Input id, AuthzPolicyState? state = null, CustomResourceOptions? options = null) + : base("gcp:networksecurity/authzPolicy:AuthzPolicy", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "effectiveLabels", + "pulumiLabels", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing AuthzPolicy resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static AuthzPolicy Get(string name, Input id, AuthzPolicyState? state = null, CustomResourceOptions? options = null) + { + return new AuthzPolicy(name, id, state, options); + } + } + + public sealed class AuthzPolicyArgs : global::Pulumi.ResourceArgs + { + /// + /// When the action is CUSTOM, customProvider must be specified. + /// When the action is ALLOW, only requests matching the policy will be allowed. + /// When the action is DENY, only requests matching the policy will be denied. + /// When a request arrives, the policies are evaluated in the following order: + /// 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + /// 2. If there are any DENY policies that match the request, the request is denied. + /// 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + /// 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + /// Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + /// + [Input("action", required: true)] + public Input Action { get; set; } = null!; + + /// + /// Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + /// of cloudIap or authzExtension must be specified. + /// + [Input("customProvider")] + public Input? CustomProvider { get; set; } + + /// + /// A human-readable description of the resource. + /// + [Input("description")] + public Input? Description { get; set; } + + [Input("httpRules")] + private InputList? _httpRules; + + /// + /// A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + /// rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + /// or Deny Action. Limited to 5 rules. + /// + public InputList HttpRules + { + get => _httpRules ?? (_httpRules = new InputList()); + set => _httpRules = value; + } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + /// manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + /// present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// The location of the resource. + /// + [Input("location", required: true)] + public Input Location { get; set; } = null!; + + /// + /// Identifier. Name of the AuthzPolicy resource. + /// + [Input("name")] + public Input? Name { get; set; } + + [Input("project")] + public Input? Project { get; set; } + + /// + /// Specifies the set of resources to which this policy should be applied to. + /// Structure is documented below. + /// + [Input("target", required: true)] + public Input Target { get; set; } = null!; + + public AuthzPolicyArgs() + { + } + public static new AuthzPolicyArgs Empty => new AuthzPolicyArgs(); + } + + public sealed class AuthzPolicyState : global::Pulumi.ResourceArgs + { + /// + /// When the action is CUSTOM, customProvider must be specified. + /// When the action is ALLOW, only requests matching the policy will be allowed. + /// When the action is DENY, only requests matching the policy will be denied. + /// When a request arrives, the policies are evaluated in the following order: + /// 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + /// 2. If there are any DENY policies that match the request, the request is denied. + /// 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + /// 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + /// Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + /// + [Input("action")] + public Input? Action { get; set; } + + /// + /// The timestamp when the resource was created. + /// + [Input("createTime")] + public Input? CreateTime { get; set; } + + /// + /// Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + /// of cloudIap or authzExtension must be specified. + /// + [Input("customProvider")] + public Input? CustomProvider { get; set; } + + /// + /// A human-readable description of the resource. + /// + [Input("description")] + public Input? Description { get; set; } + + [Input("effectiveLabels")] + private InputMap? _effectiveLabels; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + public InputMap EffectiveLabels + { + get => _effectiveLabels ?? (_effectiveLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _effectiveLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + [Input("httpRules")] + private InputList? _httpRules; + + /// + /// A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + /// rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + /// or Deny Action. Limited to 5 rules. + /// + public InputList HttpRules + { + get => _httpRules ?? (_httpRules = new InputList()); + set => _httpRules = value; + } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + /// manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + /// present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// The location of the resource. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// Identifier. Name of the AuthzPolicy resource. + /// + [Input("name")] + public Input? Name { get; set; } + + [Input("project")] + public Input? Project { get; set; } + + [Input("pulumiLabels")] + private InputMap? _pulumiLabels; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + public InputMap PulumiLabels + { + get => _pulumiLabels ?? (_pulumiLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _pulumiLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Specifies the set of resources to which this policy should be applied to. + /// Structure is documented below. + /// + [Input("target")] + public Input? Target { get; set; } + + /// + /// The timestamp when the resource was updated. + /// + [Input("updateTime")] + public Input? UpdateTime { get; set; } + + public AuthzPolicyState() + { + } + public static new AuthzPolicyState Empty => new AuthzPolicyState(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderArgs.cs new file mode 100644 index 0000000000..ba37832a3f --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyCustomProviderArgs : global::Pulumi.ResourceArgs + { + /// + /// Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + /// Structure is documented below. + /// + [Input("authzExtension")] + public Input? AuthzExtension { get; set; } + + /// + /// Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + /// Structure is documented below. + /// + [Input("cloudIap")] + public Input? CloudIap { get; set; } + + public AuthzPolicyCustomProviderArgs() + { + } + public static new AuthzPolicyCustomProviderArgs Empty => new AuthzPolicyCustomProviderArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderAuthzExtensionArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderAuthzExtensionArgs.cs new file mode 100644 index 0000000000..ed76818388 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderAuthzExtensionArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyCustomProviderAuthzExtensionArgs : global::Pulumi.ResourceArgs + { + [Input("resources", required: true)] + private InputList? _resources; + + /// + /// A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyCustomProviderAuthzExtensionArgs() + { + } + public static new AuthzPolicyCustomProviderAuthzExtensionArgs Empty => new AuthzPolicyCustomProviderAuthzExtensionArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderAuthzExtensionGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderAuthzExtensionGetArgs.cs new file mode 100644 index 0000000000..e0cef28812 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderAuthzExtensionGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyCustomProviderAuthzExtensionGetArgs : global::Pulumi.ResourceArgs + { + [Input("resources", required: true)] + private InputList? _resources; + + /// + /// A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyCustomProviderAuthzExtensionGetArgs() + { + } + public static new AuthzPolicyCustomProviderAuthzExtensionGetArgs Empty => new AuthzPolicyCustomProviderAuthzExtensionGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderCloudIapArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderCloudIapArgs.cs new file mode 100644 index 0000000000..1ba57e3988 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderCloudIapArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyCustomProviderCloudIapArgs : global::Pulumi.ResourceArgs + { + /// + /// Enable Cloud IAP at the AuthzPolicy level. + /// + [Input("enabled", required: true)] + public Input Enabled { get; set; } = null!; + + public AuthzPolicyCustomProviderCloudIapArgs() + { + } + public static new AuthzPolicyCustomProviderCloudIapArgs Empty => new AuthzPolicyCustomProviderCloudIapArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderCloudIapGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderCloudIapGetArgs.cs new file mode 100644 index 0000000000..344357b728 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderCloudIapGetArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyCustomProviderCloudIapGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Enable Cloud IAP at the AuthzPolicy level. + /// + [Input("enabled", required: true)] + public Input Enabled { get; set; } = null!; + + public AuthzPolicyCustomProviderCloudIapGetArgs() + { + } + public static new AuthzPolicyCustomProviderCloudIapGetArgs Empty => new AuthzPolicyCustomProviderCloudIapGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderGetArgs.cs new file mode 100644 index 0000000000..9fbc89014e --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyCustomProviderGetArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyCustomProviderGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + /// Structure is documented below. + /// + [Input("authzExtension")] + public Input? AuthzExtension { get; set; } + + /// + /// Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + /// Structure is documented below. + /// + [Input("cloudIap")] + public Input? CloudIap { get; set; } + + public AuthzPolicyCustomProviderGetArgs() + { + } + public static new AuthzPolicyCustomProviderGetArgs Empty => new AuthzPolicyCustomProviderGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleArgs.cs new file mode 100644 index 0000000000..6982791007 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// Describes properties of one or more sources of a request. + /// Structure is documented below. + /// + [Input("from")] + public Input? From { get; set; } + + /// + /// Describes properties of one or more targets of a request + /// Structure is documented below. + /// + [Input("to")] + public Input? To { get; set; } + + /// + /// CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + /// + [Input("when")] + public Input? When { get; set; } + + public AuthzPolicyHttpRuleArgs() + { + } + public static new AuthzPolicyHttpRuleArgs Empty => new AuthzPolicyHttpRuleArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromArgs.cs new file mode 100644 index 0000000000..2b982da9e6 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromArgs.cs @@ -0,0 +1,46 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromArgs : global::Pulumi.ResourceArgs + { + [Input("notSources")] + private InputList? _notSources; + + /// + /// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + /// Structure is documented below. + /// + public InputList NotSources + { + get => _notSources ?? (_notSources = new InputList()); + set => _notSources = value; + } + + [Input("sources")] + private InputList? _sources; + + /// + /// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + /// Structure is documented below. + /// + public InputList Sources + { + get => _sources ?? (_sources = new InputList()); + set => _sources = value; + } + + public AuthzPolicyHttpRuleFromArgs() + { + } + public static new AuthzPolicyHttpRuleFromArgs Empty => new AuthzPolicyHttpRuleFromArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromGetArgs.cs new file mode 100644 index 0000000000..6d27491c9c --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromGetArgs.cs @@ -0,0 +1,46 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromGetArgs : global::Pulumi.ResourceArgs + { + [Input("notSources")] + private InputList? _notSources; + + /// + /// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + /// Structure is documented below. + /// + public InputList NotSources + { + get => _notSources ?? (_notSources = new InputList()); + set => _notSources = value; + } + + [Input("sources")] + private InputList? _sources; + + /// + /// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + /// Structure is documented below. + /// + public InputList Sources + { + get => _sources ?? (_sources = new InputList()); + set => _sources = value; + } + + public AuthzPolicyHttpRuleFromGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromGetArgs Empty => new AuthzPolicyHttpRuleFromGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceArgs.cs new file mode 100644 index 0000000000..f345a13bc1 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceArgs : global::Pulumi.ResourceArgs + { + [Input("principals")] + private InputList? _principals; + + /// + /// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + /// Limited to 5 principals. + /// Structure is documented below. + /// + public InputList Principals + { + get => _principals ?? (_principals = new InputList()); + set => _principals = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources to match against the resource of the source VM of a request. + /// Limited to 5 resources. + /// Structure is documented below. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyHttpRuleFromNotSourceArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceArgs Empty => new AuthzPolicyHttpRuleFromNotSourceArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceGetArgs.cs new file mode 100644 index 0000000000..b77a329c92 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceGetArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceGetArgs : global::Pulumi.ResourceArgs + { + [Input("principals")] + private InputList? _principals; + + /// + /// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + /// Limited to 5 principals. + /// Structure is documented below. + /// + public InputList Principals + { + get => _principals ?? (_principals = new InputList()); + set => _principals = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources to match against the resource of the source VM of a request. + /// Limited to 5 resources. + /// Structure is documented below. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyHttpRuleFromNotSourceGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceGetArgs Empty => new AuthzPolicyHttpRuleFromNotSourceGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.cs new file mode 100644 index 0000000000..d3213d5865 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourcePrincipalArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromNotSourcePrincipalArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourcePrincipalArgs Empty => new AuthzPolicyHttpRuleFromNotSourcePrincipalArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs.cs new file mode 100644 index 0000000000..51ce4fa1e0 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs Empty => new AuthzPolicyHttpRuleFromNotSourcePrincipalGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceArgs.cs new file mode 100644 index 0000000000..26c654c9d0 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceArgs : global::Pulumi.ResourceArgs + { + /// + /// An IAM service account to match against the source service account of the VM sending the request. + /// Structure is documented below. + /// + [Input("iamServiceAccount")] + public Input? IamServiceAccount { get; set; } + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + /// Structure is documented below. + /// + [Input("tagValueIdSet")] + public Input? TagValueIdSet { get; set; } + + public AuthzPolicyHttpRuleFromNotSourceResourceArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceResourceArgs Empty => new AuthzPolicyHttpRuleFromNotSourceResourceArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceGetArgs.cs new file mode 100644 index 0000000000..7bc9a6db0f --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceGetArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceGetArgs : global::Pulumi.ResourceArgs + { + /// + /// An IAM service account to match against the source service account of the VM sending the request. + /// Structure is documented below. + /// + [Input("iamServiceAccount")] + public Input? IamServiceAccount { get; set; } + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + /// Structure is documented below. + /// + [Input("tagValueIdSet")] + public Input? TagValueIdSet { get; set; } + + public AuthzPolicyHttpRuleFromNotSourceResourceGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceResourceGetArgs Empty => new AuthzPolicyHttpRuleFromNotSourceResourceGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.cs new file mode 100644 index 0000000000..b373ac9c86 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs Empty => new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs.cs new file mode 100644 index 0000000000..a1b8bcce1d --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs Empty => new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.cs new file mode 100644 index 0000000000..0a8b843ab3 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs : global::Pulumi.ResourceArgs + { + [Input("ids")] + private InputList? _ids; + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + /// Limited to 5 matches. + /// + public InputList Ids + { + get => _ids ?? (_ids = new InputList()); + set => _ids = value; + } + + public AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs Empty => new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs.cs new file mode 100644 index 0000000000..f22f4dbb96 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs : global::Pulumi.ResourceArgs + { + [Input("ids")] + private InputList? _ids; + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + /// Limited to 5 matches. + /// + public InputList Ids + { + get => _ids ?? (_ids = new InputList()); + set => _ids = value; + } + + public AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs Empty => new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceArgs.cs new file mode 100644 index 0000000000..76d610fc92 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceArgs : global::Pulumi.ResourceArgs + { + [Input("principals")] + private InputList? _principals; + + /// + /// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + /// Limited to 5 principals. + /// Structure is documented below. + /// + public InputList Principals + { + get => _principals ?? (_principals = new InputList()); + set => _principals = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources to match against the resource of the source VM of a request. + /// Limited to 5 resources. + /// Structure is documented below. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyHttpRuleFromSourceArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceArgs Empty => new AuthzPolicyHttpRuleFromSourceArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceGetArgs.cs new file mode 100644 index 0000000000..3aa74bfdc9 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceGetArgs.cs @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceGetArgs : global::Pulumi.ResourceArgs + { + [Input("principals")] + private InputList? _principals; + + /// + /// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + /// Limited to 5 principals. + /// Structure is documented below. + /// + public InputList Principals + { + get => _principals ?? (_principals = new InputList()); + set => _principals = value; + } + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of resources to match against the resource of the source VM of a request. + /// Limited to 5 resources. + /// Structure is documented below. + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyHttpRuleFromSourceGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceGetArgs Empty => new AuthzPolicyHttpRuleFromSourceGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourcePrincipalArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourcePrincipalArgs.cs new file mode 100644 index 0000000000..7105be02f7 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourcePrincipalArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourcePrincipalArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromSourcePrincipalArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourcePrincipalArgs Empty => new AuthzPolicyHttpRuleFromSourcePrincipalArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourcePrincipalGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourcePrincipalGetArgs.cs new file mode 100644 index 0000000000..d3a30af14e --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourcePrincipalGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourcePrincipalGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromSourcePrincipalGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourcePrincipalGetArgs Empty => new AuthzPolicyHttpRuleFromSourcePrincipalGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceArgs.cs new file mode 100644 index 0000000000..b97d818b00 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceResourceArgs : global::Pulumi.ResourceArgs + { + /// + /// An IAM service account to match against the source service account of the VM sending the request. + /// Structure is documented below. + /// + [Input("iamServiceAccount")] + public Input? IamServiceAccount { get; set; } + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + /// Structure is documented below. + /// + [Input("tagValueIdSet")] + public Input? TagValueIdSet { get; set; } + + public AuthzPolicyHttpRuleFromSourceResourceArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceResourceArgs Empty => new AuthzPolicyHttpRuleFromSourceResourceArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceGetArgs.cs new file mode 100644 index 0000000000..9eadc2cfee --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceGetArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceResourceGetArgs : global::Pulumi.ResourceArgs + { + /// + /// An IAM service account to match against the source service account of the VM sending the request. + /// Structure is documented below. + /// + [Input("iamServiceAccount")] + public Input? IamServiceAccount { get; set; } + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + /// Structure is documented below. + /// + [Input("tagValueIdSet")] + public Input? TagValueIdSet { get; set; } + + public AuthzPolicyHttpRuleFromSourceResourceGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceResourceGetArgs Empty => new AuthzPolicyHttpRuleFromSourceResourceGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.cs new file mode 100644 index 0000000000..2d7804eac1 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs Empty => new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs.cs new file mode 100644 index 0000000000..f106ab704e --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs Empty => new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.cs new file mode 100644 index 0000000000..1df09265ff --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs : global::Pulumi.ResourceArgs + { + [Input("ids")] + private InputList? _ids; + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + /// Limited to 5 matches. + /// + public InputList Ids + { + get => _ids ?? (_ids = new InputList()); + set => _ids = value; + } + + public AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs Empty => new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs.cs new file mode 100644 index 0000000000..3a98b2445a --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs : global::Pulumi.ResourceArgs + { + [Input("ids")] + private InputList? _ids; + + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + /// Limited to 5 matches. + /// + public InputList Ids + { + get => _ids ?? (_ids = new InputList()); + set => _ids = value; + } + + public AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs() + { + } + public static new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs Empty => new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleGetArgs.cs new file mode 100644 index 0000000000..e9d18def42 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleGetArgs.cs @@ -0,0 +1,40 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Describes properties of one or more sources of a request. + /// Structure is documented below. + /// + [Input("from")] + public Input? From { get; set; } + + /// + /// Describes properties of one or more targets of a request + /// Structure is documented below. + /// + [Input("to")] + public Input? To { get; set; } + + /// + /// CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + /// + [Input("when")] + public Input? When { get; set; } + + public AuthzPolicyHttpRuleGetArgs() + { + } + public static new AuthzPolicyHttpRuleGetArgs Empty => new AuthzPolicyHttpRuleGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToArgs.cs new file mode 100644 index 0000000000..302ddb0bcb --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToArgs : global::Pulumi.ResourceArgs + { + [Input("operations")] + private InputList? _operations; + + /// + /// Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + /// Structure is documented below. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + public AuthzPolicyHttpRuleToArgs() + { + } + public static new AuthzPolicyHttpRuleToArgs Empty => new AuthzPolicyHttpRuleToArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToGetArgs.cs new file mode 100644 index 0000000000..60689c12f7 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToGetArgs : global::Pulumi.ResourceArgs + { + [Input("operations")] + private InputList? _operations; + + /// + /// Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + /// Structure is documented below. + /// + public InputList Operations + { + get => _operations ?? (_operations = new InputList()); + set => _operations = value; + } + + public AuthzPolicyHttpRuleToGetArgs() + { + } + public static new AuthzPolicyHttpRuleToGetArgs Empty => new AuthzPolicyHttpRuleToGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationArgs.cs new file mode 100644 index 0000000000..2ab055d582 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationArgs.cs @@ -0,0 +1,68 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationArgs : global::Pulumi.ResourceArgs + { + /// + /// A list of headers to match against in http header. + /// Structure is documented below. + /// + [Input("headerSet")] + public Input? HeaderSet { get; set; } + + [Input("hosts")] + private InputList? _hosts; + + /// + /// A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + /// Limited to 5 matches. + /// Structure is documented below. + /// + public InputList Hosts + { + get => _hosts ?? (_hosts = new InputList()); + set => _hosts = value; + } + + [Input("methods")] + private InputList? _methods; + + /// + /// A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + /// + public InputList Methods + { + get => _methods ?? (_methods = new InputList()); + set => _methods = value; + } + + [Input("paths")] + private InputList? _paths; + + /// + /// A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + /// Limited to 5 matches. + /// Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + /// Structure is documented below. + /// + public InputList Paths + { + get => _paths ?? (_paths = new InputList()); + set => _paths = value; + } + + public AuthzPolicyHttpRuleToOperationArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationArgs Empty => new AuthzPolicyHttpRuleToOperationArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationGetArgs.cs new file mode 100644 index 0000000000..743dccaa4b --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationGetArgs.cs @@ -0,0 +1,68 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationGetArgs : global::Pulumi.ResourceArgs + { + /// + /// A list of headers to match against in http header. + /// Structure is documented below. + /// + [Input("headerSet")] + public Input? HeaderSet { get; set; } + + [Input("hosts")] + private InputList? _hosts; + + /// + /// A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + /// Limited to 5 matches. + /// Structure is documented below. + /// + public InputList Hosts + { + get => _hosts ?? (_hosts = new InputList()); + set => _hosts = value; + } + + [Input("methods")] + private InputList? _methods; + + /// + /// A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + /// + public InputList Methods + { + get => _methods ?? (_methods = new InputList()); + set => _methods = value; + } + + [Input("paths")] + private InputList? _paths; + + /// + /// A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + /// Limited to 5 matches. + /// Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + /// Structure is documented below. + /// + public InputList Paths + { + get => _paths ?? (_paths = new InputList()); + set => _paths = value; + } + + public AuthzPolicyHttpRuleToOperationGetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationGetArgs Empty => new AuthzPolicyHttpRuleToOperationGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetArgs.cs new file mode 100644 index 0000000000..93b9ed474c --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetArgs : global::Pulumi.ResourceArgs + { + [Input("headers")] + private InputList? _headers; + + /// + /// A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + /// Structure is documented below. + /// + public InputList Headers + { + get => _headers ?? (_headers = new InputList()); + set => _headers = value; + } + + public AuthzPolicyHttpRuleToOperationHeaderSetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHeaderSetArgs Empty => new AuthzPolicyHttpRuleToOperationHeaderSetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetGetArgs.cs new file mode 100644 index 0000000000..e287b9c983 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetGetArgs : global::Pulumi.ResourceArgs + { + [Input("headers")] + private InputList? _headers; + + /// + /// A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + /// Structure is documented below. + /// + public InputList Headers + { + get => _headers ?? (_headers = new InputList()); + set => _headers = value; + } + + public AuthzPolicyHttpRuleToOperationHeaderSetGetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHeaderSetGetArgs Empty => new AuthzPolicyHttpRuleToOperationHeaderSetGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.cs new file mode 100644 index 0000000000..5b80ff9d14 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs : global::Pulumi.ResourceArgs + { + /// + /// Specifies the name of the header in the request. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Specifies how the header match will be performed. + /// Structure is documented below. + /// + [Input("value")] + public Input? Value { get; set; } + + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs Empty => new AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs.cs new file mode 100644 index 0000000000..0c709efb01 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs.cs @@ -0,0 +1,33 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Specifies the name of the header in the request. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Specifies how the header match will be performed. + /// Structure is documented below. + /// + [Input("value")] + public Input? Value { get; set; } + + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs Empty => new AuthzPolicyHttpRuleToOperationHeaderSetHeaderGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.cs new file mode 100644 index 0000000000..1b469c1639 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs Empty => new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs.cs new file mode 100644 index 0000000000..3e57fb9ab0 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs Empty => new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHostArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHostArgs.cs new file mode 100644 index 0000000000..c42187e161 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHostArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHostArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleToOperationHostArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHostArgs Empty => new AuthzPolicyHttpRuleToOperationHostArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHostGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHostGetArgs.cs new file mode 100644 index 0000000000..70187600a1 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationHostGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationHostGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleToOperationHostGetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationHostGetArgs Empty => new AuthzPolicyHttpRuleToOperationHostGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationPathArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationPathArgs.cs new file mode 100644 index 0000000000..dc90b3bf45 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationPathArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationPathArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleToOperationPathArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationPathArgs Empty => new AuthzPolicyHttpRuleToOperationPathArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationPathGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationPathGetArgs.cs new file mode 100644 index 0000000000..75237325ba --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyHttpRuleToOperationPathGetArgs.cs @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyHttpRuleToOperationPathGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + [Input("contains")] + public Input? Contains { get; set; } + + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + [Input("exact")] + public Input? Exact { get; set; } + + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + [Input("ignoreCase")] + public Input? IgnoreCase { get; set; } + + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + [Input("prefix")] + public Input? Prefix { get; set; } + + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + [Input("suffix")] + public Input? Suffix { get; set; } + + public AuthzPolicyHttpRuleToOperationPathGetArgs() + { + } + public static new AuthzPolicyHttpRuleToOperationPathGetArgs Empty => new AuthzPolicyHttpRuleToOperationPathGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyTargetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyTargetArgs.cs new file mode 100644 index 0000000000..68e2606209 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyTargetArgs.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyTargetArgs : global::Pulumi.ResourceArgs + { + /// + /// All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + /// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + /// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + /// + [Input("loadBalancingScheme", required: true)] + public Input LoadBalancingScheme { get; set; } = null!; + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of references to the Forwarding Rules on which this policy will be applied. + /// + /// - - - + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyTargetArgs() + { + } + public static new AuthzPolicyTargetArgs Empty => new AuthzPolicyTargetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyTargetGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyTargetGetArgs.cs new file mode 100644 index 0000000000..9654ccf5a8 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/AuthzPolicyTargetGetArgs.cs @@ -0,0 +1,42 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class AuthzPolicyTargetGetArgs : global::Pulumi.ResourceArgs + { + /// + /// All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + /// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + /// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + /// + [Input("loadBalancingScheme", required: true)] + public Input LoadBalancingScheme { get; set; } = null!; + + [Input("resources")] + private InputList? _resources; + + /// + /// A list of references to the Forwarding Rules on which this policy will be applied. + /// + /// - - - + /// + public InputList Resources + { + get => _resources ?? (_resources = new InputList()); + set => _resources = value; + } + + public AuthzPolicyTargetGetArgs() + { + } + public static new AuthzPolicyTargetGetArgs Empty => new AuthzPolicyTargetGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/InterceptDeploymentGroupConnectedEndpointGroupArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/InterceptDeploymentGroupConnectedEndpointGroupArgs.cs new file mode 100644 index 0000000000..4d359d504e --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/InterceptDeploymentGroupConnectedEndpointGroupArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class InterceptDeploymentGroupConnectedEndpointGroupArgs : global::Pulumi.ResourceArgs + { + /// + /// (Output) + /// Output only. A connected intercept endpoint group. + /// + [Input("name")] + public Input? Name { get; set; } + + public InterceptDeploymentGroupConnectedEndpointGroupArgs() + { + } + public static new InterceptDeploymentGroupConnectedEndpointGroupArgs Empty => new InterceptDeploymentGroupConnectedEndpointGroupArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Inputs/InterceptDeploymentGroupConnectedEndpointGroupGetArgs.cs b/sdk/dotnet/NetworkSecurity/Inputs/InterceptDeploymentGroupConnectedEndpointGroupGetArgs.cs new file mode 100644 index 0000000000..581972c346 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Inputs/InterceptDeploymentGroupConnectedEndpointGroupGetArgs.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Inputs +{ + + public sealed class InterceptDeploymentGroupConnectedEndpointGroupGetArgs : global::Pulumi.ResourceArgs + { + /// + /// (Output) + /// Output only. A connected intercept endpoint group. + /// + [Input("name")] + public Input? Name { get; set; } + + public InterceptDeploymentGroupConnectedEndpointGroupGetArgs() + { + } + public static new InterceptDeploymentGroupConnectedEndpointGroupGetArgs Empty => new InterceptDeploymentGroupConnectedEndpointGroupGetArgs(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/InterceptDeployment.cs b/sdk/dotnet/NetworkSecurity/InterceptDeployment.cs new file mode 100644 index 0000000000..915cc13561 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/InterceptDeployment.cs @@ -0,0 +1,461 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity +{ + /// + /// ## Example Usage + /// + /// ### Network Security Intercept Deployment Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var network = new Gcp.Compute.Network("network", new() + /// { + /// Name = "example-network", + /// AutoCreateSubnetworks = false, + /// }); + /// + /// var subnetwork = new Gcp.Compute.Subnetwork("subnetwork", new() + /// { + /// Name = "example-subnet", + /// Region = "us-central1", + /// IpCidrRange = "10.1.0.0/16", + /// Network = network.Name, + /// }); + /// + /// var healthCheck = new Gcp.Compute.RegionHealthCheck("health_check", new() + /// { + /// Name = "example-hc", + /// Region = "us-central1", + /// HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs + /// { + /// Port = 80, + /// }, + /// }); + /// + /// var backendService = new Gcp.Compute.RegionBackendService("backend_service", new() + /// { + /// Name = "example-bs", + /// Region = "us-central1", + /// HealthChecks = healthCheck.Id, + /// Protocol = "UDP", + /// LoadBalancingScheme = "INTERNAL", + /// }); + /// + /// var forwardingRule = new Gcp.Compute.ForwardingRule("forwarding_rule", new() + /// { + /// Name = "example-fwr", + /// Region = "us-central1", + /// Network = network.Name, + /// Subnetwork = subnetwork.Name, + /// BackendService = backendService.Id, + /// LoadBalancingScheme = "INTERNAL", + /// Ports = new[] + /// { + /// "6081", + /// }, + /// IpProtocol = "UDP", + /// }); + /// + /// var deploymentGroup = new Gcp.NetworkSecurity.InterceptDeploymentGroup("deployment_group", new() + /// { + /// InterceptDeploymentGroupId = "example-dg", + /// Location = "global", + /// Network = network.Id, + /// }); + /// + /// var @default = new Gcp.NetworkSecurity.InterceptDeployment("default", new() + /// { + /// InterceptDeploymentId = "example-deployment", + /// Location = "us-central1-a", + /// ForwardingRule = forwardingRule.Id, + /// InterceptDeploymentGroup = deploymentGroup.Id, + /// Labels = + /// { + /// { "foo", "bar" }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// InterceptDeployment can be imported using any of these accepted formats: + /// + /// * `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` + /// + /// * `{{project}}/{{location}}/{{intercept_deployment_id}}` + /// + /// * `{{location}}/{{intercept_deployment_id}}` + /// + /// When using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}} + /// ``` + /// + [GcpResourceType("gcp:networksecurity/interceptDeployment:InterceptDeployment")] + public partial class InterceptDeployment : global::Pulumi.CustomResource + { + /// + /// Create time stamp + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + [Output("effectiveLabels")] + public Output> EffectiveLabels { get; private set; } = null!; + + /// + /// Immutable. The regional load balancer which the intercepted traffic should be forwarded + /// to. Format is: + /// projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + /// + [Output("forwardingRule")] + public Output ForwardingRule { get; private set; } = null!; + + /// + /// Immutable. The Intercept Deployment Group that this resource is part of. Format is: + /// `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + /// + [Output("interceptDeploymentGroup")] + public Output InterceptDeploymentGroup { get; private set; } = null!; + + /// + /// Id of the requesting object + /// If auto-generating Id server-side, remove this field and + /// intercept_deployment_id from the method_signature of Create RPC + /// + /// + /// - - - + /// + [Output("interceptDeploymentId")] + public Output InterceptDeploymentId { get; private set; } = null!; + + /// + /// Optional. Labels as key value pairs + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + [Output("labels")] + public Output?> Labels { get; private set; } = null!; + + /// + /// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// Identifier. The name of the InterceptDeployment. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Output("project")] + public Output Project { get; private set; } = null!; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + [Output("pulumiLabels")] + public Output> PulumiLabels { get; private set; } = null!; + + /// + /// Whether reconciling is in progress, recommended per + /// https://google.aip.dev/128. + /// + [Output("reconciling")] + public Output Reconciling { get; private set; } = null!; + + /// + /// Current state of the deployment. + /// Possible values: + /// STATE_UNSPECIFIED + /// ACTIVE + /// CREATING + /// DELETING + /// OUT_OF_SYNC + /// DELETE_FAILED + /// + [Output("state")] + public Output State { get; private set; } = null!; + + /// + /// Update time stamp + /// + [Output("updateTime")] + public Output UpdateTime { get; private set; } = null!; + + + /// + /// Create a InterceptDeployment resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public InterceptDeployment(string name, InterceptDeploymentArgs args, CustomResourceOptions? options = null) + : base("gcp:networksecurity/interceptDeployment:InterceptDeployment", name, args ?? new InterceptDeploymentArgs(), MakeResourceOptions(options, "")) + { + } + + private InterceptDeployment(string name, Input id, InterceptDeploymentState? state = null, CustomResourceOptions? options = null) + : base("gcp:networksecurity/interceptDeployment:InterceptDeployment", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "effectiveLabels", + "pulumiLabels", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing InterceptDeployment resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static InterceptDeployment Get(string name, Input id, InterceptDeploymentState? state = null, CustomResourceOptions? options = null) + { + return new InterceptDeployment(name, id, state, options); + } + } + + public sealed class InterceptDeploymentArgs : global::Pulumi.ResourceArgs + { + /// + /// Immutable. The regional load balancer which the intercepted traffic should be forwarded + /// to. Format is: + /// projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + /// + [Input("forwardingRule", required: true)] + public Input ForwardingRule { get; set; } = null!; + + /// + /// Immutable. The Intercept Deployment Group that this resource is part of. Format is: + /// `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + /// + [Input("interceptDeploymentGroup", required: true)] + public Input InterceptDeploymentGroup { get; set; } = null!; + + /// + /// Id of the requesting object + /// If auto-generating Id server-side, remove this field and + /// intercept_deployment_id from the method_signature of Create RPC + /// + /// + /// - - - + /// + [Input("interceptDeploymentId", required: true)] + public Input InterceptDeploymentId { get; set; } = null!; + + [Input("labels")] + private InputMap? _labels; + + /// + /// Optional. Labels as key value pairs + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + /// + [Input("location", required: true)] + public Input Location { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + public InterceptDeploymentArgs() + { + } + public static new InterceptDeploymentArgs Empty => new InterceptDeploymentArgs(); + } + + public sealed class InterceptDeploymentState : global::Pulumi.ResourceArgs + { + /// + /// Create time stamp + /// + [Input("createTime")] + public Input? CreateTime { get; set; } + + [Input("effectiveLabels")] + private InputMap? _effectiveLabels; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + public InputMap EffectiveLabels + { + get => _effectiveLabels ?? (_effectiveLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _effectiveLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Immutable. The regional load balancer which the intercepted traffic should be forwarded + /// to. Format is: + /// projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + /// + [Input("forwardingRule")] + public Input? ForwardingRule { get; set; } + + /// + /// Immutable. The Intercept Deployment Group that this resource is part of. Format is: + /// `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + /// + [Input("interceptDeploymentGroup")] + public Input? InterceptDeploymentGroup { get; set; } + + /// + /// Id of the requesting object + /// If auto-generating Id server-side, remove this field and + /// intercept_deployment_id from the method_signature of Create RPC + /// + /// + /// - - - + /// + [Input("interceptDeploymentId")] + public Input? InterceptDeploymentId { get; set; } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Optional. Labels as key value pairs + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// Identifier. The name of the InterceptDeployment. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + [Input("pulumiLabels")] + private InputMap? _pulumiLabels; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + public InputMap PulumiLabels + { + get => _pulumiLabels ?? (_pulumiLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _pulumiLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Whether reconciling is in progress, recommended per + /// https://google.aip.dev/128. + /// + [Input("reconciling")] + public Input? Reconciling { get; set; } + + /// + /// Current state of the deployment. + /// Possible values: + /// STATE_UNSPECIFIED + /// ACTIVE + /// CREATING + /// DELETING + /// OUT_OF_SYNC + /// DELETE_FAILED + /// + [Input("state")] + public Input? State { get; set; } + + /// + /// Update time stamp + /// + [Input("updateTime")] + public Input? UpdateTime { get; set; } + + public InterceptDeploymentState() + { + } + public static new InterceptDeploymentState Empty => new InterceptDeploymentState(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/InterceptDeploymentGroup.cs b/sdk/dotnet/NetworkSecurity/InterceptDeploymentGroup.cs new file mode 100644 index 0000000000..4b37088a7a --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/InterceptDeploymentGroup.cs @@ -0,0 +1,405 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity +{ + /// + /// ## Example Usage + /// + /// ### Network Security Intercept Deployment Group Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var network = new Gcp.Compute.Network("network", new() + /// { + /// Name = "example-network", + /// AutoCreateSubnetworks = false, + /// }); + /// + /// var @default = new Gcp.NetworkSecurity.InterceptDeploymentGroup("default", new() + /// { + /// InterceptDeploymentGroupId = "example-dg", + /// Location = "global", + /// Network = network.Id, + /// Labels = + /// { + /// { "foo", "bar" }, + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// InterceptDeploymentGroup can be imported using any of these accepted formats: + /// + /// * `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}` + /// + /// * `{{project}}/{{location}}/{{intercept_deployment_group_id}}` + /// + /// * `{{location}}/{{intercept_deployment_group_id}}` + /// + /// When using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}} + /// ``` + /// + [GcpResourceType("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup")] + public partial class InterceptDeploymentGroup : global::Pulumi.CustomResource + { + /// + /// Output only. The list of Intercept Endpoint Groups that are connected to this resource. + /// Structure is documented below. + /// + [Output("connectedEndpointGroups")] + public Output> ConnectedEndpointGroups { get; private set; } = null!; + + /// + /// Output only. [Output only] Create time stamp + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + [Output("effectiveLabels")] + public Output> EffectiveLabels { get; private set; } = null!; + + /// + /// Required. Id of the requesting object + /// If auto-generating Id server-side, remove this field and + /// intercept_deployment_group_id from the method_signature of Create RPC + /// + /// + /// - - - + /// + [Output("interceptDeploymentGroupId")] + public Output InterceptDeploymentGroupId { get; private set; } = null!; + + /// + /// Optional. Labels as key value pairs + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + [Output("labels")] + public Output?> Labels { get; private set; } = null!; + + /// + /// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// (Output) + /// Output only. A connected intercept endpoint group. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// Required. Immutable. The network that is being used for the deployment. Format is: + /// projects/{project}/global/networks/{network}. + /// + [Output("network")] + public Output Network { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Output("project")] + public Output Project { get; private set; } = null!; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + [Output("pulumiLabels")] + public Output> PulumiLabels { get; private set; } = null!; + + /// + /// Output only. Whether reconciling is in progress, recommended per + /// https://google.aip.dev/128. + /// + [Output("reconciling")] + public Output Reconciling { get; private set; } = null!; + + /// + /// Output only. Current state of the deployment group. + /// Possible values: + /// STATE_UNSPECIFIED + /// ACTIVE + /// CREATING + /// DELETING + /// + [Output("state")] + public Output State { get; private set; } = null!; + + /// + /// Output only. [Output only] Update time stamp + /// + [Output("updateTime")] + public Output UpdateTime { get; private set; } = null!; + + + /// + /// Create a InterceptDeploymentGroup resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public InterceptDeploymentGroup(string name, InterceptDeploymentGroupArgs args, CustomResourceOptions? options = null) + : base("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", name, args ?? new InterceptDeploymentGroupArgs(), MakeResourceOptions(options, "")) + { + } + + private InterceptDeploymentGroup(string name, Input id, InterceptDeploymentGroupState? state = null, CustomResourceOptions? options = null) + : base("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "effectiveLabels", + "pulumiLabels", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing InterceptDeploymentGroup resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static InterceptDeploymentGroup Get(string name, Input id, InterceptDeploymentGroupState? state = null, CustomResourceOptions? options = null) + { + return new InterceptDeploymentGroup(name, id, state, options); + } + } + + public sealed class InterceptDeploymentGroupArgs : global::Pulumi.ResourceArgs + { + /// + /// Required. Id of the requesting object + /// If auto-generating Id server-side, remove this field and + /// intercept_deployment_group_id from the method_signature of Create RPC + /// + /// + /// - - - + /// + [Input("interceptDeploymentGroupId", required: true)] + public Input InterceptDeploymentGroupId { get; set; } = null!; + + [Input("labels")] + private InputMap? _labels; + + /// + /// Optional. Labels as key value pairs + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + /// + [Input("location", required: true)] + public Input Location { get; set; } = null!; + + /// + /// Required. Immutable. The network that is being used for the deployment. Format is: + /// projects/{project}/global/networks/{network}. + /// + [Input("network", required: true)] + public Input Network { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + public InterceptDeploymentGroupArgs() + { + } + public static new InterceptDeploymentGroupArgs Empty => new InterceptDeploymentGroupArgs(); + } + + public sealed class InterceptDeploymentGroupState : global::Pulumi.ResourceArgs + { + [Input("connectedEndpointGroups")] + private InputList? _connectedEndpointGroups; + + /// + /// Output only. The list of Intercept Endpoint Groups that are connected to this resource. + /// Structure is documented below. + /// + public InputList ConnectedEndpointGroups + { + get => _connectedEndpointGroups ?? (_connectedEndpointGroups = new InputList()); + set => _connectedEndpointGroups = value; + } + + /// + /// Output only. [Output only] Create time stamp + /// + [Input("createTime")] + public Input? CreateTime { get; set; } + + [Input("effectiveLabels")] + private InputMap? _effectiveLabels; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + public InputMap EffectiveLabels + { + get => _effectiveLabels ?? (_effectiveLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _effectiveLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Required. Id of the requesting object + /// If auto-generating Id server-side, remove this field and + /// intercept_deployment_group_id from the method_signature of Create RPC + /// + /// + /// - - - + /// + [Input("interceptDeploymentGroupId")] + public Input? InterceptDeploymentGroupId { get; set; } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Optional. Labels as key value pairs + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + /// + [Input("location")] + public Input? Location { get; set; } + + /// + /// (Output) + /// Output only. A connected intercept endpoint group. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// Required. Immutable. The network that is being used for the deployment. Format is: + /// projects/{project}/global/networks/{network}. + /// + [Input("network")] + public Input? Network { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + [Input("pulumiLabels")] + private InputMap? _pulumiLabels; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + public InputMap PulumiLabels + { + get => _pulumiLabels ?? (_pulumiLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _pulumiLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Output only. Whether reconciling is in progress, recommended per + /// https://google.aip.dev/128. + /// + [Input("reconciling")] + public Input? Reconciling { get; set; } + + /// + /// Output only. Current state of the deployment group. + /// Possible values: + /// STATE_UNSPECIFIED + /// ACTIVE + /// CREATING + /// DELETING + /// + [Input("state")] + public Input? State { get; set; } + + /// + /// Output only. [Output only] Update time stamp + /// + [Input("updateTime")] + public Input? UpdateTime { get; set; } + + public InterceptDeploymentGroupState() + { + } + public static new InterceptDeploymentGroupState Empty => new InterceptDeploymentGroupState(); + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProvider.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProvider.cs new file mode 100644 index 0000000000..2243e00147 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProvider.cs @@ -0,0 +1,37 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyCustomProvider + { + /// + /// Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyCustomProviderAuthzExtension? AuthzExtension; + /// + /// Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyCustomProviderCloudIap? CloudIap; + + [OutputConstructor] + private AuthzPolicyCustomProvider( + Outputs.AuthzPolicyCustomProviderAuthzExtension? authzExtension, + + Outputs.AuthzPolicyCustomProviderCloudIap? cloudIap) + { + AuthzExtension = authzExtension; + CloudIap = cloudIap; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProviderAuthzExtension.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProviderAuthzExtension.cs new file mode 100644 index 0000000000..484ceaf4f7 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProviderAuthzExtension.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyCustomProviderAuthzExtension + { + /// + /// A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + /// + public readonly ImmutableArray Resources; + + [OutputConstructor] + private AuthzPolicyCustomProviderAuthzExtension(ImmutableArray resources) + { + Resources = resources; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProviderCloudIap.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProviderCloudIap.cs new file mode 100644 index 0000000000..28e70755ad --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyCustomProviderCloudIap.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyCustomProviderCloudIap + { + /// + /// Enable Cloud IAP at the AuthzPolicy level. + /// + public readonly bool Enabled; + + [OutputConstructor] + private AuthzPolicyCustomProviderCloudIap(bool enabled) + { + Enabled = enabled; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRule.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRule.cs new file mode 100644 index 0000000000..7fbcb86d13 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRule.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRule + { + /// + /// Describes properties of one or more sources of a request. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleFrom? From; + /// + /// Describes properties of one or more targets of a request + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleTo? To; + /// + /// CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + /// + public readonly string? When; + + [OutputConstructor] + private AuthzPolicyHttpRule( + Outputs.AuthzPolicyHttpRuleFrom? from, + + Outputs.AuthzPolicyHttpRuleTo? to, + + string? when) + { + From = from; + To = to; + When = when; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFrom.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFrom.cs new file mode 100644 index 0000000000..c4a12a73ed --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFrom.cs @@ -0,0 +1,37 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFrom + { + /// + /// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + /// Structure is documented below. + /// + public readonly ImmutableArray NotSources; + /// + /// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + /// Structure is documented below. + /// + public readonly ImmutableArray Sources; + + [OutputConstructor] + private AuthzPolicyHttpRuleFrom( + ImmutableArray notSources, + + ImmutableArray sources) + { + NotSources = notSources; + Sources = sources; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSource.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSource.cs new file mode 100644 index 0000000000..aebbcec009 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSource.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromNotSource + { + /// + /// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + /// Limited to 5 principals. + /// Structure is documented below. + /// + public readonly ImmutableArray Principals; + /// + /// A list of resources to match against the resource of the source VM of a request. + /// Limited to 5 resources. + /// Structure is documented below. + /// + public readonly ImmutableArray Resources; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromNotSource( + ImmutableArray principals, + + ImmutableArray resources) + { + Principals = principals; + Resources = resources; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourcePrincipal.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourcePrincipal.cs new file mode 100644 index 0000000000..cc6dd9006c --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourcePrincipal.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromNotSourcePrincipal + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromNotSourcePrincipal( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResource.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResource.cs new file mode 100644 index 0000000000..9c38f78717 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResource.cs @@ -0,0 +1,37 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromNotSourceResource + { + /// + /// An IAM service account to match against the source service account of the VM sending the request. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount? IamServiceAccount; + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet? TagValueIdSet; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromNotSourceResource( + Outputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount? iamServiceAccount, + + Outputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet? tagValueIdSet) + { + IamServiceAccount = iamServiceAccount; + TagValueIdSet = tagValueIdSet; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.cs new file mode 100644 index 0000000000..db968d05ec --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet.cs new file mode 100644 index 0000000000..99b8723a16 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet + { + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + /// Limited to 5 matches. + /// + public readonly ImmutableArray Ids; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet(ImmutableArray ids) + { + Ids = ids; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSource.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSource.cs new file mode 100644 index 0000000000..db9a6dce0d --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSource.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromSource + { + /// + /// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + /// Limited to 5 principals. + /// Structure is documented below. + /// + public readonly ImmutableArray Principals; + /// + /// A list of resources to match against the resource of the source VM of a request. + /// Limited to 5 resources. + /// Structure is documented below. + /// + public readonly ImmutableArray Resources; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromSource( + ImmutableArray principals, + + ImmutableArray resources) + { + Principals = principals; + Resources = resources; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourcePrincipal.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourcePrincipal.cs new file mode 100644 index 0000000000..60361bb481 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourcePrincipal.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromSourcePrincipal + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromSourcePrincipal( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResource.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResource.cs new file mode 100644 index 0000000000..287f4895a9 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResource.cs @@ -0,0 +1,37 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromSourceResource + { + /// + /// An IAM service account to match against the source service account of the VM sending the request. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount? IamServiceAccount; + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet? TagValueIdSet; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromSourceResource( + Outputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount? iamServiceAccount, + + Outputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet? tagValueIdSet) + { + IamServiceAccount = iamServiceAccount; + TagValueIdSet = tagValueIdSet; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.cs new file mode 100644 index 0000000000..3d5b936918 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet.cs new file mode 100644 index 0000000000..9f94265a8f --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet + { + /// + /// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + /// Limited to 5 matches. + /// + public readonly ImmutableArray Ids; + + [OutputConstructor] + private AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet(ImmutableArray ids) + { + Ids = ids; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleTo.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleTo.cs new file mode 100644 index 0000000000..696d2c45ee --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleTo.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleTo + { + /// + /// Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + /// Structure is documented below. + /// + public readonly ImmutableArray Operations; + + [OutputConstructor] + private AuthzPolicyHttpRuleTo(ImmutableArray operations) + { + Operations = operations; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperation.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperation.cs new file mode 100644 index 0000000000..6e51e2c7bd --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperation.cs @@ -0,0 +1,55 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleToOperation + { + /// + /// A list of headers to match against in http header. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleToOperationHeaderSet? HeaderSet; + /// + /// A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + /// Limited to 5 matches. + /// Structure is documented below. + /// + public readonly ImmutableArray Hosts; + /// + /// A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + /// + public readonly ImmutableArray Methods; + /// + /// A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + /// Limited to 5 matches. + /// Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + /// Structure is documented below. + /// + public readonly ImmutableArray Paths; + + [OutputConstructor] + private AuthzPolicyHttpRuleToOperation( + Outputs.AuthzPolicyHttpRuleToOperationHeaderSet? headerSet, + + ImmutableArray hosts, + + ImmutableArray methods, + + ImmutableArray paths) + { + HeaderSet = headerSet; + Hosts = hosts; + Methods = methods; + Paths = paths; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSet.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSet.cs new file mode 100644 index 0000000000..3ad1e07015 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSet.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleToOperationHeaderSet + { + /// + /// A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + /// Structure is documented below. + /// + public readonly ImmutableArray Headers; + + [OutputConstructor] + private AuthzPolicyHttpRuleToOperationHeaderSet(ImmutableArray headers) + { + Headers = headers; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeader.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeader.cs new file mode 100644 index 0000000000..e28f3bea04 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeader.cs @@ -0,0 +1,36 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetHeader + { + /// + /// Specifies the name of the header in the request. + /// + public readonly string? Name; + /// + /// Specifies how the header match will be performed. + /// Structure is documented below. + /// + public readonly Outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue? Value; + + [OutputConstructor] + private AuthzPolicyHttpRuleToOperationHeaderSetHeader( + string? name, + + Outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue? value) + { + Name = name; + Value = value; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.cs new file mode 100644 index 0000000000..f308dac240 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHost.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHost.cs new file mode 100644 index 0000000000..b59f44f368 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationHost.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleToOperationHost + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleToOperationHost( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationPath.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationPath.cs new file mode 100644 index 0000000000..a82b10d199 --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyHttpRuleToOperationPath.cs @@ -0,0 +1,64 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyHttpRuleToOperationPath + { + /// + /// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc.def + /// + public readonly string? Contains; + /// + /// The input string must match exactly the string specified here. + /// Examples: + /// * abc only matches the value abc. + /// + public readonly string? Exact; + /// + /// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + /// + public readonly bool? IgnoreCase; + /// + /// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value abc.xyz + /// + public readonly string? Prefix; + /// + /// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + /// Examples: + /// * abc matches the value xyz.abc + /// + public readonly string? Suffix; + + [OutputConstructor] + private AuthzPolicyHttpRuleToOperationPath( + string? contains, + + string? exact, + + bool? ignoreCase, + + string? prefix, + + string? suffix) + { + Contains = contains; + Exact = exact; + IgnoreCase = ignoreCase; + Prefix = prefix; + Suffix = suffix; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyTarget.cs b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyTarget.cs new file mode 100644 index 0000000000..0c78efbb9d --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/AuthzPolicyTarget.cs @@ -0,0 +1,39 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class AuthzPolicyTarget + { + /// + /// All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + /// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + /// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + /// + public readonly string LoadBalancingScheme; + /// + /// A list of references to the Forwarding Rules on which this policy will be applied. + /// + /// - - - + /// + public readonly ImmutableArray Resources; + + [OutputConstructor] + private AuthzPolicyTarget( + string loadBalancingScheme, + + ImmutableArray resources) + { + LoadBalancingScheme = loadBalancingScheme; + Resources = resources; + } + } +} diff --git a/sdk/dotnet/NetworkSecurity/Outputs/InterceptDeploymentGroupConnectedEndpointGroup.cs b/sdk/dotnet/NetworkSecurity/Outputs/InterceptDeploymentGroupConnectedEndpointGroup.cs new file mode 100644 index 0000000000..222bf3154f --- /dev/null +++ b/sdk/dotnet/NetworkSecurity/Outputs/InterceptDeploymentGroupConnectedEndpointGroup.cs @@ -0,0 +1,28 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkSecurity.Outputs +{ + + [OutputType] + public sealed class InterceptDeploymentGroupConnectedEndpointGroup + { + /// + /// (Output) + /// Output only. A connected intercept endpoint group. + /// + public readonly string? Name; + + [OutputConstructor] + private InterceptDeploymentGroupConnectedEndpointGroup(string? name) + { + Name = name; + } + } +} diff --git a/sdk/dotnet/NetworkServices/AuthzExtension.cs b/sdk/dotnet/NetworkServices/AuthzExtension.cs new file mode 100644 index 0000000000..3097f6c958 --- /dev/null +++ b/sdk/dotnet/NetworkServices/AuthzExtension.cs @@ -0,0 +1,549 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.NetworkServices +{ + /// + /// AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. + /// + /// To get more information about AuthzExtension, see: + /// + /// * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions) + /// + /// ## Example Usage + /// + /// ### Network Services Authz Extension Basic + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = new Gcp.Compute.RegionBackendService("default", new() + /// { + /// Name = "authz-service", + /// Project = "my-project-name", + /// Region = "us-west1", + /// Protocol = "HTTP2", + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// PortName = "grpc", + /// }); + /// + /// var defaultAuthzExtension = new Gcp.NetworkServices.AuthzExtension("default", new() + /// { + /// Name = "my-authz-ext", + /// Project = "my-project-name", + /// Location = "us-west1", + /// Description = "my description", + /// LoadBalancingScheme = "INTERNAL_MANAGED", + /// Authority = "ext11.com", + /// Service = @default.SelfLink, + /// Timeout = "0.1s", + /// FailOpen = false, + /// ForwardHeaders = new[] + /// { + /// "Authorization", + /// }, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// AuthzExtension can be imported using any of these accepted formats: + /// + /// * `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}` + /// + /// * `{{project}}/{{location}}/{{name}}` + /// + /// * `{{location}}/{{name}}` + /// + /// * `{{name}}` + /// + /// When using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example: + /// + /// ```sh + /// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}} + /// ``` + /// + /// ```sh + /// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}} + /// ``` + /// + [GcpResourceType("gcp:networkservices/authzExtension:AuthzExtension")] + public partial class AuthzExtension : global::Pulumi.CustomResource + { + /// + /// The :authority header in the gRPC request sent from Envoy to the extension service. + /// + [Output("authority")] + public Output Authority { get; private set; } = null!; + + /// + /// The timestamp when the resource was created. + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// A human-readable description of the resource. + /// + [Output("description")] + public Output Description { get; private set; } = null!; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + [Output("effectiveLabels")] + public Output> EffectiveLabels { get; private set; } = null!; + + /// + /// Determines how the proxy behaves if the call to the extension fails or times out. + /// When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + /// * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + /// * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + /// + [Output("failOpen")] + public Output FailOpen { get; private set; } = null!; + + /// + /// List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + /// + [Output("forwardHeaders")] + public Output> ForwardHeaders { get; private set; } = null!; + + /// + /// Set of labels associated with the AuthzExtension resource. + /// + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + [Output("labels")] + public Output?> Labels { get; private set; } = null!; + + /// + /// All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + /// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + /// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + /// + [Output("loadBalancingScheme")] + public Output LoadBalancingScheme { get; private set; } = null!; + + /// + /// The location of the resource. + /// + /// + /// - - - + /// + [Output("location")] + public Output Location { get; private set; } = null!; + + /// + /// The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + /// {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + /// + [Output("metadata")] + public Output?> Metadata { get; private set; } = null!; + + /// + /// Identifier. Name of the AuthzExtension resource. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Output("project")] + public Output Project { get; private set; } = null!; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + [Output("pulumiLabels")] + public Output> PulumiLabels { get; private set; } = null!; + + /// + /// The reference to the service that runs the extension. + /// To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + /// https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + /// + [Output("service")] + public Output Service { get; private set; } = null!; + + /// + /// Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + /// + [Output("timeout")] + public Output Timeout { get; private set; } = null!; + + /// + /// The timestamp when the resource was updated. + /// + [Output("updateTime")] + public Output UpdateTime { get; private set; } = null!; + + /// + /// The format of communication supported by the callout extension. + /// Default value is `EXT_PROC_GRPC`. + /// Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + /// + [Output("wireFormat")] + public Output WireFormat { get; private set; } = null!; + + + /// + /// Create a AuthzExtension resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public AuthzExtension(string name, AuthzExtensionArgs args, CustomResourceOptions? options = null) + : base("gcp:networkservices/authzExtension:AuthzExtension", name, args ?? new AuthzExtensionArgs(), MakeResourceOptions(options, "")) + { + } + + private AuthzExtension(string name, Input id, AuthzExtensionState? state = null, CustomResourceOptions? options = null) + : base("gcp:networkservices/authzExtension:AuthzExtension", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + AdditionalSecretOutputs = + { + "effectiveLabels", + "pulumiLabels", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing AuthzExtension resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static AuthzExtension Get(string name, Input id, AuthzExtensionState? state = null, CustomResourceOptions? options = null) + { + return new AuthzExtension(name, id, state, options); + } + } + + public sealed class AuthzExtensionArgs : global::Pulumi.ResourceArgs + { + /// + /// The :authority header in the gRPC request sent from Envoy to the extension service. + /// + [Input("authority", required: true)] + public Input Authority { get; set; } = null!; + + /// + /// A human-readable description of the resource. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Determines how the proxy behaves if the call to the extension fails or times out. + /// When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + /// * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + /// * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + /// + [Input("failOpen")] + public Input? FailOpen { get; set; } + + [Input("forwardHeaders")] + private InputList? _forwardHeaders; + + /// + /// List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + /// + public InputList ForwardHeaders + { + get => _forwardHeaders ?? (_forwardHeaders = new InputList()); + set => _forwardHeaders = value; + } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Set of labels associated with the AuthzExtension resource. + /// + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + /// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + /// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + /// + [Input("loadBalancingScheme", required: true)] + public Input LoadBalancingScheme { get; set; } = null!; + + /// + /// The location of the resource. + /// + /// + /// - - - + /// + [Input("location", required: true)] + public Input Location { get; set; } = null!; + + [Input("metadata")] + private InputMap? _metadata; + + /// + /// The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + /// {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + /// + public InputMap Metadata + { + get => _metadata ?? (_metadata = new InputMap()); + set => _metadata = value; + } + + /// + /// Identifier. Name of the AuthzExtension resource. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + /// + /// The reference to the service that runs the extension. + /// To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + /// https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + /// + [Input("service", required: true)] + public Input Service { get; set; } = null!; + + /// + /// Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + /// + [Input("timeout", required: true)] + public Input Timeout { get; set; } = null!; + + /// + /// The format of communication supported by the callout extension. + /// Default value is `EXT_PROC_GRPC`. + /// Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + /// + [Input("wireFormat")] + public Input? WireFormat { get; set; } + + public AuthzExtensionArgs() + { + } + public static new AuthzExtensionArgs Empty => new AuthzExtensionArgs(); + } + + public sealed class AuthzExtensionState : global::Pulumi.ResourceArgs + { + /// + /// The :authority header in the gRPC request sent from Envoy to the extension service. + /// + [Input("authority")] + public Input? Authority { get; set; } + + /// + /// The timestamp when the resource was created. + /// + [Input("createTime")] + public Input? CreateTime { get; set; } + + /// + /// A human-readable description of the resource. + /// + [Input("description")] + public Input? Description { get; set; } + + [Input("effectiveLabels")] + private InputMap? _effectiveLabels; + + /// + /// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + /// + public InputMap EffectiveLabels + { + get => _effectiveLabels ?? (_effectiveLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _effectiveLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// Determines how the proxy behaves if the call to the extension fails or times out. + /// When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + /// * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + /// * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + /// + [Input("failOpen")] + public Input? FailOpen { get; set; } + + [Input("forwardHeaders")] + private InputList? _forwardHeaders; + + /// + /// List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + /// + public InputList ForwardHeaders + { + get => _forwardHeaders ?? (_forwardHeaders = new InputList()); + set => _forwardHeaders = value; + } + + [Input("labels")] + private InputMap? _labels; + + /// + /// Set of labels associated with the AuthzExtension resource. + /// + /// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + /// Please refer to the field `effective_labels` for all of the labels present on the resource. + /// + public InputMap Labels + { + get => _labels ?? (_labels = new InputMap()); + set => _labels = value; + } + + /// + /// All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + /// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + /// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + /// + [Input("loadBalancingScheme")] + public Input? LoadBalancingScheme { get; set; } + + /// + /// The location of the resource. + /// + /// + /// - - - + /// + [Input("location")] + public Input? Location { get; set; } + + [Input("metadata")] + private InputMap? _metadata; + + /// + /// The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + /// {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + /// + public InputMap Metadata + { + get => _metadata ?? (_metadata = new InputMap()); + set => _metadata = value; + } + + /// + /// Identifier. Name of the AuthzExtension resource. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the provider project is used. + /// + [Input("project")] + public Input? Project { get; set; } + + [Input("pulumiLabels")] + private InputMap? _pulumiLabels; + + /// + /// The combination of labels configured directly on the resource + /// and default labels configured on the provider. + /// + public InputMap PulumiLabels + { + get => _pulumiLabels ?? (_pulumiLabels = new InputMap()); + set + { + var emptySecret = Output.CreateSecret(ImmutableDictionary.Create()); + _pulumiLabels = Output.All(value, emptySecret).Apply(v => v[0]); + } + } + + /// + /// The reference to the service that runs the extension. + /// To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + /// https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + /// + [Input("service")] + public Input? Service { get; set; } + + /// + /// Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + /// + [Input("timeout")] + public Input? Timeout { get; set; } + + /// + /// The timestamp when the resource was updated. + /// + [Input("updateTime")] + public Input? UpdateTime { get; set; } + + /// + /// The format of communication supported by the callout extension. + /// Default value is `EXT_PROC_GRPC`. + /// Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + /// + [Input("wireFormat")] + public Input? WireFormat { get; set; } + + public AuthzExtensionState() + { + } + public static new AuthzExtensionState Empty => new AuthzExtensionState(); + } +} diff --git a/sdk/dotnet/OracleDatabase/AutonomousDatabase.cs b/sdk/dotnet/OracleDatabase/AutonomousDatabase.cs index b51fd8c96b..343e807dbd 100644 --- a/sdk/dotnet/OracleDatabase/AutonomousDatabase.cs +++ b/sdk/dotnet/OracleDatabase/AutonomousDatabase.cs @@ -41,7 +41,7 @@ namespace Pulumi.Gcp.OracleDatabase /// AutonomousDatabaseId = "my-instance", /// Location = "us-east4", /// Project = "my-project", - /// Database = "testdb", + /// Database = "mydatabase", /// AdminPassword = "123Abpassword", /// Network = @default.Apply(@default => @default.Apply(getNetworkResult => getNetworkResult.Id)), /// Cidr = "10.5.0.0/24", @@ -80,7 +80,7 @@ namespace Pulumi.Gcp.OracleDatabase /// Location = "us-east4", /// Project = "my-project", /// DisplayName = "autonomousDatabase displayname", - /// Database = "testdatabase", + /// Database = "mydatabase", /// AdminPassword = "123Abpassword", /// Network = @default.Apply(@default => @default.Apply(getNetworkResult => getNetworkResult.Id)), /// Cidr = "10.5.0.0/24", diff --git a/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleArgs.cs b/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleArgs.cs index c4c7a4e1ab..142d192700 100644 --- a/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleArgs.cs +++ b/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleArgs.cs @@ -37,6 +37,12 @@ public sealed class PolicyDryRunSpecRuleArgs : global::Pulumi.ResourceArgs [Input("enforce")] public Input? Enforce { get; set; } + /// + /// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + /// + [Input("parameters")] + public Input? Parameters { get; set; } + /// /// List of values to be used for this policy rule. This field can be set only in policies for list constraints. /// Structure is documented below. diff --git a/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleGetArgs.cs b/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleGetArgs.cs index 9995c882b4..1e92416a7b 100644 --- a/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleGetArgs.cs +++ b/sdk/dotnet/OrgPolicy/Inputs/PolicyDryRunSpecRuleGetArgs.cs @@ -37,6 +37,12 @@ public sealed class PolicyDryRunSpecRuleGetArgs : global::Pulumi.ResourceArgs [Input("enforce")] public Input? Enforce { get; set; } + /// + /// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + /// + [Input("parameters")] + public Input? Parameters { get; set; } + /// /// List of values to be used for this policy rule. This field can be set only in policies for list constraints. /// Structure is documented below. diff --git a/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleArgs.cs b/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleArgs.cs index 6e9b33c141..d6877ddc53 100644 --- a/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleArgs.cs +++ b/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleArgs.cs @@ -37,6 +37,12 @@ public sealed class PolicySpecRuleArgs : global::Pulumi.ResourceArgs [Input("enforce")] public Input? Enforce { get; set; } + /// + /// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + /// + [Input("parameters")] + public Input? Parameters { get; set; } + /// /// List of values to be used for this policy rule. This field can be set only in policies for list constraints. /// Structure is documented below. diff --git a/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleGetArgs.cs b/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleGetArgs.cs index ebd98d6d7b..9bba4233e5 100644 --- a/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleGetArgs.cs +++ b/sdk/dotnet/OrgPolicy/Inputs/PolicySpecRuleGetArgs.cs @@ -37,6 +37,12 @@ public sealed class PolicySpecRuleGetArgs : global::Pulumi.ResourceArgs [Input("enforce")] public Input? Enforce { get; set; } + /// + /// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + /// + [Input("parameters")] + public Input? Parameters { get; set; } + /// /// List of values to be used for this policy rule. This field can be set only in policies for list constraints. /// Structure is documented below. diff --git a/sdk/dotnet/OrgPolicy/Outputs/PolicyDryRunSpecRule.cs b/sdk/dotnet/OrgPolicy/Outputs/PolicyDryRunSpecRule.cs index eb1f3d9d1e..9b76bf5355 100644 --- a/sdk/dotnet/OrgPolicy/Outputs/PolicyDryRunSpecRule.cs +++ b/sdk/dotnet/OrgPolicy/Outputs/PolicyDryRunSpecRule.cs @@ -31,6 +31,10 @@ public sealed class PolicyDryRunSpecRule /// public readonly string? Enforce; /// + /// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + /// + public readonly string? Parameters; + /// /// List of values to be used for this policy rule. This field can be set only in policies for list constraints. /// Structure is documented below. /// @@ -46,12 +50,15 @@ private PolicyDryRunSpecRule( string? enforce, + string? parameters, + Outputs.PolicyDryRunSpecRuleValues? values) { AllowAll = allowAll; Condition = condition; DenyAll = denyAll; Enforce = enforce; + Parameters = parameters; Values = values; } } diff --git a/sdk/dotnet/OrgPolicy/Outputs/PolicySpecRule.cs b/sdk/dotnet/OrgPolicy/Outputs/PolicySpecRule.cs index 82efeaa37a..90c6a52314 100644 --- a/sdk/dotnet/OrgPolicy/Outputs/PolicySpecRule.cs +++ b/sdk/dotnet/OrgPolicy/Outputs/PolicySpecRule.cs @@ -31,6 +31,10 @@ public sealed class PolicySpecRule /// public readonly string? Enforce; /// + /// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + /// + public readonly string? Parameters; + /// /// List of values to be used for this policy rule. This field can be set only in policies for list constraints. /// Structure is documented below. /// @@ -46,12 +50,15 @@ private PolicySpecRule( string? enforce, + string? parameters, + Outputs.PolicySpecRuleValues? values) { AllowAll = allowAll; Condition = condition; DenyAll = denyAll; Enforce = enforce; + Parameters = parameters; Values = values; } } diff --git a/sdk/dotnet/OrgPolicy/Policy.cs b/sdk/dotnet/OrgPolicy/Policy.cs index 40422f30db..c4389040de 100644 --- a/sdk/dotnet/OrgPolicy/Policy.cs +++ b/sdk/dotnet/OrgPolicy/Policy.cs @@ -41,8 +41,8 @@ namespace Pulumi.Gcp.OrgPolicy /// /// var primary = new Gcp.OrgPolicy.Policy("primary", new() /// { - /// Name = basic.Name.Apply(name => $"projects/{name}/policies/iam.disableServiceAccountKeyUpload"), - /// Parent = basic.Name.Apply(name => $"projects/{name}"), + /// Name = basic.ProjectId.Apply(projectId => $"projects/{projectId}/policies/iam.disableServiceAccountKeyUpload"), + /// Parent = basic.ProjectId.Apply(projectId => $"projects/{projectId}"), /// Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs /// { /// Rules = new[] @@ -135,8 +135,8 @@ namespace Pulumi.Gcp.OrgPolicy /// /// var primary = new Gcp.OrgPolicy.Policy("primary", new() /// { - /// Name = basic.Name.Apply(name => $"projects/{name}/policies/gcp.resourceLocations"), - /// Parent = basic.Name.Apply(name => $"projects/{name}"), + /// Name = basic.ProjectId.Apply(projectId => $"projects/{projectId}/policies/gcp.resourceLocations"), + /// Parent = basic.ProjectId.Apply(projectId => $"projects/{projectId}"), /// Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs /// { /// Rules = new[] @@ -230,6 +230,52 @@ namespace Pulumi.Gcp.OrgPolicy /// /// }); /// ``` + /// ### Org Policy Policy Parameters Enforce + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using System.Text.Json; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var basic = new Gcp.Organizations.Project("basic", new() + /// { + /// ProjectId = "id", + /// Name = "id", + /// OrgId = "123456789", + /// DeletionPolicy = "DELETE", + /// }); + /// + /// var primary = new Gcp.OrgPolicy.Policy("primary", new() + /// { + /// Name = basic.Name.Apply(name => $"projects/{name}/policies/compute.managed.restrictDiskCreation"), + /// Parent = basic.Name.Apply(name => $"projects/{name}"), + /// Spec = new Gcp.OrgPolicy.Inputs.PolicySpecArgs + /// { + /// Rules = new[] + /// { + /// new Gcp.OrgPolicy.Inputs.PolicySpecRuleArgs + /// { + /// Enforce = "TRUE", + /// Parameters = JsonSerializer.Serialize(new Dictionary<string, object?> + /// { + /// ["isSizeLimitCheck"] = true, + /// ["allowedDiskTypes"] = new[] + /// { + /// "pd-ssd", + /// "pd-standard", + /// }, + /// }), + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` /// /// ## Import /// diff --git a/sdk/dotnet/Sql/DatabaseInstance.cs b/sdk/dotnet/Sql/DatabaseInstance.cs index c995a33e14..ff75bcd196 100644 --- a/sdk/dotnet/Sql/DatabaseInstance.cs +++ b/sdk/dotnet/Sql/DatabaseInstance.cs @@ -330,8 +330,8 @@ public partial class DatabaseInstance : global::Pulumi.CustomResource /// The MySQL, PostgreSQL or /// SQL Server version to use. Supported values include `MYSQL_5_6`, /// `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - /// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - /// `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + /// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + /// `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. /// `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, /// `SQLSERVER_2019_WEB`. /// [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -553,8 +553,8 @@ public sealed class DatabaseInstanceArgs : global::Pulumi.ResourceArgs /// The MySQL, PostgreSQL or /// SQL Server version to use. Supported values include `MYSQL_5_6`, /// `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - /// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - /// `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + /// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + /// `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. /// `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, /// `SQLSERVER_2019_WEB`. /// [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -728,8 +728,8 @@ public InputList AvailableMaintenanceVersions /// The MySQL, PostgreSQL or /// SQL Server version to use. Supported values include `MYSQL_5_6`, /// `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - /// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - /// `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + /// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + /// `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. /// `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, /// `SQLSERVER_2019_WEB`. /// [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs index 7621759db7..1311d8e64c 100644 --- a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs +++ b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsArgs.cs @@ -46,7 +46,7 @@ public sealed class DatabaseInstanceSettingsArgs : global::Pulumi.ResourceArgs public Input? Collation { get; set; } /// - /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + /// Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. /// [Input("connectorEnforcement")] public Input? ConnectorEnforcement { get; set; } diff --git a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs index e9f844b80b..f52ef29bf7 100644 --- a/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs +++ b/sdk/dotnet/Sql/Inputs/DatabaseInstanceSettingsGetArgs.cs @@ -46,7 +46,7 @@ public sealed class DatabaseInstanceSettingsGetArgs : global::Pulumi.ResourceArg public Input? Collation { get; set; } /// - /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + /// Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. /// [Input("connectorEnforcement")] public Input? ConnectorEnforcement { get; set; } diff --git a/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs b/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs index 0a35c39e6c..8f5d142e4b 100644 --- a/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs +++ b/sdk/dotnet/Sql/Outputs/DatabaseInstanceSettings.cs @@ -35,7 +35,7 @@ public sealed class DatabaseInstanceSettings /// public readonly string? Collation; /// - /// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + /// Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. /// public readonly string? ConnectorEnforcement; /// diff --git a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecArgs.cs b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecArgs.cs index 1e9a89ddea..eaf8a23ba0 100644 --- a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecArgs.cs +++ b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecArgs.cs @@ -36,6 +36,12 @@ public sealed class TransferJobTransferSpecArgs : global::Pulumi.ResourceArgs [Input("gcsDataSource")] public Input? GcsDataSource { get; set; } + /// + /// An HDFS data source. Structure documented below. + /// + [Input("hdfsDataSource")] + public Input? HdfsDataSource { get; set; } + /// /// A HTTP URL data source. Structure documented below. /// diff --git a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecGetArgs.cs b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecGetArgs.cs index 99cfe7a832..00eeb08957 100644 --- a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecGetArgs.cs +++ b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecGetArgs.cs @@ -36,6 +36,12 @@ public sealed class TransferJobTransferSpecGetArgs : global::Pulumi.ResourceArgs [Input("gcsDataSource")] public Input? GcsDataSource { get; set; } + /// + /// An HDFS data source. Structure documented below. + /// + [Input("hdfsDataSource")] + public Input? HdfsDataSource { get; set; } + /// /// A HTTP URL data source. Structure documented below. /// diff --git a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecHdfsDataSourceArgs.cs b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecHdfsDataSourceArgs.cs new file mode 100644 index 0000000000..db5a918eb6 --- /dev/null +++ b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecHdfsDataSourceArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.Storage.Inputs +{ + + public sealed class TransferJobTransferSpecHdfsDataSourceArgs : global::Pulumi.ResourceArgs + { + /// + /// Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + /// + [Input("path", required: true)] + public Input Path { get; set; } = null!; + + public TransferJobTransferSpecHdfsDataSourceArgs() + { + } + public static new TransferJobTransferSpecHdfsDataSourceArgs Empty => new TransferJobTransferSpecHdfsDataSourceArgs(); + } +} diff --git a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecHdfsDataSourceGetArgs.cs b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecHdfsDataSourceGetArgs.cs new file mode 100644 index 0000000000..fac0c1a7d1 --- /dev/null +++ b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecHdfsDataSourceGetArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.Storage.Inputs +{ + + public sealed class TransferJobTransferSpecHdfsDataSourceGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + /// + [Input("path", required: true)] + public Input Path { get; set; } = null!; + + public TransferJobTransferSpecHdfsDataSourceGetArgs() + { + } + public static new TransferJobTransferSpecHdfsDataSourceGetArgs Empty => new TransferJobTransferSpecHdfsDataSourceGetArgs(); + } +} diff --git a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceArgs.cs b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceArgs.cs index 3fb3097b60..b18d84897b 100644 --- a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceArgs.cs +++ b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceArgs.cs @@ -14,8 +14,6 @@ public sealed class TransferJobTransferSpecPosixDataSourceArgs : global::Pulumi. { /// /// Root directory path to the filesystem. - /// - /// <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: /// [Input("rootDirectory", required: true)] public Input RootDirectory { get; set; } = null!; diff --git a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceGetArgs.cs b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceGetArgs.cs index 98e7ff449d..90a6d3611e 100644 --- a/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceGetArgs.cs +++ b/sdk/dotnet/Storage/Inputs/TransferJobTransferSpecPosixDataSourceGetArgs.cs @@ -14,8 +14,6 @@ public sealed class TransferJobTransferSpecPosixDataSourceGetArgs : global::Pulu { /// /// Root directory path to the filesystem. - /// - /// <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: /// [Input("rootDirectory", required: true)] public Input RootDirectory { get; set; } = null!; diff --git a/sdk/dotnet/Storage/Outputs/TransferJobTransferSpec.cs b/sdk/dotnet/Storage/Outputs/TransferJobTransferSpec.cs index 78d9a1a681..0e9592e026 100644 --- a/sdk/dotnet/Storage/Outputs/TransferJobTransferSpec.cs +++ b/sdk/dotnet/Storage/Outputs/TransferJobTransferSpec.cs @@ -30,6 +30,10 @@ public sealed class TransferJobTransferSpec /// public readonly Outputs.TransferJobTransferSpecGcsDataSource? GcsDataSource; /// + /// An HDFS data source. Structure documented below. + /// + public readonly Outputs.TransferJobTransferSpecHdfsDataSource? HdfsDataSource; + /// /// A HTTP URL data source. Structure documented below. /// public readonly Outputs.TransferJobTransferSpecHttpDataSource? HttpDataSource; @@ -68,6 +72,8 @@ private TransferJobTransferSpec( Outputs.TransferJobTransferSpecGcsDataSource? gcsDataSource, + Outputs.TransferJobTransferSpecHdfsDataSource? hdfsDataSource, + Outputs.TransferJobTransferSpecHttpDataSource? httpDataSource, Outputs.TransferJobTransferSpecObjectConditions? objectConditions, @@ -86,6 +92,7 @@ private TransferJobTransferSpec( AzureBlobStorageDataSource = azureBlobStorageDataSource; GcsDataSink = gcsDataSink; GcsDataSource = gcsDataSource; + HdfsDataSource = hdfsDataSource; HttpDataSource = httpDataSource; ObjectConditions = objectConditions; PosixDataSink = posixDataSink; diff --git a/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecHdfsDataSource.cs b/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecHdfsDataSource.cs new file mode 100644 index 0000000000..69e121685c --- /dev/null +++ b/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecHdfsDataSource.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Gcp.Storage.Outputs +{ + + [OutputType] + public sealed class TransferJobTransferSpecHdfsDataSource + { + /// + /// Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + /// + public readonly string Path; + + [OutputConstructor] + private TransferJobTransferSpecHdfsDataSource(string path) + { + Path = path; + } + } +} diff --git a/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecPosixDataSource.cs b/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecPosixDataSource.cs index 888e48a722..70d9bd16cb 100644 --- a/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecPosixDataSource.cs +++ b/sdk/dotnet/Storage/Outputs/TransferJobTransferSpecPosixDataSource.cs @@ -15,8 +15,6 @@ public sealed class TransferJobTransferSpecPosixDataSource { /// /// Root directory path to the filesystem. - /// - /// <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: /// public readonly string RootDirectory; diff --git a/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigArgs.cs b/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigArgs.cs index baa90ac935..c4a22adbaf 100644 --- a/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigArgs.cs +++ b/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigArgs.cs @@ -28,18 +28,20 @@ public sealed class V2VmNetworkConfigArgs : global::Pulumi.ResourceArgs /// /// The name of the network for the TPU node. It must be a preexisting Google Compute Engine - /// network. If both network and subnetwork are specified, the given subnetwork must belong - /// to the given network. If network is not specified, it will be looked up from the - /// subnetwork if one is provided, or otherwise use "default". + /// network. If none is provided, "default" will be used. /// [Input("network")] public Input? Network { get; set; } + /// + /// Specifies networking queue count for TPU VM instance's network interface. + /// + [Input("queueCount")] + public Input? QueueCount { get; set; } + /// /// The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - /// Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - /// must belong to the given network. If subnetwork is not specified, the subnetwork with the - /// same name as the network will be used. + /// Engine subnetwork. If none is provided, "default" will be used. /// [Input("subnetwork")] public Input? Subnetwork { get; set; } diff --git a/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigGetArgs.cs b/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigGetArgs.cs index 122b23145b..d62dc6015a 100644 --- a/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigGetArgs.cs +++ b/sdk/dotnet/Tpu/Inputs/V2VmNetworkConfigGetArgs.cs @@ -28,18 +28,20 @@ public sealed class V2VmNetworkConfigGetArgs : global::Pulumi.ResourceArgs /// /// The name of the network for the TPU node. It must be a preexisting Google Compute Engine - /// network. If both network and subnetwork are specified, the given subnetwork must belong - /// to the given network. If network is not specified, it will be looked up from the - /// subnetwork if one is provided, or otherwise use "default". + /// network. If none is provided, "default" will be used. /// [Input("network")] public Input? Network { get; set; } + /// + /// Specifies networking queue count for TPU VM instance's network interface. + /// + [Input("queueCount")] + public Input? QueueCount { get; set; } + /// /// The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - /// Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - /// must belong to the given network. If subnetwork is not specified, the subnetwork with the - /// same name as the network will be used. + /// Engine subnetwork. If none is provided, "default" will be used. /// [Input("subnetwork")] public Input? Subnetwork { get; set; } diff --git a/sdk/dotnet/Tpu/Outputs/V2VmNetworkConfig.cs b/sdk/dotnet/Tpu/Outputs/V2VmNetworkConfig.cs index e75f17d41c..afc1f3409a 100644 --- a/sdk/dotnet/Tpu/Outputs/V2VmNetworkConfig.cs +++ b/sdk/dotnet/Tpu/Outputs/V2VmNetworkConfig.cs @@ -25,16 +25,16 @@ public sealed class V2VmNetworkConfig public readonly bool? EnableExternalIps; /// /// The name of the network for the TPU node. It must be a preexisting Google Compute Engine - /// network. If both network and subnetwork are specified, the given subnetwork must belong - /// to the given network. If network is not specified, it will be looked up from the - /// subnetwork if one is provided, or otherwise use "default". + /// network. If none is provided, "default" will be used. /// public readonly string? Network; /// + /// Specifies networking queue count for TPU VM instance's network interface. + /// + public readonly int? QueueCount; + /// /// The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - /// Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - /// must belong to the given network. If subnetwork is not specified, the subnetwork with the - /// same name as the network will be used. + /// Engine subnetwork. If none is provided, "default" will be used. /// public readonly string? Subnetwork; @@ -46,11 +46,14 @@ private V2VmNetworkConfig( string? network, + int? queueCount, + string? subnetwork) { CanIpForward = canIpForward; EnableExternalIps = enableExternalIps; Network = network; + QueueCount = queueCount; Subnetwork = subnetwork; } } diff --git a/sdk/dotnet/Tpu/V2Vm.cs b/sdk/dotnet/Tpu/V2Vm.cs index 6fc4310813..6692205990 100644 --- a/sdk/dotnet/Tpu/V2Vm.cs +++ b/sdk/dotnet/Tpu/V2Vm.cs @@ -107,6 +107,7 @@ namespace Pulumi.Gcp.Tpu /// EnableExternalIps = true, /// Network = network.Id, /// Subnetwork = subnet.Id, + /// QueueCount = 32, /// }, /// SchedulingConfig = new Gcp.Tpu.Inputs.V2VmSchedulingConfigArgs /// { @@ -284,6 +285,14 @@ public partial class V2Vm : global::Pulumi.CustomResource [Output("networkConfig")] public Output NetworkConfig { get; private set; } = null!; + /// + /// Repeated network configurations for the TPU node. This field is used to specify multiple + /// network configs for the TPU node. + /// Structure is documented below. + /// + [Output("networkConfigs")] + public Output> NetworkConfigs { get; private set; } = null!; + /// /// The network endpoints where TPU workers can be accessed and sent work. It is recommended that /// runtime clients of the node reach out to the 0th entry in this map first. @@ -503,6 +512,20 @@ public InputMap Metadata [Input("networkConfig")] public Input? NetworkConfig { get; set; } + [Input("networkConfigs")] + private InputList? _networkConfigs; + + /// + /// Repeated network configurations for the TPU node. This field is used to specify multiple + /// network configs for the TPU node. + /// Structure is documented below. + /// + public InputList NetworkConfigs + { + get => _networkConfigs ?? (_networkConfigs = new InputList()); + set => _networkConfigs = value; + } + /// /// The ID of the project in which the resource belongs. /// If it is not provided, the provider project is used. @@ -691,6 +714,20 @@ public InputMap Metadata [Input("networkConfig")] public Input? NetworkConfig { get; set; } + [Input("networkConfigs")] + private InputList? _networkConfigs; + + /// + /// Repeated network configurations for the TPU node. This field is used to specify multiple + /// network configs for the TPU node. + /// Structure is documented below. + /// + public InputList NetworkConfigs + { + get => _networkConfigs ?? (_networkConfigs = new InputList()); + set => _networkConfigs = value; + } + [Input("networkEndpoints")] private InputList? _networkEndpoints; diff --git a/sdk/go/gcp/accesscontextmanager/pulumiTypes.go b/sdk/go/gcp/accesscontextmanager/pulumiTypes.go index 417cd60ce2..026266e9ce 100644 --- a/sdk/go/gcp/accesscontextmanager/pulumiTypes.go +++ b/sdk/go/gcp/accesscontextmanager/pulumiTypes.go @@ -11603,11 +11603,6 @@ type ServicePerimetersServicePerimeter struct { // Description of the ServicePerimeter and its use. Does not affect // behavior. Description *string `pulumi:"description"` - // (Output) - // An opaque identifier for the current version of the ServicePerimeter. This - // identifier does not follow any specific format. If an etag is not provided, the - // operation will be performed as if a valid etag is provided. - Etag *string `pulumi:"etag"` // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -11675,11 +11670,6 @@ type ServicePerimetersServicePerimeterArgs struct { // Description of the ServicePerimeter and its use. Does not affect // behavior. Description pulumi.StringPtrInput `pulumi:"description"` - // (Output) - // An opaque identifier for the current version of the ServicePerimeter. This - // identifier does not follow any specific format. If an etag is not provided, the - // operation will be performed as if a valid etag is provided. - Etag pulumi.StringPtrInput `pulumi:"etag"` // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -11792,14 +11782,6 @@ func (o ServicePerimetersServicePerimeterOutput) Description() pulumi.StringPtrO return o.ApplyT(func(v ServicePerimetersServicePerimeter) *string { return v.Description }).(pulumi.StringPtrOutput) } -// (Output) -// An opaque identifier for the current version of the ServicePerimeter. This -// identifier does not follow any specific format. If an etag is not provided, the -// operation will be performed as if a valid etag is provided. -func (o ServicePerimetersServicePerimeterOutput) Etag() pulumi.StringPtrOutput { - return o.ApplyT(func(v ServicePerimetersServicePerimeter) *string { return v.Etag }).(pulumi.StringPtrOutput) -} - // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} diff --git a/sdk/go/gcp/accesscontextmanager/servicePerimeter.go b/sdk/go/gcp/accesscontextmanager/servicePerimeter.go index 2fcdb34ec6..66e425b0b3 100644 --- a/sdk/go/gcp/accesscontextmanager/servicePerimeter.go +++ b/sdk/go/gcp/accesscontextmanager/servicePerimeter.go @@ -354,10 +354,6 @@ type ServicePerimeter struct { // Description of the ServicePerimeter and its use. Does not affect // behavior. Description pulumi.StringPtrOutput `pulumi:"description"` - // An opaque identifier for the current version of the ServicePerimeter. This - // identifier does not follow any specific format. If an etag is not provided, the - // operation will be performed as if a valid etag is provided. - Etag pulumi.StringOutput `pulumi:"etag"` // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -452,10 +448,6 @@ type servicePerimeterState struct { // Description of the ServicePerimeter and its use. Does not affect // behavior. Description *string `pulumi:"description"` - // An opaque identifier for the current version of the ServicePerimeter. This - // identifier does not follow any specific format. If an etag is not provided, the - // operation will be performed as if a valid etag is provided. - Etag *string `pulumi:"etag"` // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -515,10 +507,6 @@ type ServicePerimeterState struct { // Description of the ServicePerimeter and its use. Does not affect // behavior. Description pulumi.StringPtrInput - // An opaque identifier for the current version of the ServicePerimeter. This - // identifier does not follow any specific format. If an etag is not provided, the - // operation will be performed as if a valid etag is provided. - Etag pulumi.StringPtrInput // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -785,13 +773,6 @@ func (o ServicePerimeterOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *ServicePerimeter) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } -// An opaque identifier for the current version of the ServicePerimeter. This -// identifier does not follow any specific format. If an etag is not provided, the -// operation will be performed as if a valid etag is provided. -func (o ServicePerimeterOutput) Etag() pulumi.StringOutput { - return o.ApplyT(func(v *ServicePerimeter) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) -} - // Resource name for the ServicePerimeter. The shortName component must // begin with a letter and only include alphanumeric and '_'. // Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} diff --git a/sdk/go/gcp/artifactregistry/getRepositoryIamPolicy.go b/sdk/go/gcp/artifactregistry/getRepositoryIamPolicy.go index ae109ae635..d44b714e09 100644 --- a/sdk/go/gcp/artifactregistry/getRepositoryIamPolicy.go +++ b/sdk/go/gcp/artifactregistry/getRepositoryIamPolicy.go @@ -52,8 +52,12 @@ func LookupRepositoryIamPolicy(ctx *pulumi.Context, args *LookupRepositoryIamPol // A collection of arguments for invoking getRepositoryIamPolicy. type LookupRepositoryIamPolicyArgs struct { - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -89,8 +93,12 @@ func LookupRepositoryIamPolicyOutput(ctx *pulumi.Context, args LookupRepositoryI // A collection of arguments for invoking getRepositoryIamPolicy. type LookupRepositoryIamPolicyOutputArgs struct { - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput `pulumi:"location"` diff --git a/sdk/go/gcp/artifactregistry/repository.go b/sdk/go/gcp/artifactregistry/repository.go index 835cc59bf1..ed52efe410 100644 --- a/sdk/go/gcp/artifactregistry/repository.go +++ b/sdk/go/gcp/artifactregistry/repository.go @@ -50,6 +50,34 @@ import ( // } // // ``` +// ### Artifact Registry Repository Multi Region +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepository(ctx, "my-repo", &artifactregistry.RepositoryArgs{ +// RepositoryId: pulumi.String("my-repository"), +// Description: pulumi.String("example docker repository"), +// Location: pulumi.String("us"), +// Format: pulumi.String("DOCKER"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` // ### Artifact Registry Repository Docker // // ```go @@ -925,8 +953,6 @@ import ( // // * `{{location}}/{{repository_id}}` // -// * `{{repository_id}}` -// // When using the `pulumi import` command, Repository can be imported using one of the formats above. For example: // // ```sh @@ -940,10 +966,6 @@ import ( // ```sh // $ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}} // ``` -// -// ```sh -// $ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}} -// ``` type Repository struct { pulumi.CustomResourceState @@ -969,8 +991,6 @@ type Repository struct { // can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). // You can only create alpha formats if you are a member of the // [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - // - // *** Format pulumi.StringOutput `pulumi:"format"` // The Cloud KMS resource name of the customer managed encryption key that’s // used to encrypt the contents of the Repository. Has the form: @@ -986,7 +1006,12 @@ type Repository struct { // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels pulumi.StringMapOutput `pulumi:"labels"` - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Location pulumi.StringOutput `pulumi:"location"` // MavenRepositoryConfig is maven related repository details. // Provides additional configuration details for repositories of the maven @@ -1011,6 +1036,8 @@ type Repository struct { RemoteRepositoryConfig RepositoryRemoteRepositoryConfigPtrOutput `pulumi:"remoteRepositoryConfig"` // The last part of the repository name, for example: // "repo1" + // + // *** RepositoryId pulumi.StringOutput `pulumi:"repositoryId"` // The time when the repository was last updated. UpdateTime pulumi.StringOutput `pulumi:"updateTime"` @@ -1082,8 +1109,6 @@ type repositoryState struct { // can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). // You can only create alpha formats if you are a member of the // [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - // - // *** Format *string `pulumi:"format"` // The Cloud KMS resource name of the customer managed encryption key that’s // used to encrypt the contents of the Repository. Has the form: @@ -1099,7 +1124,12 @@ type repositoryState struct { // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels map[string]string `pulumi:"labels"` - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Location *string `pulumi:"location"` // MavenRepositoryConfig is maven related repository details. // Provides additional configuration details for repositories of the maven @@ -1124,6 +1154,8 @@ type repositoryState struct { RemoteRepositoryConfig *RepositoryRemoteRepositoryConfig `pulumi:"remoteRepositoryConfig"` // The last part of the repository name, for example: // "repo1" + // + // *** RepositoryId *string `pulumi:"repositoryId"` // The time when the repository was last updated. UpdateTime *string `pulumi:"updateTime"` @@ -1155,8 +1187,6 @@ type RepositoryState struct { // can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). // You can only create alpha formats if you are a member of the // [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - // - // *** Format pulumi.StringPtrInput // The Cloud KMS resource name of the customer managed encryption key that’s // used to encrypt the contents of the Repository. Has the form: @@ -1172,7 +1202,12 @@ type RepositoryState struct { // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels pulumi.StringMapInput - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Location pulumi.StringPtrInput // MavenRepositoryConfig is maven related repository details. // Provides additional configuration details for repositories of the maven @@ -1197,6 +1232,8 @@ type RepositoryState struct { RemoteRepositoryConfig RepositoryRemoteRepositoryConfigPtrInput // The last part of the repository name, for example: // "repo1" + // + // *** RepositoryId pulumi.StringPtrInput // The time when the repository was last updated. UpdateTime pulumi.StringPtrInput @@ -1228,8 +1265,6 @@ type repositoryArgs struct { // can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). // You can only create alpha formats if you are a member of the // [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - // - // *** Format string `pulumi:"format"` // The Cloud KMS resource name of the customer managed encryption key that’s // used to encrypt the contents of the Repository. Has the form: @@ -1245,7 +1280,12 @@ type repositoryArgs struct { // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels map[string]string `pulumi:"labels"` - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Location *string `pulumi:"location"` // MavenRepositoryConfig is maven related repository details. // Provides additional configuration details for repositories of the maven @@ -1264,6 +1304,8 @@ type repositoryArgs struct { RemoteRepositoryConfig *RepositoryRemoteRepositoryConfig `pulumi:"remoteRepositoryConfig"` // The last part of the repository name, for example: // "repo1" + // + // *** RepositoryId string `pulumi:"repositoryId"` // Configuration specific for a Virtual Repository. // Structure is documented below. @@ -1290,8 +1332,6 @@ type RepositoryArgs struct { // can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). // You can only create alpha formats if you are a member of the // [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - // - // *** Format pulumi.StringInput // The Cloud KMS resource name of the customer managed encryption key that’s // used to encrypt the contents of the Repository. Has the form: @@ -1307,7 +1347,12 @@ type RepositoryArgs struct { // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. // Please refer to the field `effectiveLabels` for all of the labels present on the resource. Labels pulumi.StringMapInput - // The name of the location this repository is located in. + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Location pulumi.StringPtrInput // MavenRepositoryConfig is maven related repository details. // Provides additional configuration details for repositories of the maven @@ -1326,6 +1371,8 @@ type RepositoryArgs struct { RemoteRepositoryConfig RepositoryRemoteRepositoryConfigPtrInput // The last part of the repository name, for example: // "repo1" + // + // *** RepositoryId pulumi.StringInput // Configuration specific for a Virtual Repository. // Structure is documented below. @@ -1459,8 +1506,6 @@ func (o RepositoryOutput) EffectiveLabels() pulumi.StringMapOutput { // can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). // You can only create alpha formats if you are a member of the // [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). -// -// *** func (o RepositoryOutput) Format() pulumi.StringOutput { return o.ApplyT(func(v *Repository) pulumi.StringOutput { return v.Format }).(pulumi.StringOutput) } @@ -1485,7 +1530,12 @@ func (o RepositoryOutput) Labels() pulumi.StringMapOutput { return o.ApplyT(func(v *Repository) pulumi.StringMapOutput { return v.Labels }).(pulumi.StringMapOutput) } -// The name of the location this repository is located in. +// The name of the repository's location. In addition to specific regions, +// special values for multi-region locations are `asia`, `europe`, and `us`. +// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), +// or use the +// artifactregistry.getLocations +// data source for possible values. func (o RepositoryOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *Repository) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } @@ -1531,6 +1581,8 @@ func (o RepositoryOutput) RemoteRepositoryConfig() RepositoryRemoteRepositoryCon // The last part of the repository name, for example: // "repo1" +// +// *** func (o RepositoryOutput) RepositoryId() pulumi.StringOutput { return o.ApplyT(func(v *Repository) pulumi.StringOutput { return v.RepositoryId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/artifactregistry/repositoryIamBinding.go b/sdk/go/gcp/artifactregistry/repositoryIamBinding.go index 9b22cf925d..4ada927db1 100644 --- a/sdk/go/gcp/artifactregistry/repositoryIamBinding.go +++ b/sdk/go/gcp/artifactregistry/repositoryIamBinding.go @@ -298,8 +298,12 @@ type RepositoryIamBinding struct { Condition RepositoryIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` @@ -368,8 +372,12 @@ type repositoryIamBindingState struct { Condition *RepositoryIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -400,8 +408,12 @@ type RepositoryIamBindingState struct { Condition RepositoryIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput @@ -434,8 +446,12 @@ func (RepositoryIamBindingState) ElementType() reflect.Type { type repositoryIamBindingArgs struct { Condition *RepositoryIamBindingCondition `pulumi:"condition"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -465,8 +481,12 @@ type repositoryIamBindingArgs struct { // The set of arguments for constructing a RepositoryIamBinding resource. type RepositoryIamBindingArgs struct { Condition RepositoryIamBindingConditionPtrInput - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput @@ -589,8 +609,12 @@ func (o RepositoryIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } -// The name of the location this repository is located in. -// Used to find the parent resource to bind the IAM policy to. If not specified, +// The name of the repository's location. In addition to specific regions, +// special values for multi-region locations are `asia`, `europe`, and `us`. +// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), +// or use the +// artifactregistry.getLocations +// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. func (o RepositoryIamBindingOutput) Location() pulumi.StringOutput { diff --git a/sdk/go/gcp/artifactregistry/repositoryIamMember.go b/sdk/go/gcp/artifactregistry/repositoryIamMember.go index aaebd2a823..179bb2ec9b 100644 --- a/sdk/go/gcp/artifactregistry/repositoryIamMember.go +++ b/sdk/go/gcp/artifactregistry/repositoryIamMember.go @@ -298,8 +298,12 @@ type RepositoryIamMember struct { Condition RepositoryIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` @@ -368,8 +372,12 @@ type repositoryIamMemberState struct { Condition *RepositoryIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -400,8 +408,12 @@ type RepositoryIamMemberState struct { Condition RepositoryIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput @@ -434,8 +446,12 @@ func (RepositoryIamMemberState) ElementType() reflect.Type { type repositoryIamMemberArgs struct { Condition *RepositoryIamMemberCondition `pulumi:"condition"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -465,8 +481,12 @@ type repositoryIamMemberArgs struct { // The set of arguments for constructing a RepositoryIamMember resource. type RepositoryIamMemberArgs struct { Condition RepositoryIamMemberConditionPtrInput - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput @@ -589,8 +609,12 @@ func (o RepositoryIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } -// The name of the location this repository is located in. -// Used to find the parent resource to bind the IAM policy to. If not specified, +// The name of the repository's location. In addition to specific regions, +// special values for multi-region locations are `asia`, `europe`, and `us`. +// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), +// or use the +// artifactregistry.getLocations +// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. func (o RepositoryIamMemberOutput) Location() pulumi.StringOutput { diff --git a/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go b/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go index 74c98ba6de..b7e9c8f0e3 100644 --- a/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go +++ b/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go @@ -297,8 +297,12 @@ type RepositoryIamPolicy struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringOutput `pulumi:"location"` @@ -350,8 +354,12 @@ func GetRepositoryIamPolicy(ctx *pulumi.Context, type repositoryIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -368,8 +376,12 @@ type repositoryIamPolicyState struct { type RepositoryIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput @@ -388,8 +400,12 @@ func (RepositoryIamPolicyState) ElementType() reflect.Type { } type repositoryIamPolicyArgs struct { - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location *string `pulumi:"location"` @@ -405,8 +421,12 @@ type repositoryIamPolicyArgs struct { // The set of arguments for constructing a RepositoryIamPolicy resource. type RepositoryIamPolicyArgs struct { - // The name of the location this repository is located in. - // Used to find the parent resource to bind the IAM policy to. If not specified, + // The name of the repository's location. In addition to specific regions, + // special values for multi-region locations are `asia`, `europe`, and `us`. + // See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + // or use the + // artifactregistry.getLocations + // data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. Location pulumi.StringPtrInput @@ -512,8 +532,12 @@ func (o RepositoryIamPolicyOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamPolicy) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } -// The name of the location this repository is located in. -// Used to find the parent resource to bind the IAM policy to. If not specified, +// The name of the repository's location. In addition to specific regions, +// special values for multi-region locations are `asia`, `europe`, and `us`. +// See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), +// or use the +// artifactregistry.getLocations +// data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no // location is specified, it is taken from the provider configuration. func (o RepositoryIamPolicyOutput) Location() pulumi.StringOutput { diff --git a/sdk/go/gcp/compute/getGlobalForwardingRule.go b/sdk/go/gcp/compute/getGlobalForwardingRule.go index e8eeea130e..f870356570 100644 --- a/sdk/go/gcp/compute/getGlobalForwardingRule.go +++ b/sdk/go/gcp/compute/getGlobalForwardingRule.go @@ -77,6 +77,7 @@ type LookupGlobalForwardingRuleResult struct { MetadataFilters []GetGlobalForwardingRuleMetadataFilter `pulumi:"metadataFilters"` Name string `pulumi:"name"` Network string `pulumi:"network"` + NetworkTier string `pulumi:"networkTier"` NoAutomateDnsZone bool `pulumi:"noAutomateDnsZone"` PortRange string `pulumi:"portRange"` Project *string `pulumi:"project"` @@ -192,6 +193,10 @@ func (o LookupGlobalForwardingRuleResultOutput) Network() pulumi.StringOutput { return o.ApplyT(func(v LookupGlobalForwardingRuleResult) string { return v.Network }).(pulumi.StringOutput) } +func (o LookupGlobalForwardingRuleResultOutput) NetworkTier() pulumi.StringOutput { + return o.ApplyT(func(v LookupGlobalForwardingRuleResult) string { return v.NetworkTier }).(pulumi.StringOutput) +} + func (o LookupGlobalForwardingRuleResultOutput) NoAutomateDnsZone() pulumi.BoolOutput { return o.ApplyT(func(v LookupGlobalForwardingRuleResult) bool { return v.NoAutomateDnsZone }).(pulumi.BoolOutput) } diff --git a/sdk/go/gcp/compute/globalForwardingRule.go b/sdk/go/gcp/compute/globalForwardingRule.go index 1b010c5b8e..7dcb073ab9 100644 --- a/sdk/go/gcp/compute/globalForwardingRule.go +++ b/sdk/go/gcp/compute/globalForwardingRule.go @@ -321,6 +321,7 @@ import ( // Target: defaultTargetHttpProxy.ID(), // PortRange: pulumi.String("80"), // LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"), +// NetworkTier: pulumi.String("PREMIUM"), // }) // if err != nil { // return err @@ -777,6 +778,17 @@ type GlobalForwardingRule struct { // For Private Service Connect forwarding rules that forward traffic to Google // APIs, a network must be provided. Network pulumi.StringOutput `pulumi:"network"` + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // `PREMIUM`, `STANDARD`. + // For regional ForwardingRule, the valid values are `PREMIUM` and + // `STANDARD`. For GlobalForwardingRule, the valid value is + // `PREMIUM`. + // If this field is not specified, it is assumed to be `PREMIUM`. + // If `IPAddress` is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: `PREMIUM`, `STANDARD`. + NetworkTier pulumi.StringOutput `pulumi:"networkTier"` // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDnsZone pulumi.BoolPtrOutput `pulumi:"noAutomateDnsZone"` // The `portRange` field has the following limitations: @@ -982,6 +994,17 @@ type globalForwardingRuleState struct { // For Private Service Connect forwarding rules that forward traffic to Google // APIs, a network must be provided. Network *string `pulumi:"network"` + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // `PREMIUM`, `STANDARD`. + // For regional ForwardingRule, the valid values are `PREMIUM` and + // `STANDARD`. For GlobalForwardingRule, the valid value is + // `PREMIUM`. + // If this field is not specified, it is assumed to be `PREMIUM`. + // If `IPAddress` is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: `PREMIUM`, `STANDARD`. + NetworkTier *string `pulumi:"networkTier"` // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDnsZone *bool `pulumi:"noAutomateDnsZone"` // The `portRange` field has the following limitations: @@ -1150,6 +1173,17 @@ type GlobalForwardingRuleState struct { // For Private Service Connect forwarding rules that forward traffic to Google // APIs, a network must be provided. Network pulumi.StringPtrInput + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // `PREMIUM`, `STANDARD`. + // For regional ForwardingRule, the valid values are `PREMIUM` and + // `STANDARD`. For GlobalForwardingRule, the valid value is + // `PREMIUM`. + // If this field is not specified, it is assumed to be `PREMIUM`. + // If `IPAddress` is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: `PREMIUM`, `STANDARD`. + NetworkTier pulumi.StringPtrInput // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDnsZone pulumi.BoolPtrInput // The `portRange` field has the following limitations: @@ -1313,6 +1347,17 @@ type globalForwardingRuleArgs struct { // For Private Service Connect forwarding rules that forward traffic to Google // APIs, a network must be provided. Network *string `pulumi:"network"` + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // `PREMIUM`, `STANDARD`. + // For regional ForwardingRule, the valid values are `PREMIUM` and + // `STANDARD`. For GlobalForwardingRule, the valid value is + // `PREMIUM`. + // If this field is not specified, it is assumed to be `PREMIUM`. + // If `IPAddress` is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: `PREMIUM`, `STANDARD`. + NetworkTier *string `pulumi:"networkTier"` // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDnsZone *bool `pulumi:"noAutomateDnsZone"` // The `portRange` field has the following limitations: @@ -1464,6 +1509,17 @@ type GlobalForwardingRuleArgs struct { // For Private Service Connect forwarding rules that forward traffic to Google // APIs, a network must be provided. Network pulumi.StringPtrInput + // This signifies the networking tier used for configuring + // this load balancer and can only take the following values: + // `PREMIUM`, `STANDARD`. + // For regional ForwardingRule, the valid values are `PREMIUM` and + // `STANDARD`. For GlobalForwardingRule, the valid value is + // `PREMIUM`. + // If this field is not specified, it is assumed to be `PREMIUM`. + // If `IPAddress` is specified, this value must be equal to the + // networkTier of the Address. + // Possible values are: `PREMIUM`, `STANDARD`. + NetworkTier pulumi.StringPtrInput // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. NoAutomateDnsZone pulumi.BoolPtrInput // The `portRange` field has the following limitations: @@ -1751,6 +1807,20 @@ func (o GlobalForwardingRuleOutput) Network() pulumi.StringOutput { return o.ApplyT(func(v *GlobalForwardingRule) pulumi.StringOutput { return v.Network }).(pulumi.StringOutput) } +// This signifies the networking tier used for configuring +// this load balancer and can only take the following values: +// `PREMIUM`, `STANDARD`. +// For regional ForwardingRule, the valid values are `PREMIUM` and +// `STANDARD`. For GlobalForwardingRule, the valid value is +// `PREMIUM`. +// If this field is not specified, it is assumed to be `PREMIUM`. +// If `IPAddress` is specified, this value must be equal to the +// networkTier of the Address. +// Possible values are: `PREMIUM`, `STANDARD`. +func (o GlobalForwardingRuleOutput) NetworkTier() pulumi.StringOutput { + return o.ApplyT(func(v *GlobalForwardingRule) pulumi.StringOutput { return v.NetworkTier }).(pulumi.StringOutput) +} + // This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. func (o GlobalForwardingRuleOutput) NoAutomateDnsZone() pulumi.BoolPtrOutput { return o.ApplyT(func(v *GlobalForwardingRule) pulumi.BoolPtrOutput { return v.NoAutomateDnsZone }).(pulumi.BoolPtrOutput) diff --git a/sdk/go/gcp/compute/projectCloudArmorTier.go b/sdk/go/gcp/compute/projectCloudArmorTier.go index f28544352d..62f1af8948 100644 --- a/sdk/go/gcp/compute/projectCloudArmorTier.go +++ b/sdk/go/gcp/compute/projectCloudArmorTier.go @@ -116,7 +116,7 @@ type ProjectCloudArmorTier struct { pulumi.CustomResourceState // Managed protection tier to be set. - // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. // // *** CloudArmorTier pulumi.StringOutput `pulumi:"cloudArmorTier"` @@ -159,7 +159,7 @@ func GetProjectCloudArmorTier(ctx *pulumi.Context, // Input properties used for looking up and filtering ProjectCloudArmorTier resources. type projectCloudArmorTierState struct { // Managed protection tier to be set. - // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. // // *** CloudArmorTier *string `pulumi:"cloudArmorTier"` @@ -170,7 +170,7 @@ type projectCloudArmorTierState struct { type ProjectCloudArmorTierState struct { // Managed protection tier to be set. - // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. // // *** CloudArmorTier pulumi.StringPtrInput @@ -185,7 +185,7 @@ func (ProjectCloudArmorTierState) ElementType() reflect.Type { type projectCloudArmorTierArgs struct { // Managed protection tier to be set. - // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. // // *** CloudArmorTier string `pulumi:"cloudArmorTier"` @@ -197,7 +197,7 @@ type projectCloudArmorTierArgs struct { // The set of arguments for constructing a ProjectCloudArmorTier resource. type ProjectCloudArmorTierArgs struct { // Managed protection tier to be set. - // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + // Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. // // *** CloudArmorTier pulumi.StringInput @@ -294,7 +294,7 @@ func (o ProjectCloudArmorTierOutput) ToProjectCloudArmorTierOutputWithContext(ct } // Managed protection tier to be set. -// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. +// Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. // // *** func (o ProjectCloudArmorTierOutput) CloudArmorTier() pulumi.StringOutput { diff --git a/sdk/go/gcp/firebase/databaseInstance.go b/sdk/go/gcp/firebase/databaseInstance.go index 04b48b9777..3e4a591fa1 100644 --- a/sdk/go/gcp/firebase/databaseInstance.go +++ b/sdk/go/gcp/firebase/databaseInstance.go @@ -80,6 +80,7 @@ import ( // "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase" // "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" // "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects" +// "github.com/pulumi/pulumi-time/sdk/go/time" // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" // // ) @@ -98,26 +99,45 @@ import ( // if err != nil { // return err // } +// firebase, err := projects.NewService(ctx, "firebase", &projects.ServiceArgs{ +// Project: _default.ProjectId, +// Service: pulumi.String("firebase.googleapis.com"), +// DisableOnDestroy: pulumi.Bool(false), +// }) +// if err != nil { +// return err +// } // defaultProject, err := firebase.NewProject(ctx, "default", &firebase.ProjectArgs{ // Project: _default.ProjectId, -// }) +// }, pulumi.DependsOn([]pulumi.Resource{ +// firebase, +// })) // if err != nil { // return err // } // firebaseDatabase, err := projects.NewService(ctx, "firebase_database", &projects.ServiceArgs{ -// Project: defaultProject.Project, -// Service: pulumi.String("firebasedatabase.googleapis.com"), +// Project: defaultProject.Project, +// Service: pulumi.String("firebasedatabase.googleapis.com"), +// DisableOnDestroy: pulumi.Bool(false), // }) // if err != nil { // return err // } +// wait60Seconds, err := time.NewSleep(ctx, "wait_60_seconds", &time.SleepArgs{ +// CreateDuration: "60s", +// }, pulumi.DependsOn([]pulumi.Resource{ +// firebaseDatabase, +// })) +// if err != nil { +// return err +// } // _, err = firebase.NewDatabaseInstance(ctx, "default", &firebase.DatabaseInstanceArgs{ // Project: defaultProject.Project, // Region: pulumi.String("us-central1"), // InstanceId: pulumi.String("rtdb-project-default-rtdb"), // Type: pulumi.String("DEFAULT_DATABASE"), // }, pulumi.DependsOn([]pulumi.Resource{ -// firebaseDatabase, +// wait60Seconds, // })) // if err != nil { // return err diff --git a/sdk/go/gcp/firebase/hostingVersion.go b/sdk/go/gcp/firebase/hostingVersion.go index 47d9736271..77d82784b7 100644 --- a/sdk/go/gcp/firebase/hostingVersion.go +++ b/sdk/go/gcp/firebase/hostingVersion.go @@ -63,6 +63,106 @@ import ( // } // // ``` +// ### Firebasehosting Version Headers +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := firebase.NewHostingSite(ctx, "default", &firebase.HostingSiteArgs{ +// Project: pulumi.String("my-project-name"), +// SiteId: pulumi.String("site-id"), +// }) +// if err != nil { +// return err +// } +// defaultHostingVersion, err := firebase.NewHostingVersion(ctx, "default", &firebase.HostingVersionArgs{ +// SiteId: _default.SiteId, +// Config: &firebase.HostingVersionConfigArgs{ +// Headers: firebase.HostingVersionConfigHeaderArray{ +// &firebase.HostingVersionConfigHeaderArgs{ +// Glob: pulumi.String("/headers/**"), +// Headers: pulumi.StringMap{ +// "my-header": pulumi.String("my-value"), +// }, +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// _, err = firebase.NewHostingRelease(ctx, "default", &firebase.HostingReleaseArgs{ +// SiteId: _default.SiteId, +// VersionName: defaultHostingVersion.Name, +// Message: pulumi.String("With custom headers"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// ### Firebasehosting Version Headers Regex +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/firebase" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := firebase.NewHostingSite(ctx, "default", &firebase.HostingSiteArgs{ +// Project: pulumi.String("my-project-name"), +// SiteId: pulumi.String("site-id"), +// }) +// if err != nil { +// return err +// } +// defaultHostingVersion, err := firebase.NewHostingVersion(ctx, "default", &firebase.HostingVersionArgs{ +// SiteId: _default.SiteId, +// Config: &firebase.HostingVersionConfigArgs{ +// Headers: firebase.HostingVersionConfigHeaderArray{ +// &firebase.HostingVersionConfigHeaderArgs{ +// Regex: pulumi.String("^~/headers$"), +// Headers: pulumi.StringMap{ +// "my-header": pulumi.String("my-value"), +// }, +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// _, err = firebase.NewHostingRelease(ctx, "default", &firebase.HostingReleaseArgs{ +// SiteId: _default.SiteId, +// VersionName: defaultHostingVersion.Name, +// Message: pulumi.String("With custom headers"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` // ### Firebasehosting Version Path // // ```go diff --git a/sdk/go/gcp/firebase/project.go b/sdk/go/gcp/firebase/project.go index e4d4da0e9b..f5be674c5c 100644 --- a/sdk/go/gcp/firebase/project.go +++ b/sdk/go/gcp/firebase/project.go @@ -11,7 +11,7 @@ import ( "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) -// A Google Cloud Firebase instance. This enables Firebase resources on a given google project. +// A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project. // Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP // identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. // Once Firebase has been added to a Google Project it cannot be removed. @@ -92,7 +92,7 @@ type Project struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` - // The number of the google project that firebase is enabled on. + // The number of the Google Project that Firebase is enabled on. ProjectNumber pulumi.StringOutput `pulumi:"projectNumber"` } @@ -131,7 +131,7 @@ type projectState struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `pulumi:"project"` - // The number of the google project that firebase is enabled on. + // The number of the Google Project that Firebase is enabled on. ProjectNumber *string `pulumi:"projectNumber"` } @@ -141,7 +141,7 @@ type ProjectState struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput - // The number of the google project that firebase is enabled on. + // The number of the Google Project that Firebase is enabled on. ProjectNumber pulumi.StringPtrInput } @@ -260,7 +260,7 @@ func (o ProjectOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *Project) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } -// The number of the google project that firebase is enabled on. +// The number of the Google Project that Firebase is enabled on. func (o ProjectOutput) ProjectNumber() pulumi.StringOutput { return o.ApplyT(func(v *Project) pulumi.StringOutput { return v.ProjectNumber }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/firebase/pulumiTypes.go b/sdk/go/gcp/firebase/pulumiTypes.go index 1efb2f44f5..ad1a23abdb 100644 --- a/sdk/go/gcp/firebase/pulumiTypes.go +++ b/sdk/go/gcp/firebase/pulumiTypes.go @@ -2861,6 +2861,10 @@ func (o HostingCustomDomainRequiredDnsUpdateDiscoveredRecordArrayOutput) Index(i } type HostingVersionConfig struct { + // An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + // triggers Hosting to apply the specified custom response headers. + // Structure is documented below. + Headers []HostingVersionConfigHeader `pulumi:"headers"` // An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, // triggers Hosting to respond with a redirect to the specified destination path. // Structure is documented below. @@ -2883,6 +2887,10 @@ type HostingVersionConfigInput interface { } type HostingVersionConfigArgs struct { + // An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + // triggers Hosting to apply the specified custom response headers. + // Structure is documented below. + Headers HostingVersionConfigHeaderArrayInput `pulumi:"headers"` // An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, // triggers Hosting to respond with a redirect to the specified destination path. // Structure is documented below. @@ -2970,6 +2978,13 @@ func (o HostingVersionConfigOutput) ToHostingVersionConfigPtrOutputWithContext(c }).(HostingVersionConfigPtrOutput) } +// An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, +// triggers Hosting to apply the specified custom response headers. +// Structure is documented below. +func (o HostingVersionConfigOutput) Headers() HostingVersionConfigHeaderArrayOutput { + return o.ApplyT(func(v HostingVersionConfig) []HostingVersionConfigHeader { return v.Headers }).(HostingVersionConfigHeaderArrayOutput) +} + // An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, // triggers Hosting to respond with a redirect to the specified destination path. // Structure is documented below. @@ -3008,6 +3023,18 @@ func (o HostingVersionConfigPtrOutput) Elem() HostingVersionConfigOutput { }).(HostingVersionConfigOutput) } +// An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, +// triggers Hosting to apply the specified custom response headers. +// Structure is documented below. +func (o HostingVersionConfigPtrOutput) Headers() HostingVersionConfigHeaderArrayOutput { + return o.ApplyT(func(v *HostingVersionConfig) []HostingVersionConfigHeader { + if v == nil { + return nil + } + return v.Headers + }).(HostingVersionConfigHeaderArrayOutput) +} + // An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, // triggers Hosting to respond with a redirect to the specified destination path. // Structure is documented below. @@ -3032,6 +3059,121 @@ func (o HostingVersionConfigPtrOutput) Rewrites() HostingVersionConfigRewriteArr }).(HostingVersionConfigRewriteArrayOutput) } +type HostingVersionConfigHeader struct { + // The user-supplied glob to match against the request URL path. + Glob *string `pulumi:"glob"` + // The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + Headers map[string]string `pulumi:"headers"` + // The user-supplied RE2 regular expression to match against the request URL path. + Regex *string `pulumi:"regex"` +} + +// HostingVersionConfigHeaderInput is an input type that accepts HostingVersionConfigHeaderArgs and HostingVersionConfigHeaderOutput values. +// You can construct a concrete instance of `HostingVersionConfigHeaderInput` via: +// +// HostingVersionConfigHeaderArgs{...} +type HostingVersionConfigHeaderInput interface { + pulumi.Input + + ToHostingVersionConfigHeaderOutput() HostingVersionConfigHeaderOutput + ToHostingVersionConfigHeaderOutputWithContext(context.Context) HostingVersionConfigHeaderOutput +} + +type HostingVersionConfigHeaderArgs struct { + // The user-supplied glob to match against the request URL path. + Glob pulumi.StringPtrInput `pulumi:"glob"` + // The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + Headers pulumi.StringMapInput `pulumi:"headers"` + // The user-supplied RE2 regular expression to match against the request URL path. + Regex pulumi.StringPtrInput `pulumi:"regex"` +} + +func (HostingVersionConfigHeaderArgs) ElementType() reflect.Type { + return reflect.TypeOf((*HostingVersionConfigHeader)(nil)).Elem() +} + +func (i HostingVersionConfigHeaderArgs) ToHostingVersionConfigHeaderOutput() HostingVersionConfigHeaderOutput { + return i.ToHostingVersionConfigHeaderOutputWithContext(context.Background()) +} + +func (i HostingVersionConfigHeaderArgs) ToHostingVersionConfigHeaderOutputWithContext(ctx context.Context) HostingVersionConfigHeaderOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostingVersionConfigHeaderOutput) +} + +// HostingVersionConfigHeaderArrayInput is an input type that accepts HostingVersionConfigHeaderArray and HostingVersionConfigHeaderArrayOutput values. +// You can construct a concrete instance of `HostingVersionConfigHeaderArrayInput` via: +// +// HostingVersionConfigHeaderArray{ HostingVersionConfigHeaderArgs{...} } +type HostingVersionConfigHeaderArrayInput interface { + pulumi.Input + + ToHostingVersionConfigHeaderArrayOutput() HostingVersionConfigHeaderArrayOutput + ToHostingVersionConfigHeaderArrayOutputWithContext(context.Context) HostingVersionConfigHeaderArrayOutput +} + +type HostingVersionConfigHeaderArray []HostingVersionConfigHeaderInput + +func (HostingVersionConfigHeaderArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostingVersionConfigHeader)(nil)).Elem() +} + +func (i HostingVersionConfigHeaderArray) ToHostingVersionConfigHeaderArrayOutput() HostingVersionConfigHeaderArrayOutput { + return i.ToHostingVersionConfigHeaderArrayOutputWithContext(context.Background()) +} + +func (i HostingVersionConfigHeaderArray) ToHostingVersionConfigHeaderArrayOutputWithContext(ctx context.Context) HostingVersionConfigHeaderArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(HostingVersionConfigHeaderArrayOutput) +} + +type HostingVersionConfigHeaderOutput struct{ *pulumi.OutputState } + +func (HostingVersionConfigHeaderOutput) ElementType() reflect.Type { + return reflect.TypeOf((*HostingVersionConfigHeader)(nil)).Elem() +} + +func (o HostingVersionConfigHeaderOutput) ToHostingVersionConfigHeaderOutput() HostingVersionConfigHeaderOutput { + return o +} + +func (o HostingVersionConfigHeaderOutput) ToHostingVersionConfigHeaderOutputWithContext(ctx context.Context) HostingVersionConfigHeaderOutput { + return o +} + +// The user-supplied glob to match against the request URL path. +func (o HostingVersionConfigHeaderOutput) Glob() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostingVersionConfigHeader) *string { return v.Glob }).(pulumi.StringPtrOutput) +} + +// The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. +func (o HostingVersionConfigHeaderOutput) Headers() pulumi.StringMapOutput { + return o.ApplyT(func(v HostingVersionConfigHeader) map[string]string { return v.Headers }).(pulumi.StringMapOutput) +} + +// The user-supplied RE2 regular expression to match against the request URL path. +func (o HostingVersionConfigHeaderOutput) Regex() pulumi.StringPtrOutput { + return o.ApplyT(func(v HostingVersionConfigHeader) *string { return v.Regex }).(pulumi.StringPtrOutput) +} + +type HostingVersionConfigHeaderArrayOutput struct{ *pulumi.OutputState } + +func (HostingVersionConfigHeaderArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]HostingVersionConfigHeader)(nil)).Elem() +} + +func (o HostingVersionConfigHeaderArrayOutput) ToHostingVersionConfigHeaderArrayOutput() HostingVersionConfigHeaderArrayOutput { + return o +} + +func (o HostingVersionConfigHeaderArrayOutput) ToHostingVersionConfigHeaderArrayOutputWithContext(ctx context.Context) HostingVersionConfigHeaderArrayOutput { + return o +} + +func (o HostingVersionConfigHeaderArrayOutput) Index(i pulumi.IntInput) HostingVersionConfigHeaderOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) HostingVersionConfigHeader { + return vs[0].([]HostingVersionConfigHeader)[vs[1].(int)] + }).(HostingVersionConfigHeaderOutput) +} + type HostingVersionConfigRedirect struct { // The user-supplied glob to match against the request URL path. Glob *string `pulumi:"glob"` @@ -3495,6 +3637,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*HostingCustomDomainRequiredDnsUpdateDiscoveredRecordArrayInput)(nil)).Elem(), HostingCustomDomainRequiredDnsUpdateDiscoveredRecordArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigInput)(nil)).Elem(), HostingVersionConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigPtrInput)(nil)).Elem(), HostingVersionConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigHeaderInput)(nil)).Elem(), HostingVersionConfigHeaderArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigHeaderArrayInput)(nil)).Elem(), HostingVersionConfigHeaderArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigRedirectInput)(nil)).Elem(), HostingVersionConfigRedirectArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigRedirectArrayInput)(nil)).Elem(), HostingVersionConfigRedirectArray{}) pulumi.RegisterInputType(reflect.TypeOf((*HostingVersionConfigRewriteInput)(nil)).Elem(), HostingVersionConfigRewriteArgs{}) @@ -3541,6 +3685,8 @@ func init() { pulumi.RegisterOutputType(HostingCustomDomainRequiredDnsUpdateDiscoveredRecordArrayOutput{}) pulumi.RegisterOutputType(HostingVersionConfigOutput{}) pulumi.RegisterOutputType(HostingVersionConfigPtrOutput{}) + pulumi.RegisterOutputType(HostingVersionConfigHeaderOutput{}) + pulumi.RegisterOutputType(HostingVersionConfigHeaderArrayOutput{}) pulumi.RegisterOutputType(HostingVersionConfigRedirectOutput{}) pulumi.RegisterOutputType(HostingVersionConfigRedirectArrayOutput{}) pulumi.RegisterOutputType(HostingVersionConfigRewriteOutput{}) diff --git a/sdk/go/gcp/identityplatform/config.go b/sdk/go/gcp/identityplatform/config.go index b228df232f..2fe5726ad1 100644 --- a/sdk/go/gcp/identityplatform/config.go +++ b/sdk/go/gcp/identityplatform/config.go @@ -106,7 +106,7 @@ import ( // Quota: &identityplatform.ConfigQuotaArgs{ // SignUpQuotaConfig: &identityplatform.ConfigQuotaSignUpQuotaConfigArgs{ // Quota: pulumi.Int(1000), -// StartTime: pulumi.String(""), +// StartTime: pulumi.String("2014-10-02T15:01:23Z"), // QuotaDuration: pulumi.String("7200s"), // }, // }, diff --git a/sdk/go/gcp/identityplatform/pulumiTypes.go b/sdk/go/gcp/identityplatform/pulumiTypes.go index 97f87e3ffa..40d48d3c9c 100644 --- a/sdk/go/gcp/identityplatform/pulumiTypes.go +++ b/sdk/go/gcp/identityplatform/pulumiTypes.go @@ -1704,7 +1704,7 @@ func (o ConfigMultiTenantPtrOutput) DefaultTenantLocation() pulumi.StringPtrOutp } type ConfigQuota struct { - // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. // Structure is documented below. SignUpQuotaConfig *ConfigQuotaSignUpQuotaConfig `pulumi:"signUpQuotaConfig"` } @@ -1721,7 +1721,7 @@ type ConfigQuotaInput interface { } type ConfigQuotaArgs struct { - // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + // Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. // Structure is documented below. SignUpQuotaConfig ConfigQuotaSignUpQuotaConfigPtrInput `pulumi:"signUpQuotaConfig"` } @@ -1803,7 +1803,7 @@ func (o ConfigQuotaOutput) ToConfigQuotaPtrOutputWithContext(ctx context.Context }).(ConfigQuotaPtrOutput) } -// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. +// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. // Structure is documented below. func (o ConfigQuotaOutput) SignUpQuotaConfig() ConfigQuotaSignUpQuotaConfigPtrOutput { return o.ApplyT(func(v ConfigQuota) *ConfigQuotaSignUpQuotaConfig { return v.SignUpQuotaConfig }).(ConfigQuotaSignUpQuotaConfigPtrOutput) @@ -1833,7 +1833,7 @@ func (o ConfigQuotaPtrOutput) Elem() ConfigQuotaOutput { }).(ConfigQuotaOutput) } -// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. +// Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. // Structure is documented below. func (o ConfigQuotaPtrOutput) SignUpQuotaConfig() ConfigQuotaSignUpQuotaConfigPtrOutput { return o.ApplyT(func(v *ConfigQuota) *ConfigQuotaSignUpQuotaConfig { @@ -1845,7 +1845,7 @@ func (o ConfigQuotaPtrOutput) SignUpQuotaConfig() ConfigQuotaSignUpQuotaConfigPt } type ConfigQuotaSignUpQuotaConfig struct { - // A sign up APIs quota that customers can override temporarily. + // A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. Quota *int `pulumi:"quota"` // How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". QuotaDuration *string `pulumi:"quotaDuration"` @@ -1865,7 +1865,7 @@ type ConfigQuotaSignUpQuotaConfigInput interface { } type ConfigQuotaSignUpQuotaConfigArgs struct { - // A sign up APIs quota that customers can override temporarily. + // A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. Quota pulumi.IntPtrInput `pulumi:"quota"` // How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". QuotaDuration pulumi.StringPtrInput `pulumi:"quotaDuration"` @@ -1950,7 +1950,7 @@ func (o ConfigQuotaSignUpQuotaConfigOutput) ToConfigQuotaSignUpQuotaConfigPtrOut }).(ConfigQuotaSignUpQuotaConfigPtrOutput) } -// A sign up APIs quota that customers can override temporarily. +// A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. func (o ConfigQuotaSignUpQuotaConfigOutput) Quota() pulumi.IntPtrOutput { return o.ApplyT(func(v ConfigQuotaSignUpQuotaConfig) *int { return v.Quota }).(pulumi.IntPtrOutput) } @@ -1989,7 +1989,7 @@ func (o ConfigQuotaSignUpQuotaConfigPtrOutput) Elem() ConfigQuotaSignUpQuotaConf }).(ConfigQuotaSignUpQuotaConfigOutput) } -// A sign up APIs quota that customers can override temporarily. +// A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. func (o ConfigQuotaSignUpQuotaConfigPtrOutput) Quota() pulumi.IntPtrOutput { return o.ApplyT(func(v *ConfigQuotaSignUpQuotaConfig) *int { if v == nil { diff --git a/sdk/go/gcp/looker/instance.go b/sdk/go/gcp/looker/instance.go index ed847ffd34..764617d20e 100644 --- a/sdk/go/gcp/looker/instance.go +++ b/sdk/go/gcp/looker/instance.go @@ -449,8 +449,11 @@ type Instance struct { // these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard // instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - // LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - // Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - // "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + // - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + // nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + // value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + // "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + // "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] PlatformEdition pulumi.StringPtrOutput `pulumi:"platformEdition"` // Whether private IP is enabled on the Looker instance. PrivateIpEnabled pulumi.BoolPtrOutput `pulumi:"privateIpEnabled"` @@ -553,8 +556,11 @@ type instanceState struct { // these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard // instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - // LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - // Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - // "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + // - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + // nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + // value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + // "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + // "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] PlatformEdition *string `pulumi:"platformEdition"` // Whether private IP is enabled on the Looker instance. PrivateIpEnabled *bool `pulumi:"privateIpEnabled"` @@ -625,8 +631,11 @@ type InstanceState struct { // these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard // instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - // LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - // Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - // "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + // - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + // nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + // value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + // "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + // "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] PlatformEdition pulumi.StringPtrInput // Whether private IP is enabled on the Looker instance. PrivateIpEnabled pulumi.BoolPtrInput @@ -688,8 +697,11 @@ type instanceArgs struct { // these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard // instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - // LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - // Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - // "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + // - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + // nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + // value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + // "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + // "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] PlatformEdition *string `pulumi:"platformEdition"` // Whether private IP is enabled on the Looker instance. PrivateIpEnabled *bool `pulumi:"privateIpEnabled"` @@ -745,8 +757,11 @@ type InstanceArgs struct { // these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard // instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - // LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - // Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - // "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + // - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + // nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + // value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + // "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + // "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] PlatformEdition pulumi.StringPtrInput // Whether private IP is enabled on the Looker instance. PrivateIpEnabled pulumi.BoolPtrInput @@ -948,8 +963,11 @@ func (o InstanceOutput) OauthConfig() InstanceOauthConfigOutput { // these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard // instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - // LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance -// Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", -// "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] +// - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: +// nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default +// value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", +// "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", +// "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] func (o InstanceOutput) PlatformEdition() pulumi.StringPtrOutput { return o.ApplyT(func(v *Instance) pulumi.StringPtrOutput { return v.PlatformEdition }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/gcp/networkconnectivity/pulumiTypes.go b/sdk/go/gcp/networkconnectivity/pulumiTypes.go index 2b87dd2233..3e35541260 100644 --- a/sdk/go/gcp/networkconnectivity/pulumiTypes.go +++ b/sdk/go/gcp/networkconnectivity/pulumiTypes.go @@ -2312,9 +2312,9 @@ func (o SpokeLinkedRouterApplianceInstancesPtrOutput) SiteToSiteDataTransfer() p type SpokeLinkedRouterApplianceInstancesInstance struct { // The IP address on the VM to use for peering. - IpAddress *string `pulumi:"ipAddress"` + IpAddress string `pulumi:"ipAddress"` // The URI of the virtual machine resource - VirtualMachine *string `pulumi:"virtualMachine"` + VirtualMachine string `pulumi:"virtualMachine"` } // SpokeLinkedRouterApplianceInstancesInstanceInput is an input type that accepts SpokeLinkedRouterApplianceInstancesInstanceArgs and SpokeLinkedRouterApplianceInstancesInstanceOutput values. @@ -2330,9 +2330,9 @@ type SpokeLinkedRouterApplianceInstancesInstanceInput interface { type SpokeLinkedRouterApplianceInstancesInstanceArgs struct { // The IP address on the VM to use for peering. - IpAddress pulumi.StringPtrInput `pulumi:"ipAddress"` + IpAddress pulumi.StringInput `pulumi:"ipAddress"` // The URI of the virtual machine resource - VirtualMachine pulumi.StringPtrInput `pulumi:"virtualMachine"` + VirtualMachine pulumi.StringInput `pulumi:"virtualMachine"` } func (SpokeLinkedRouterApplianceInstancesInstanceArgs) ElementType() reflect.Type { @@ -2387,13 +2387,13 @@ func (o SpokeLinkedRouterApplianceInstancesInstanceOutput) ToSpokeLinkedRouterAp } // The IP address on the VM to use for peering. -func (o SpokeLinkedRouterApplianceInstancesInstanceOutput) IpAddress() pulumi.StringPtrOutput { - return o.ApplyT(func(v SpokeLinkedRouterApplianceInstancesInstance) *string { return v.IpAddress }).(pulumi.StringPtrOutput) +func (o SpokeLinkedRouterApplianceInstancesInstanceOutput) IpAddress() pulumi.StringOutput { + return o.ApplyT(func(v SpokeLinkedRouterApplianceInstancesInstance) string { return v.IpAddress }).(pulumi.StringOutput) } // The URI of the virtual machine resource -func (o SpokeLinkedRouterApplianceInstancesInstanceOutput) VirtualMachine() pulumi.StringPtrOutput { - return o.ApplyT(func(v SpokeLinkedRouterApplianceInstancesInstance) *string { return v.VirtualMachine }).(pulumi.StringPtrOutput) +func (o SpokeLinkedRouterApplianceInstancesInstanceOutput) VirtualMachine() pulumi.StringOutput { + return o.ApplyT(func(v SpokeLinkedRouterApplianceInstancesInstance) string { return v.VirtualMachine }).(pulumi.StringOutput) } type SpokeLinkedRouterApplianceInstancesInstanceArrayOutput struct{ *pulumi.OutputState } diff --git a/sdk/go/gcp/networksecurity/authzPolicy.go b/sdk/go/gcp/networksecurity/authzPolicy.go new file mode 100644 index 0000000000..4ba02d6248 --- /dev/null +++ b/sdk/go/gcp/networksecurity/authzPolicy.go @@ -0,0 +1,682 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package networksecurity + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. +// +// To get more information about AuthzPolicy, see: +// +// * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies) +// +// ## Example Usage +// +// ### Network Services Authz Policy Advanced +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity" +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{ +// Name: pulumi.String("lb-network"), +// Project: pulumi.String("my-project-name"), +// AutoCreateSubnetworks: pulumi.Bool(false), +// }) +// if err != nil { +// return err +// } +// defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{ +// Name: pulumi.String("backend-subnet"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// IpCidrRange: pulumi.String("10.1.2.0/24"), +// Network: _default.ID(), +// }) +// if err != nil { +// return err +// } +// proxyOnly, err := compute.NewSubnetwork(ctx, "proxy_only", &compute.SubnetworkArgs{ +// Name: pulumi.String("proxy-only-subnet"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// IpCidrRange: pulumi.String("10.129.0.0/23"), +// Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"), +// Role: pulumi.String("ACTIVE"), +// Network: _default.ID(), +// }) +// if err != nil { +// return err +// } +// defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{ +// Name: pulumi.String("l7-ilb-ip-address"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// Subnetwork: defaultSubnetwork.ID(), +// AddressType: pulumi.String("INTERNAL"), +// Purpose: pulumi.String("GCE_ENDPOINT"), +// }) +// if err != nil { +// return err +// } +// defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{ +// Name: pulumi.String("l7-ilb-basic-check"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{ +// PortSpecification: pulumi.String("USE_SERVING_PORT"), +// }, +// }) +// if err != nil { +// return err +// } +// urlMap, err := compute.NewRegionBackendService(ctx, "url_map", &compute.RegionBackendServiceArgs{ +// Name: pulumi.String("l7-ilb-backend-service"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// HealthChecks: defaultRegionHealthCheck.ID(), +// }) +// if err != nil { +// return err +// } +// defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{ +// Name: pulumi.String("l7-ilb-map"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// DefaultService: urlMap.ID(), +// }) +// if err != nil { +// return err +// } +// defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{ +// Name: pulumi.String("l7-ilb-proxy"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// UrlMap: defaultRegionUrlMap.ID(), +// }) +// if err != nil { +// return err +// } +// defaultForwardingRule, err := compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{ +// Name: pulumi.String("l7-ilb-forwarding-rule"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// Network: _default.ID(), +// Subnetwork: defaultSubnetwork.ID(), +// IpProtocol: pulumi.String("TCP"), +// PortRange: pulumi.String("80"), +// Target: defaultRegionTargetHttpProxy.ID(), +// IpAddress: defaultAddress.ID(), +// }, pulumi.DependsOn([]pulumi.Resource{ +// proxyOnly, +// })) +// if err != nil { +// return err +// } +// authzExtension, err := compute.NewRegionBackendService(ctx, "authz_extension", &compute.RegionBackendServiceArgs{ +// Name: pulumi.String("authz-service"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// Protocol: pulumi.String("HTTP2"), +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// PortName: pulumi.String("grpc"), +// }) +// if err != nil { +// return err +// } +// defaultAuthzExtension, err := networkservices.NewAuthzExtension(ctx, "default", &networkservices.AuthzExtensionArgs{ +// Name: pulumi.String("my-authz-ext"), +// Project: pulumi.String("my-project-name"), +// Location: pulumi.String("us-west1"), +// Description: pulumi.String("my description"), +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// Authority: pulumi.String("ext11.com"), +// Service: authzExtension.SelfLink, +// Timeout: pulumi.String("0.1s"), +// FailOpen: pulumi.Bool(false), +// ForwardHeaders: pulumi.StringArray{ +// pulumi.String("Authorization"), +// }, +// }) +// if err != nil { +// return err +// } +// _, err = networksecurity.NewAuthzPolicy(ctx, "default", &networksecurity.AuthzPolicyArgs{ +// Name: pulumi.String("my-authz-policy"), +// Project: pulumi.String("my-project-name"), +// Location: pulumi.String("us-west1"), +// Description: pulumi.String("my description"), +// Target: &networksecurity.AuthzPolicyTargetArgs{ +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// Resources: pulumi.StringArray{ +// defaultForwardingRule.SelfLink, +// }, +// }, +// Action: pulumi.String("CUSTOM"), +// CustomProvider: &networksecurity.AuthzPolicyCustomProviderArgs{ +// AuthzExtension: &networksecurity.AuthzPolicyCustomProviderAuthzExtensionArgs{ +// Resources: pulumi.StringArray{ +// defaultAuthzExtension.ID(), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// AuthzPolicy can be imported using any of these accepted formats: +// +// * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}` +// +// * `{{project}}/{{location}}/{{name}}` +// +// * `{{location}}/{{name}}` +// +// * `{{name}}` +// +// When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}} +// ``` +type AuthzPolicy struct { + pulumi.CustomResourceState + + // When the action is CUSTOM, customProvider must be specified. + // When the action is ALLOW, only requests matching the policy will be allowed. + // When the action is DENY, only requests matching the policy will be denied. + // When a request arrives, the policies are evaluated in the following order: + // 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + // 2. If there are any DENY policies that match the request, the request is denied. + // 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + // 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + // Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + Action pulumi.StringOutput `pulumi:"action"` + // The timestamp when the resource was created. + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + // of cloudIap or authzExtension must be specified. + CustomProvider AuthzPolicyCustomProviderPtrOutput `pulumi:"customProvider"` + // A human-readable description of the resource. + Description pulumi.StringPtrOutput `pulumi:"description"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"` + // A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + // rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + // or Deny Action. Limited to 5 rules. + HttpRules AuthzPolicyHttpRuleArrayOutput `pulumi:"httpRules"` + // Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + // manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + // present on the resource. + Labels pulumi.StringMapOutput `pulumi:"labels"` + // The location of the resource. + Location pulumi.StringOutput `pulumi:"location"` + // Identifier. Name of the AuthzPolicy resource. + Name pulumi.StringOutput `pulumi:"name"` + Project pulumi.StringOutput `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"` + // Specifies the set of resources to which this policy should be applied to. + // Structure is documented below. + Target AuthzPolicyTargetOutput `pulumi:"target"` + // The timestamp when the resource was updated. + UpdateTime pulumi.StringOutput `pulumi:"updateTime"` +} + +// NewAuthzPolicy registers a new resource with the given unique name, arguments, and options. +func NewAuthzPolicy(ctx *pulumi.Context, + name string, args *AuthzPolicyArgs, opts ...pulumi.ResourceOption) (*AuthzPolicy, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Action == nil { + return nil, errors.New("invalid value for required argument 'Action'") + } + if args.Location == nil { + return nil, errors.New("invalid value for required argument 'Location'") + } + if args.Target == nil { + return nil, errors.New("invalid value for required argument 'Target'") + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "effectiveLabels", + "pulumiLabels", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource AuthzPolicy + err := ctx.RegisterResource("gcp:networksecurity/authzPolicy:AuthzPolicy", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetAuthzPolicy gets an existing AuthzPolicy resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetAuthzPolicy(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *AuthzPolicyState, opts ...pulumi.ResourceOption) (*AuthzPolicy, error) { + var resource AuthzPolicy + err := ctx.ReadResource("gcp:networksecurity/authzPolicy:AuthzPolicy", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering AuthzPolicy resources. +type authzPolicyState struct { + // When the action is CUSTOM, customProvider must be specified. + // When the action is ALLOW, only requests matching the policy will be allowed. + // When the action is DENY, only requests matching the policy will be denied. + // When a request arrives, the policies are evaluated in the following order: + // 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + // 2. If there are any DENY policies that match the request, the request is denied. + // 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + // 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + // Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + Action *string `pulumi:"action"` + // The timestamp when the resource was created. + CreateTime *string `pulumi:"createTime"` + // Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + // of cloudIap or authzExtension must be specified. + CustomProvider *AuthzPolicyCustomProvider `pulumi:"customProvider"` + // A human-readable description of the resource. + Description *string `pulumi:"description"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels map[string]string `pulumi:"effectiveLabels"` + // A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + // rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + // or Deny Action. Limited to 5 rules. + HttpRules []AuthzPolicyHttpRule `pulumi:"httpRules"` + // Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + // manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + // present on the resource. + Labels map[string]string `pulumi:"labels"` + // The location of the resource. + Location *string `pulumi:"location"` + // Identifier. Name of the AuthzPolicy resource. + Name *string `pulumi:"name"` + Project *string `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels map[string]string `pulumi:"pulumiLabels"` + // Specifies the set of resources to which this policy should be applied to. + // Structure is documented below. + Target *AuthzPolicyTarget `pulumi:"target"` + // The timestamp when the resource was updated. + UpdateTime *string `pulumi:"updateTime"` +} + +type AuthzPolicyState struct { + // When the action is CUSTOM, customProvider must be specified. + // When the action is ALLOW, only requests matching the policy will be allowed. + // When the action is DENY, only requests matching the policy will be denied. + // When a request arrives, the policies are evaluated in the following order: + // 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + // 2. If there are any DENY policies that match the request, the request is denied. + // 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + // 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + // Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + Action pulumi.StringPtrInput + // The timestamp when the resource was created. + CreateTime pulumi.StringPtrInput + // Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + // of cloudIap or authzExtension must be specified. + CustomProvider AuthzPolicyCustomProviderPtrInput + // A human-readable description of the resource. + Description pulumi.StringPtrInput + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapInput + // A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + // rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + // or Deny Action. Limited to 5 rules. + HttpRules AuthzPolicyHttpRuleArrayInput + // Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + // manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + // present on the resource. + Labels pulumi.StringMapInput + // The location of the resource. + Location pulumi.StringPtrInput + // Identifier. Name of the AuthzPolicy resource. + Name pulumi.StringPtrInput + Project pulumi.StringPtrInput + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapInput + // Specifies the set of resources to which this policy should be applied to. + // Structure is documented below. + Target AuthzPolicyTargetPtrInput + // The timestamp when the resource was updated. + UpdateTime pulumi.StringPtrInput +} + +func (AuthzPolicyState) ElementType() reflect.Type { + return reflect.TypeOf((*authzPolicyState)(nil)).Elem() +} + +type authzPolicyArgs struct { + // When the action is CUSTOM, customProvider must be specified. + // When the action is ALLOW, only requests matching the policy will be allowed. + // When the action is DENY, only requests matching the policy will be denied. + // When a request arrives, the policies are evaluated in the following order: + // 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + // 2. If there are any DENY policies that match the request, the request is denied. + // 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + // 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + // Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + Action string `pulumi:"action"` + // Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + // of cloudIap or authzExtension must be specified. + CustomProvider *AuthzPolicyCustomProvider `pulumi:"customProvider"` + // A human-readable description of the resource. + Description *string `pulumi:"description"` + // A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + // rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + // or Deny Action. Limited to 5 rules. + HttpRules []AuthzPolicyHttpRule `pulumi:"httpRules"` + // Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + // manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + // present on the resource. + Labels map[string]string `pulumi:"labels"` + // The location of the resource. + Location string `pulumi:"location"` + // Identifier. Name of the AuthzPolicy resource. + Name *string `pulumi:"name"` + Project *string `pulumi:"project"` + // Specifies the set of resources to which this policy should be applied to. + // Structure is documented below. + Target AuthzPolicyTarget `pulumi:"target"` +} + +// The set of arguments for constructing a AuthzPolicy resource. +type AuthzPolicyArgs struct { + // When the action is CUSTOM, customProvider must be specified. + // When the action is ALLOW, only requests matching the policy will be allowed. + // When the action is DENY, only requests matching the policy will be denied. + // When a request arrives, the policies are evaluated in the following order: + // 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + // 2. If there are any DENY policies that match the request, the request is denied. + // 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + // 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + // Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + Action pulumi.StringInput + // Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + // of cloudIap or authzExtension must be specified. + CustomProvider AuthzPolicyCustomProviderPtrInput + // A human-readable description of the resource. + Description pulumi.StringPtrInput + // A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + // rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + // or Deny Action. Limited to 5 rules. + HttpRules AuthzPolicyHttpRuleArrayInput + // Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + // manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + // present on the resource. + Labels pulumi.StringMapInput + // The location of the resource. + Location pulumi.StringInput + // Identifier. Name of the AuthzPolicy resource. + Name pulumi.StringPtrInput + Project pulumi.StringPtrInput + // Specifies the set of resources to which this policy should be applied to. + // Structure is documented below. + Target AuthzPolicyTargetInput +} + +func (AuthzPolicyArgs) ElementType() reflect.Type { + return reflect.TypeOf((*authzPolicyArgs)(nil)).Elem() +} + +type AuthzPolicyInput interface { + pulumi.Input + + ToAuthzPolicyOutput() AuthzPolicyOutput + ToAuthzPolicyOutputWithContext(ctx context.Context) AuthzPolicyOutput +} + +func (*AuthzPolicy) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicy)(nil)).Elem() +} + +func (i *AuthzPolicy) ToAuthzPolicyOutput() AuthzPolicyOutput { + return i.ToAuthzPolicyOutputWithContext(context.Background()) +} + +func (i *AuthzPolicy) ToAuthzPolicyOutputWithContext(ctx context.Context) AuthzPolicyOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyOutput) +} + +// AuthzPolicyArrayInput is an input type that accepts AuthzPolicyArray and AuthzPolicyArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyArrayInput` via: +// +// AuthzPolicyArray{ AuthzPolicyArgs{...} } +type AuthzPolicyArrayInput interface { + pulumi.Input + + ToAuthzPolicyArrayOutput() AuthzPolicyArrayOutput + ToAuthzPolicyArrayOutputWithContext(context.Context) AuthzPolicyArrayOutput +} + +type AuthzPolicyArray []AuthzPolicyInput + +func (AuthzPolicyArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*AuthzPolicy)(nil)).Elem() +} + +func (i AuthzPolicyArray) ToAuthzPolicyArrayOutput() AuthzPolicyArrayOutput { + return i.ToAuthzPolicyArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyArray) ToAuthzPolicyArrayOutputWithContext(ctx context.Context) AuthzPolicyArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyArrayOutput) +} + +// AuthzPolicyMapInput is an input type that accepts AuthzPolicyMap and AuthzPolicyMapOutput values. +// You can construct a concrete instance of `AuthzPolicyMapInput` via: +// +// AuthzPolicyMap{ "key": AuthzPolicyArgs{...} } +type AuthzPolicyMapInput interface { + pulumi.Input + + ToAuthzPolicyMapOutput() AuthzPolicyMapOutput + ToAuthzPolicyMapOutputWithContext(context.Context) AuthzPolicyMapOutput +} + +type AuthzPolicyMap map[string]AuthzPolicyInput + +func (AuthzPolicyMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*AuthzPolicy)(nil)).Elem() +} + +func (i AuthzPolicyMap) ToAuthzPolicyMapOutput() AuthzPolicyMapOutput { + return i.ToAuthzPolicyMapOutputWithContext(context.Background()) +} + +func (i AuthzPolicyMap) ToAuthzPolicyMapOutputWithContext(ctx context.Context) AuthzPolicyMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyMapOutput) +} + +type AuthzPolicyOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicy)(nil)).Elem() +} + +func (o AuthzPolicyOutput) ToAuthzPolicyOutput() AuthzPolicyOutput { + return o +} + +func (o AuthzPolicyOutput) ToAuthzPolicyOutputWithContext(ctx context.Context) AuthzPolicyOutput { + return o +} + +// When the action is CUSTOM, customProvider must be specified. +// When the action is ALLOW, only requests matching the policy will be allowed. +// When the action is DENY, only requests matching the policy will be denied. +// When a request arrives, the policies are evaluated in the following order: +// 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. +// 2. If there are any DENY policies that match the request, the request is denied. +// 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. +// 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. +// Possible values are: `ALLOW`, `DENY`, `CUSTOM`. +func (o AuthzPolicyOutput) Action() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringOutput { return v.Action }).(pulumi.StringOutput) +} + +// The timestamp when the resource was created. +func (o AuthzPolicyOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One +// of cloudIap or authzExtension must be specified. +func (o AuthzPolicyOutput) CustomProvider() AuthzPolicyCustomProviderPtrOutput { + return o.ApplyT(func(v *AuthzPolicy) AuthzPolicyCustomProviderPtrOutput { return v.CustomProvider }).(AuthzPolicyCustomProviderPtrOutput) +} + +// A human-readable description of the resource. +func (o AuthzPolicyOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. +func (o AuthzPolicyOutput) EffectiveLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringMapOutput { return v.EffectiveLabels }).(pulumi.StringMapOutput) +} + +// A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP +// rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow +// or Deny Action. Limited to 5 rules. +func (o AuthzPolicyOutput) HttpRules() AuthzPolicyHttpRuleArrayOutput { + return o.ApplyT(func(v *AuthzPolicy) AuthzPolicyHttpRuleArrayOutput { return v.HttpRules }).(AuthzPolicyHttpRuleArrayOutput) +} + +// Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only +// manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels +// present on the resource. +func (o AuthzPolicyOutput) Labels() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringMapOutput { return v.Labels }).(pulumi.StringMapOutput) +} + +// The location of the resource. +func (o AuthzPolicyOutput) Location() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) +} + +// Identifier. Name of the AuthzPolicy resource. +func (o AuthzPolicyOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +func (o AuthzPolicyOutput) Project() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) +} + +// The combination of labels configured directly on the resource +// and default labels configured on the provider. +func (o AuthzPolicyOutput) PulumiLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringMapOutput { return v.PulumiLabels }).(pulumi.StringMapOutput) +} + +// Specifies the set of resources to which this policy should be applied to. +// Structure is documented below. +func (o AuthzPolicyOutput) Target() AuthzPolicyTargetOutput { + return o.ApplyT(func(v *AuthzPolicy) AuthzPolicyTargetOutput { return v.Target }).(AuthzPolicyTargetOutput) +} + +// The timestamp when the resource was updated. +func (o AuthzPolicyOutput) UpdateTime() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzPolicy) pulumi.StringOutput { return v.UpdateTime }).(pulumi.StringOutput) +} + +type AuthzPolicyArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*AuthzPolicy)(nil)).Elem() +} + +func (o AuthzPolicyArrayOutput) ToAuthzPolicyArrayOutput() AuthzPolicyArrayOutput { + return o +} + +func (o AuthzPolicyArrayOutput) ToAuthzPolicyArrayOutputWithContext(ctx context.Context) AuthzPolicyArrayOutput { + return o +} + +func (o AuthzPolicyArrayOutput) Index(i pulumi.IntInput) AuthzPolicyOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *AuthzPolicy { + return vs[0].([]*AuthzPolicy)[vs[1].(int)] + }).(AuthzPolicyOutput) +} + +type AuthzPolicyMapOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*AuthzPolicy)(nil)).Elem() +} + +func (o AuthzPolicyMapOutput) ToAuthzPolicyMapOutput() AuthzPolicyMapOutput { + return o +} + +func (o AuthzPolicyMapOutput) ToAuthzPolicyMapOutputWithContext(ctx context.Context) AuthzPolicyMapOutput { + return o +} + +func (o AuthzPolicyMapOutput) MapIndex(k pulumi.StringInput) AuthzPolicyOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *AuthzPolicy { + return vs[0].(map[string]*AuthzPolicy)[vs[1].(string)] + }).(AuthzPolicyOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyInput)(nil)).Elem(), &AuthzPolicy{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyArrayInput)(nil)).Elem(), AuthzPolicyArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyMapInput)(nil)).Elem(), AuthzPolicyMap{}) + pulumi.RegisterOutputType(AuthzPolicyOutput{}) + pulumi.RegisterOutputType(AuthzPolicyArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyMapOutput{}) +} diff --git a/sdk/go/gcp/networksecurity/init.go b/sdk/go/gcp/networksecurity/init.go index 73f7c861fd..9bda5fc181 100644 --- a/sdk/go/gcp/networksecurity/init.go +++ b/sdk/go/gcp/networksecurity/init.go @@ -31,6 +31,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &AddressGroupIamPolicy{} case "gcp:networksecurity/authorizationPolicy:AuthorizationPolicy": r = &AuthorizationPolicy{} + case "gcp:networksecurity/authzPolicy:AuthzPolicy": + r = &AuthzPolicy{} case "gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy": r = &ClientTlsPolicy{} case "gcp:networksecurity/firewallEndpoint:FirewallEndpoint": @@ -41,6 +43,10 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &GatewaySecurityPolicy{} case "gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule": r = &GatewaySecurityPolicyRule{} + case "gcp:networksecurity/interceptDeployment:InterceptDeployment": + r = &InterceptDeployment{} + case "gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup": + r = &InterceptDeploymentGroup{} case "gcp:networksecurity/mirroringDeployment:MirroringDeployment": r = &MirroringDeployment{} case "gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup": @@ -97,6 +103,11 @@ func init() { "networksecurity/authorizationPolicy", &module{version}, ) + pulumi.RegisterResourceModule( + "gcp", + "networksecurity/authzPolicy", + &module{version}, + ) pulumi.RegisterResourceModule( "gcp", "networksecurity/clientTlsPolicy", @@ -122,6 +133,16 @@ func init() { "networksecurity/gatewaySecurityPolicyRule", &module{version}, ) + pulumi.RegisterResourceModule( + "gcp", + "networksecurity/interceptDeployment", + &module{version}, + ) + pulumi.RegisterResourceModule( + "gcp", + "networksecurity/interceptDeploymentGroup", + &module{version}, + ) pulumi.RegisterResourceModule( "gcp", "networksecurity/mirroringDeployment", diff --git a/sdk/go/gcp/networksecurity/interceptDeployment.go b/sdk/go/gcp/networksecurity/interceptDeployment.go new file mode 100644 index 0000000000..13d00f6fea --- /dev/null +++ b/sdk/go/gcp/networksecurity/interceptDeployment.go @@ -0,0 +1,597 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package networksecurity + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ### Network Security Intercept Deployment Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{ +// Name: pulumi.String("example-network"), +// AutoCreateSubnetworks: pulumi.Bool(false), +// }) +// if err != nil { +// return err +// } +// subnetwork, err := compute.NewSubnetwork(ctx, "subnetwork", &compute.SubnetworkArgs{ +// Name: pulumi.String("example-subnet"), +// Region: pulumi.String("us-central1"), +// IpCidrRange: pulumi.String("10.1.0.0/16"), +// Network: network.Name, +// }) +// if err != nil { +// return err +// } +// healthCheck, err := compute.NewRegionHealthCheck(ctx, "health_check", &compute.RegionHealthCheckArgs{ +// Name: pulumi.String("example-hc"), +// Region: pulumi.String("us-central1"), +// HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{ +// Port: pulumi.Int(80), +// }, +// }) +// if err != nil { +// return err +// } +// backendService, err := compute.NewRegionBackendService(ctx, "backend_service", &compute.RegionBackendServiceArgs{ +// Name: pulumi.String("example-bs"), +// Region: pulumi.String("us-central1"), +// HealthChecks: healthCheck.ID(), +// Protocol: pulumi.String("UDP"), +// LoadBalancingScheme: pulumi.String("INTERNAL"), +// }) +// if err != nil { +// return err +// } +// forwardingRule, err := compute.NewForwardingRule(ctx, "forwarding_rule", &compute.ForwardingRuleArgs{ +// Name: pulumi.String("example-fwr"), +// Region: pulumi.String("us-central1"), +// Network: network.Name, +// Subnetwork: subnetwork.Name, +// BackendService: backendService.ID(), +// LoadBalancingScheme: pulumi.String("INTERNAL"), +// Ports: pulumi.StringArray{ +// pulumi.String("6081"), +// }, +// IpProtocol: pulumi.String("UDP"), +// }) +// if err != nil { +// return err +// } +// deploymentGroup, err := networksecurity.NewInterceptDeploymentGroup(ctx, "deployment_group", &networksecurity.InterceptDeploymentGroupArgs{ +// InterceptDeploymentGroupId: pulumi.String("example-dg"), +// Location: pulumi.String("global"), +// Network: network.ID(), +// }) +// if err != nil { +// return err +// } +// _, err = networksecurity.NewInterceptDeployment(ctx, "default", &networksecurity.InterceptDeploymentArgs{ +// InterceptDeploymentId: pulumi.String("example-deployment"), +// Location: pulumi.String("us-central1-a"), +// ForwardingRule: forwardingRule.ID(), +// InterceptDeploymentGroup: deploymentGroup.ID(), +// Labels: pulumi.StringMap{ +// "foo": pulumi.String("bar"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// InterceptDeployment can be imported using any of these accepted formats: +// +// * `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` +// +// * `{{project}}/{{location}}/{{intercept_deployment_id}}` +// +// * `{{location}}/{{intercept_deployment_id}}` +// +// When using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}} +// ``` +type InterceptDeployment struct { + pulumi.CustomResourceState + + // Create time stamp + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"` + // Immutable. The regional load balancer which the intercepted traffic should be forwarded + // to. Format is: + // projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + ForwardingRule pulumi.StringOutput `pulumi:"forwardingRule"` + // Immutable. The Intercept Deployment Group that this resource is part of. Format is: + // `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + InterceptDeploymentGroup pulumi.StringOutput `pulumi:"interceptDeploymentGroup"` + // Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentId pulumi.StringOutput `pulumi:"interceptDeploymentId"` + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapOutput `pulumi:"labels"` + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + Location pulumi.StringOutput `pulumi:"location"` + // Identifier. The name of the InterceptDeployment. + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringOutput `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"` + // Whether reconciling is in progress, recommended per + // https://google.aip.dev/128. + Reconciling pulumi.BoolOutput `pulumi:"reconciling"` + // Current state of the deployment. + // Possible values: + // STATE_UNSPECIFIED + // ACTIVE + // CREATING + // DELETING + // OUT_OF_SYNC + // DELETE_FAILED + State pulumi.StringOutput `pulumi:"state"` + // Update time stamp + UpdateTime pulumi.StringOutput `pulumi:"updateTime"` +} + +// NewInterceptDeployment registers a new resource with the given unique name, arguments, and options. +func NewInterceptDeployment(ctx *pulumi.Context, + name string, args *InterceptDeploymentArgs, opts ...pulumi.ResourceOption) (*InterceptDeployment, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.ForwardingRule == nil { + return nil, errors.New("invalid value for required argument 'ForwardingRule'") + } + if args.InterceptDeploymentGroup == nil { + return nil, errors.New("invalid value for required argument 'InterceptDeploymentGroup'") + } + if args.InterceptDeploymentId == nil { + return nil, errors.New("invalid value for required argument 'InterceptDeploymentId'") + } + if args.Location == nil { + return nil, errors.New("invalid value for required argument 'Location'") + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "effectiveLabels", + "pulumiLabels", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource InterceptDeployment + err := ctx.RegisterResource("gcp:networksecurity/interceptDeployment:InterceptDeployment", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetInterceptDeployment gets an existing InterceptDeployment resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetInterceptDeployment(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *InterceptDeploymentState, opts ...pulumi.ResourceOption) (*InterceptDeployment, error) { + var resource InterceptDeployment + err := ctx.ReadResource("gcp:networksecurity/interceptDeployment:InterceptDeployment", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering InterceptDeployment resources. +type interceptDeploymentState struct { + // Create time stamp + CreateTime *string `pulumi:"createTime"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels map[string]string `pulumi:"effectiveLabels"` + // Immutable. The regional load balancer which the intercepted traffic should be forwarded + // to. Format is: + // projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + ForwardingRule *string `pulumi:"forwardingRule"` + // Immutable. The Intercept Deployment Group that this resource is part of. Format is: + // `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + InterceptDeploymentGroup *string `pulumi:"interceptDeploymentGroup"` + // Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentId *string `pulumi:"interceptDeploymentId"` + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels map[string]string `pulumi:"labels"` + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + Location *string `pulumi:"location"` + // Identifier. The name of the InterceptDeployment. + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels map[string]string `pulumi:"pulumiLabels"` + // Whether reconciling is in progress, recommended per + // https://google.aip.dev/128. + Reconciling *bool `pulumi:"reconciling"` + // Current state of the deployment. + // Possible values: + // STATE_UNSPECIFIED + // ACTIVE + // CREATING + // DELETING + // OUT_OF_SYNC + // DELETE_FAILED + State *string `pulumi:"state"` + // Update time stamp + UpdateTime *string `pulumi:"updateTime"` +} + +type InterceptDeploymentState struct { + // Create time stamp + CreateTime pulumi.StringPtrInput + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapInput + // Immutable. The regional load balancer which the intercepted traffic should be forwarded + // to. Format is: + // projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + ForwardingRule pulumi.StringPtrInput + // Immutable. The Intercept Deployment Group that this resource is part of. Format is: + // `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + InterceptDeploymentGroup pulumi.StringPtrInput + // Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentId pulumi.StringPtrInput + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapInput + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + Location pulumi.StringPtrInput + // Identifier. The name of the InterceptDeployment. + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapInput + // Whether reconciling is in progress, recommended per + // https://google.aip.dev/128. + Reconciling pulumi.BoolPtrInput + // Current state of the deployment. + // Possible values: + // STATE_UNSPECIFIED + // ACTIVE + // CREATING + // DELETING + // OUT_OF_SYNC + // DELETE_FAILED + State pulumi.StringPtrInput + // Update time stamp + UpdateTime pulumi.StringPtrInput +} + +func (InterceptDeploymentState) ElementType() reflect.Type { + return reflect.TypeOf((*interceptDeploymentState)(nil)).Elem() +} + +type interceptDeploymentArgs struct { + // Immutable. The regional load balancer which the intercepted traffic should be forwarded + // to. Format is: + // projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + ForwardingRule string `pulumi:"forwardingRule"` + // Immutable. The Intercept Deployment Group that this resource is part of. Format is: + // `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + InterceptDeploymentGroup string `pulumi:"interceptDeploymentGroup"` + // Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentId string `pulumi:"interceptDeploymentId"` + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels map[string]string `pulumi:"labels"` + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + Location string `pulumi:"location"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` +} + +// The set of arguments for constructing a InterceptDeployment resource. +type InterceptDeploymentArgs struct { + // Immutable. The regional load balancer which the intercepted traffic should be forwarded + // to. Format is: + // projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + ForwardingRule pulumi.StringInput + // Immutable. The Intercept Deployment Group that this resource is part of. Format is: + // `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + InterceptDeploymentGroup pulumi.StringInput + // Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentId pulumi.StringInput + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapInput + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + Location pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput +} + +func (InterceptDeploymentArgs) ElementType() reflect.Type { + return reflect.TypeOf((*interceptDeploymentArgs)(nil)).Elem() +} + +type InterceptDeploymentInput interface { + pulumi.Input + + ToInterceptDeploymentOutput() InterceptDeploymentOutput + ToInterceptDeploymentOutputWithContext(ctx context.Context) InterceptDeploymentOutput +} + +func (*InterceptDeployment) ElementType() reflect.Type { + return reflect.TypeOf((**InterceptDeployment)(nil)).Elem() +} + +func (i *InterceptDeployment) ToInterceptDeploymentOutput() InterceptDeploymentOutput { + return i.ToInterceptDeploymentOutputWithContext(context.Background()) +} + +func (i *InterceptDeployment) ToInterceptDeploymentOutputWithContext(ctx context.Context) InterceptDeploymentOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentOutput) +} + +// InterceptDeploymentArrayInput is an input type that accepts InterceptDeploymentArray and InterceptDeploymentArrayOutput values. +// You can construct a concrete instance of `InterceptDeploymentArrayInput` via: +// +// InterceptDeploymentArray{ InterceptDeploymentArgs{...} } +type InterceptDeploymentArrayInput interface { + pulumi.Input + + ToInterceptDeploymentArrayOutput() InterceptDeploymentArrayOutput + ToInterceptDeploymentArrayOutputWithContext(context.Context) InterceptDeploymentArrayOutput +} + +type InterceptDeploymentArray []InterceptDeploymentInput + +func (InterceptDeploymentArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*InterceptDeployment)(nil)).Elem() +} + +func (i InterceptDeploymentArray) ToInterceptDeploymentArrayOutput() InterceptDeploymentArrayOutput { + return i.ToInterceptDeploymentArrayOutputWithContext(context.Background()) +} + +func (i InterceptDeploymentArray) ToInterceptDeploymentArrayOutputWithContext(ctx context.Context) InterceptDeploymentArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentArrayOutput) +} + +// InterceptDeploymentMapInput is an input type that accepts InterceptDeploymentMap and InterceptDeploymentMapOutput values. +// You can construct a concrete instance of `InterceptDeploymentMapInput` via: +// +// InterceptDeploymentMap{ "key": InterceptDeploymentArgs{...} } +type InterceptDeploymentMapInput interface { + pulumi.Input + + ToInterceptDeploymentMapOutput() InterceptDeploymentMapOutput + ToInterceptDeploymentMapOutputWithContext(context.Context) InterceptDeploymentMapOutput +} + +type InterceptDeploymentMap map[string]InterceptDeploymentInput + +func (InterceptDeploymentMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*InterceptDeployment)(nil)).Elem() +} + +func (i InterceptDeploymentMap) ToInterceptDeploymentMapOutput() InterceptDeploymentMapOutput { + return i.ToInterceptDeploymentMapOutputWithContext(context.Background()) +} + +func (i InterceptDeploymentMap) ToInterceptDeploymentMapOutputWithContext(ctx context.Context) InterceptDeploymentMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentMapOutput) +} + +type InterceptDeploymentOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentOutput) ElementType() reflect.Type { + return reflect.TypeOf((**InterceptDeployment)(nil)).Elem() +} + +func (o InterceptDeploymentOutput) ToInterceptDeploymentOutput() InterceptDeploymentOutput { + return o +} + +func (o InterceptDeploymentOutput) ToInterceptDeploymentOutputWithContext(ctx context.Context) InterceptDeploymentOutput { + return o +} + +// Create time stamp +func (o InterceptDeploymentOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. +func (o InterceptDeploymentOutput) EffectiveLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringMapOutput { return v.EffectiveLabels }).(pulumi.StringMapOutput) +} + +// Immutable. The regional load balancer which the intercepted traffic should be forwarded +// to. Format is: +// projects/{project}/regions/{region}/forwardingRules/{forwardingRule} +func (o InterceptDeploymentOutput) ForwardingRule() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.ForwardingRule }).(pulumi.StringOutput) +} + +// Immutable. The Intercept Deployment Group that this resource is part of. Format is: +// `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` +func (o InterceptDeploymentOutput) InterceptDeploymentGroup() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.InterceptDeploymentGroup }).(pulumi.StringOutput) +} + +// Id of the requesting object +// If auto-generating Id server-side, remove this field and +// interceptDeploymentId from the methodSignature of Create RPC +// +// *** +func (o InterceptDeploymentOutput) InterceptDeploymentId() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.InterceptDeploymentId }).(pulumi.StringOutput) +} + +// Optional. Labels as key value pairs +// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. +// Please refer to the field `effectiveLabels` for all of the labels present on the resource. +func (o InterceptDeploymentOutput) Labels() pulumi.StringMapOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringMapOutput { return v.Labels }).(pulumi.StringMapOutput) +} + +// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. +func (o InterceptDeploymentOutput) Location() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) +} + +// Identifier. The name of the InterceptDeployment. +func (o InterceptDeploymentOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The ID of the project in which the resource belongs. +// If it is not provided, the provider project is used. +func (o InterceptDeploymentOutput) Project() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) +} + +// The combination of labels configured directly on the resource +// and default labels configured on the provider. +func (o InterceptDeploymentOutput) PulumiLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringMapOutput { return v.PulumiLabels }).(pulumi.StringMapOutput) +} + +// Whether reconciling is in progress, recommended per +// https://google.aip.dev/128. +func (o InterceptDeploymentOutput) Reconciling() pulumi.BoolOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.BoolOutput { return v.Reconciling }).(pulumi.BoolOutput) +} + +// Current state of the deployment. +// Possible values: +// STATE_UNSPECIFIED +// ACTIVE +// CREATING +// DELETING +// OUT_OF_SYNC +// DELETE_FAILED +func (o InterceptDeploymentOutput) State() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.State }).(pulumi.StringOutput) +} + +// Update time stamp +func (o InterceptDeploymentOutput) UpdateTime() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeployment) pulumi.StringOutput { return v.UpdateTime }).(pulumi.StringOutput) +} + +type InterceptDeploymentArrayOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*InterceptDeployment)(nil)).Elem() +} + +func (o InterceptDeploymentArrayOutput) ToInterceptDeploymentArrayOutput() InterceptDeploymentArrayOutput { + return o +} + +func (o InterceptDeploymentArrayOutput) ToInterceptDeploymentArrayOutputWithContext(ctx context.Context) InterceptDeploymentArrayOutput { + return o +} + +func (o InterceptDeploymentArrayOutput) Index(i pulumi.IntInput) InterceptDeploymentOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *InterceptDeployment { + return vs[0].([]*InterceptDeployment)[vs[1].(int)] + }).(InterceptDeploymentOutput) +} + +type InterceptDeploymentMapOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*InterceptDeployment)(nil)).Elem() +} + +func (o InterceptDeploymentMapOutput) ToInterceptDeploymentMapOutput() InterceptDeploymentMapOutput { + return o +} + +func (o InterceptDeploymentMapOutput) ToInterceptDeploymentMapOutputWithContext(ctx context.Context) InterceptDeploymentMapOutput { + return o +} + +func (o InterceptDeploymentMapOutput) MapIndex(k pulumi.StringInput) InterceptDeploymentOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *InterceptDeployment { + return vs[0].(map[string]*InterceptDeployment)[vs[1].(string)] + }).(InterceptDeploymentOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentInput)(nil)).Elem(), &InterceptDeployment{}) + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentArrayInput)(nil)).Elem(), InterceptDeploymentArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentMapInput)(nil)).Elem(), InterceptDeploymentMap{}) + pulumi.RegisterOutputType(InterceptDeploymentOutput{}) + pulumi.RegisterOutputType(InterceptDeploymentArrayOutput{}) + pulumi.RegisterOutputType(InterceptDeploymentMapOutput{}) +} diff --git a/sdk/go/gcp/networksecurity/interceptDeploymentGroup.go b/sdk/go/gcp/networksecurity/interceptDeploymentGroup.go new file mode 100644 index 0000000000..1ca5fbf91e --- /dev/null +++ b/sdk/go/gcp/networksecurity/interceptDeploymentGroup.go @@ -0,0 +1,527 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package networksecurity + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// ## Example Usage +// +// ### Network Security Intercept Deployment Group Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// network, err := compute.NewNetwork(ctx, "network", &compute.NetworkArgs{ +// Name: pulumi.String("example-network"), +// AutoCreateSubnetworks: pulumi.Bool(false), +// }) +// if err != nil { +// return err +// } +// _, err = networksecurity.NewInterceptDeploymentGroup(ctx, "default", &networksecurity.InterceptDeploymentGroupArgs{ +// InterceptDeploymentGroupId: pulumi.String("example-dg"), +// Location: pulumi.String("global"), +// Network: network.ID(), +// Labels: pulumi.StringMap{ +// "foo": pulumi.String("bar"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// InterceptDeploymentGroup can be imported using any of these accepted formats: +// +// * `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}` +// +// * `{{project}}/{{location}}/{{intercept_deployment_group_id}}` +// +// * `{{location}}/{{intercept_deployment_group_id}}` +// +// When using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}} +// ``` +// +// ```sh +// $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}} +// ``` +type InterceptDeploymentGroup struct { + pulumi.CustomResourceState + + // Output only. The list of Intercept Endpoint Groups that are connected to this resource. + // Structure is documented below. + ConnectedEndpointGroups InterceptDeploymentGroupConnectedEndpointGroupArrayOutput `pulumi:"connectedEndpointGroups"` + // Output only. [Output only] Create time stamp + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"` + // Required. Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentGroupId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentGroupId pulumi.StringOutput `pulumi:"interceptDeploymentGroupId"` + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapOutput `pulumi:"labels"` + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + Location pulumi.StringOutput `pulumi:"location"` + // (Output) + // Output only. A connected intercept endpoint group. + Name pulumi.StringOutput `pulumi:"name"` + // Required. Immutable. The network that is being used for the deployment. Format is: + // projects/{project}/global/networks/{network}. + Network pulumi.StringOutput `pulumi:"network"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringOutput `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"` + // Output only. Whether reconciling is in progress, recommended per + // https://google.aip.dev/128. + Reconciling pulumi.BoolOutput `pulumi:"reconciling"` + // Output only. Current state of the deployment group. + // Possible values: + // STATE_UNSPECIFIED + // ACTIVE + // CREATING + // DELETING + State pulumi.StringOutput `pulumi:"state"` + // Output only. [Output only] Update time stamp + UpdateTime pulumi.StringOutput `pulumi:"updateTime"` +} + +// NewInterceptDeploymentGroup registers a new resource with the given unique name, arguments, and options. +func NewInterceptDeploymentGroup(ctx *pulumi.Context, + name string, args *InterceptDeploymentGroupArgs, opts ...pulumi.ResourceOption) (*InterceptDeploymentGroup, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.InterceptDeploymentGroupId == nil { + return nil, errors.New("invalid value for required argument 'InterceptDeploymentGroupId'") + } + if args.Location == nil { + return nil, errors.New("invalid value for required argument 'Location'") + } + if args.Network == nil { + return nil, errors.New("invalid value for required argument 'Network'") + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "effectiveLabels", + "pulumiLabels", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource InterceptDeploymentGroup + err := ctx.RegisterResource("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetInterceptDeploymentGroup gets an existing InterceptDeploymentGroup resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetInterceptDeploymentGroup(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *InterceptDeploymentGroupState, opts ...pulumi.ResourceOption) (*InterceptDeploymentGroup, error) { + var resource InterceptDeploymentGroup + err := ctx.ReadResource("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering InterceptDeploymentGroup resources. +type interceptDeploymentGroupState struct { + // Output only. The list of Intercept Endpoint Groups that are connected to this resource. + // Structure is documented below. + ConnectedEndpointGroups []InterceptDeploymentGroupConnectedEndpointGroup `pulumi:"connectedEndpointGroups"` + // Output only. [Output only] Create time stamp + CreateTime *string `pulumi:"createTime"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels map[string]string `pulumi:"effectiveLabels"` + // Required. Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentGroupId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentGroupId *string `pulumi:"interceptDeploymentGroupId"` + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels map[string]string `pulumi:"labels"` + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + Location *string `pulumi:"location"` + // (Output) + // Output only. A connected intercept endpoint group. + Name *string `pulumi:"name"` + // Required. Immutable. The network that is being used for the deployment. Format is: + // projects/{project}/global/networks/{network}. + Network *string `pulumi:"network"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels map[string]string `pulumi:"pulumiLabels"` + // Output only. Whether reconciling is in progress, recommended per + // https://google.aip.dev/128. + Reconciling *bool `pulumi:"reconciling"` + // Output only. Current state of the deployment group. + // Possible values: + // STATE_UNSPECIFIED + // ACTIVE + // CREATING + // DELETING + State *string `pulumi:"state"` + // Output only. [Output only] Update time stamp + UpdateTime *string `pulumi:"updateTime"` +} + +type InterceptDeploymentGroupState struct { + // Output only. The list of Intercept Endpoint Groups that are connected to this resource. + // Structure is documented below. + ConnectedEndpointGroups InterceptDeploymentGroupConnectedEndpointGroupArrayInput + // Output only. [Output only] Create time stamp + CreateTime pulumi.StringPtrInput + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapInput + // Required. Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentGroupId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentGroupId pulumi.StringPtrInput + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapInput + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + Location pulumi.StringPtrInput + // (Output) + // Output only. A connected intercept endpoint group. + Name pulumi.StringPtrInput + // Required. Immutable. The network that is being used for the deployment. Format is: + // projects/{project}/global/networks/{network}. + Network pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapInput + // Output only. Whether reconciling is in progress, recommended per + // https://google.aip.dev/128. + Reconciling pulumi.BoolPtrInput + // Output only. Current state of the deployment group. + // Possible values: + // STATE_UNSPECIFIED + // ACTIVE + // CREATING + // DELETING + State pulumi.StringPtrInput + // Output only. [Output only] Update time stamp + UpdateTime pulumi.StringPtrInput +} + +func (InterceptDeploymentGroupState) ElementType() reflect.Type { + return reflect.TypeOf((*interceptDeploymentGroupState)(nil)).Elem() +} + +type interceptDeploymentGroupArgs struct { + // Required. Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentGroupId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentGroupId string `pulumi:"interceptDeploymentGroupId"` + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels map[string]string `pulumi:"labels"` + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + Location string `pulumi:"location"` + // Required. Immutable. The network that is being used for the deployment. Format is: + // projects/{project}/global/networks/{network}. + Network string `pulumi:"network"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` +} + +// The set of arguments for constructing a InterceptDeploymentGroup resource. +type InterceptDeploymentGroupArgs struct { + // Required. Id of the requesting object + // If auto-generating Id server-side, remove this field and + // interceptDeploymentGroupId from the methodSignature of Create RPC + // + // *** + InterceptDeploymentGroupId pulumi.StringInput + // Optional. Labels as key value pairs + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapInput + // Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + Location pulumi.StringInput + // Required. Immutable. The network that is being used for the deployment. Format is: + // projects/{project}/global/networks/{network}. + Network pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput +} + +func (InterceptDeploymentGroupArgs) ElementType() reflect.Type { + return reflect.TypeOf((*interceptDeploymentGroupArgs)(nil)).Elem() +} + +type InterceptDeploymentGroupInput interface { + pulumi.Input + + ToInterceptDeploymentGroupOutput() InterceptDeploymentGroupOutput + ToInterceptDeploymentGroupOutputWithContext(ctx context.Context) InterceptDeploymentGroupOutput +} + +func (*InterceptDeploymentGroup) ElementType() reflect.Type { + return reflect.TypeOf((**InterceptDeploymentGroup)(nil)).Elem() +} + +func (i *InterceptDeploymentGroup) ToInterceptDeploymentGroupOutput() InterceptDeploymentGroupOutput { + return i.ToInterceptDeploymentGroupOutputWithContext(context.Background()) +} + +func (i *InterceptDeploymentGroup) ToInterceptDeploymentGroupOutputWithContext(ctx context.Context) InterceptDeploymentGroupOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentGroupOutput) +} + +// InterceptDeploymentGroupArrayInput is an input type that accepts InterceptDeploymentGroupArray and InterceptDeploymentGroupArrayOutput values. +// You can construct a concrete instance of `InterceptDeploymentGroupArrayInput` via: +// +// InterceptDeploymentGroupArray{ InterceptDeploymentGroupArgs{...} } +type InterceptDeploymentGroupArrayInput interface { + pulumi.Input + + ToInterceptDeploymentGroupArrayOutput() InterceptDeploymentGroupArrayOutput + ToInterceptDeploymentGroupArrayOutputWithContext(context.Context) InterceptDeploymentGroupArrayOutput +} + +type InterceptDeploymentGroupArray []InterceptDeploymentGroupInput + +func (InterceptDeploymentGroupArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*InterceptDeploymentGroup)(nil)).Elem() +} + +func (i InterceptDeploymentGroupArray) ToInterceptDeploymentGroupArrayOutput() InterceptDeploymentGroupArrayOutput { + return i.ToInterceptDeploymentGroupArrayOutputWithContext(context.Background()) +} + +func (i InterceptDeploymentGroupArray) ToInterceptDeploymentGroupArrayOutputWithContext(ctx context.Context) InterceptDeploymentGroupArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentGroupArrayOutput) +} + +// InterceptDeploymentGroupMapInput is an input type that accepts InterceptDeploymentGroupMap and InterceptDeploymentGroupMapOutput values. +// You can construct a concrete instance of `InterceptDeploymentGroupMapInput` via: +// +// InterceptDeploymentGroupMap{ "key": InterceptDeploymentGroupArgs{...} } +type InterceptDeploymentGroupMapInput interface { + pulumi.Input + + ToInterceptDeploymentGroupMapOutput() InterceptDeploymentGroupMapOutput + ToInterceptDeploymentGroupMapOutputWithContext(context.Context) InterceptDeploymentGroupMapOutput +} + +type InterceptDeploymentGroupMap map[string]InterceptDeploymentGroupInput + +func (InterceptDeploymentGroupMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*InterceptDeploymentGroup)(nil)).Elem() +} + +func (i InterceptDeploymentGroupMap) ToInterceptDeploymentGroupMapOutput() InterceptDeploymentGroupMapOutput { + return i.ToInterceptDeploymentGroupMapOutputWithContext(context.Background()) +} + +func (i InterceptDeploymentGroupMap) ToInterceptDeploymentGroupMapOutputWithContext(ctx context.Context) InterceptDeploymentGroupMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentGroupMapOutput) +} + +type InterceptDeploymentGroupOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentGroupOutput) ElementType() reflect.Type { + return reflect.TypeOf((**InterceptDeploymentGroup)(nil)).Elem() +} + +func (o InterceptDeploymentGroupOutput) ToInterceptDeploymentGroupOutput() InterceptDeploymentGroupOutput { + return o +} + +func (o InterceptDeploymentGroupOutput) ToInterceptDeploymentGroupOutputWithContext(ctx context.Context) InterceptDeploymentGroupOutput { + return o +} + +// Output only. The list of Intercept Endpoint Groups that are connected to this resource. +// Structure is documented below. +func (o InterceptDeploymentGroupOutput) ConnectedEndpointGroups() InterceptDeploymentGroupConnectedEndpointGroupArrayOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) InterceptDeploymentGroupConnectedEndpointGroupArrayOutput { + return v.ConnectedEndpointGroups + }).(InterceptDeploymentGroupConnectedEndpointGroupArrayOutput) +} + +// Output only. [Output only] Create time stamp +func (o InterceptDeploymentGroupOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. +func (o InterceptDeploymentGroupOutput) EffectiveLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringMapOutput { return v.EffectiveLabels }).(pulumi.StringMapOutput) +} + +// Required. Id of the requesting object +// If auto-generating Id server-side, remove this field and +// interceptDeploymentGroupId from the methodSignature of Create RPC +// +// *** +func (o InterceptDeploymentGroupOutput) InterceptDeploymentGroupId() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.InterceptDeploymentGroupId }).(pulumi.StringOutput) +} + +// Optional. Labels as key value pairs +// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. +// Please refer to the field `effectiveLabels` for all of the labels present on the resource. +func (o InterceptDeploymentGroupOutput) Labels() pulumi.StringMapOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringMapOutput { return v.Labels }).(pulumi.StringMapOutput) +} + +// Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. +func (o InterceptDeploymentGroupOutput) Location() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) +} + +// (Output) +// Output only. A connected intercept endpoint group. +func (o InterceptDeploymentGroupOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// Required. Immutable. The network that is being used for the deployment. Format is: +// projects/{project}/global/networks/{network}. +func (o InterceptDeploymentGroupOutput) Network() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.Network }).(pulumi.StringOutput) +} + +// The ID of the project in which the resource belongs. +// If it is not provided, the provider project is used. +func (o InterceptDeploymentGroupOutput) Project() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) +} + +// The combination of labels configured directly on the resource +// and default labels configured on the provider. +func (o InterceptDeploymentGroupOutput) PulumiLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringMapOutput { return v.PulumiLabels }).(pulumi.StringMapOutput) +} + +// Output only. Whether reconciling is in progress, recommended per +// https://google.aip.dev/128. +func (o InterceptDeploymentGroupOutput) Reconciling() pulumi.BoolOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.BoolOutput { return v.Reconciling }).(pulumi.BoolOutput) +} + +// Output only. Current state of the deployment group. +// Possible values: +// STATE_UNSPECIFIED +// ACTIVE +// CREATING +// DELETING +func (o InterceptDeploymentGroupOutput) State() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.State }).(pulumi.StringOutput) +} + +// Output only. [Output only] Update time stamp +func (o InterceptDeploymentGroupOutput) UpdateTime() pulumi.StringOutput { + return o.ApplyT(func(v *InterceptDeploymentGroup) pulumi.StringOutput { return v.UpdateTime }).(pulumi.StringOutput) +} + +type InterceptDeploymentGroupArrayOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentGroupArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*InterceptDeploymentGroup)(nil)).Elem() +} + +func (o InterceptDeploymentGroupArrayOutput) ToInterceptDeploymentGroupArrayOutput() InterceptDeploymentGroupArrayOutput { + return o +} + +func (o InterceptDeploymentGroupArrayOutput) ToInterceptDeploymentGroupArrayOutputWithContext(ctx context.Context) InterceptDeploymentGroupArrayOutput { + return o +} + +func (o InterceptDeploymentGroupArrayOutput) Index(i pulumi.IntInput) InterceptDeploymentGroupOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *InterceptDeploymentGroup { + return vs[0].([]*InterceptDeploymentGroup)[vs[1].(int)] + }).(InterceptDeploymentGroupOutput) +} + +type InterceptDeploymentGroupMapOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentGroupMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*InterceptDeploymentGroup)(nil)).Elem() +} + +func (o InterceptDeploymentGroupMapOutput) ToInterceptDeploymentGroupMapOutput() InterceptDeploymentGroupMapOutput { + return o +} + +func (o InterceptDeploymentGroupMapOutput) ToInterceptDeploymentGroupMapOutputWithContext(ctx context.Context) InterceptDeploymentGroupMapOutput { + return o +} + +func (o InterceptDeploymentGroupMapOutput) MapIndex(k pulumi.StringInput) InterceptDeploymentGroupOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *InterceptDeploymentGroup { + return vs[0].(map[string]*InterceptDeploymentGroup)[vs[1].(string)] + }).(InterceptDeploymentGroupOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentGroupInput)(nil)).Elem(), &InterceptDeploymentGroup{}) + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentGroupArrayInput)(nil)).Elem(), InterceptDeploymentGroupArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentGroupMapInput)(nil)).Elem(), InterceptDeploymentGroupMap{}) + pulumi.RegisterOutputType(InterceptDeploymentGroupOutput{}) + pulumi.RegisterOutputType(InterceptDeploymentGroupArrayOutput{}) + pulumi.RegisterOutputType(InterceptDeploymentGroupMapOutput{}) +} diff --git a/sdk/go/gcp/networksecurity/pulumiTypes.go b/sdk/go/gcp/networksecurity/pulumiTypes.go index 426ecb4cbb..e1c70b4b3c 100644 --- a/sdk/go/gcp/networksecurity/pulumiTypes.go +++ b/sdk/go/gcp/networksecurity/pulumiTypes.go @@ -857,6 +857,3555 @@ func (o AuthorizationPolicyRuleSourceArrayOutput) Index(i pulumi.IntInput) Autho }).(AuthorizationPolicyRuleSourceOutput) } +type AuthzPolicyCustomProvider struct { + // Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + // Structure is documented below. + AuthzExtension *AuthzPolicyCustomProviderAuthzExtension `pulumi:"authzExtension"` + // Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + // Structure is documented below. + CloudIap *AuthzPolicyCustomProviderCloudIap `pulumi:"cloudIap"` +} + +// AuthzPolicyCustomProviderInput is an input type that accepts AuthzPolicyCustomProviderArgs and AuthzPolicyCustomProviderOutput values. +// You can construct a concrete instance of `AuthzPolicyCustomProviderInput` via: +// +// AuthzPolicyCustomProviderArgs{...} +type AuthzPolicyCustomProviderInput interface { + pulumi.Input + + ToAuthzPolicyCustomProviderOutput() AuthzPolicyCustomProviderOutput + ToAuthzPolicyCustomProviderOutputWithContext(context.Context) AuthzPolicyCustomProviderOutput +} + +type AuthzPolicyCustomProviderArgs struct { + // Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + // Structure is documented below. + AuthzExtension AuthzPolicyCustomProviderAuthzExtensionPtrInput `pulumi:"authzExtension"` + // Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + // Structure is documented below. + CloudIap AuthzPolicyCustomProviderCloudIapPtrInput `pulumi:"cloudIap"` +} + +func (AuthzPolicyCustomProviderArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyCustomProvider)(nil)).Elem() +} + +func (i AuthzPolicyCustomProviderArgs) ToAuthzPolicyCustomProviderOutput() AuthzPolicyCustomProviderOutput { + return i.ToAuthzPolicyCustomProviderOutputWithContext(context.Background()) +} + +func (i AuthzPolicyCustomProviderArgs) ToAuthzPolicyCustomProviderOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderOutput) +} + +func (i AuthzPolicyCustomProviderArgs) ToAuthzPolicyCustomProviderPtrOutput() AuthzPolicyCustomProviderPtrOutput { + return i.ToAuthzPolicyCustomProviderPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyCustomProviderArgs) ToAuthzPolicyCustomProviderPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderOutput).ToAuthzPolicyCustomProviderPtrOutputWithContext(ctx) +} + +// AuthzPolicyCustomProviderPtrInput is an input type that accepts AuthzPolicyCustomProviderArgs, AuthzPolicyCustomProviderPtr and AuthzPolicyCustomProviderPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyCustomProviderPtrInput` via: +// +// AuthzPolicyCustomProviderArgs{...} +// +// or: +// +// nil +type AuthzPolicyCustomProviderPtrInput interface { + pulumi.Input + + ToAuthzPolicyCustomProviderPtrOutput() AuthzPolicyCustomProviderPtrOutput + ToAuthzPolicyCustomProviderPtrOutputWithContext(context.Context) AuthzPolicyCustomProviderPtrOutput +} + +type authzPolicyCustomProviderPtrType AuthzPolicyCustomProviderArgs + +func AuthzPolicyCustomProviderPtr(v *AuthzPolicyCustomProviderArgs) AuthzPolicyCustomProviderPtrInput { + return (*authzPolicyCustomProviderPtrType)(v) +} + +func (*authzPolicyCustomProviderPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyCustomProvider)(nil)).Elem() +} + +func (i *authzPolicyCustomProviderPtrType) ToAuthzPolicyCustomProviderPtrOutput() AuthzPolicyCustomProviderPtrOutput { + return i.ToAuthzPolicyCustomProviderPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyCustomProviderPtrType) ToAuthzPolicyCustomProviderPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderPtrOutput) +} + +type AuthzPolicyCustomProviderOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyCustomProviderOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyCustomProvider)(nil)).Elem() +} + +func (o AuthzPolicyCustomProviderOutput) ToAuthzPolicyCustomProviderOutput() AuthzPolicyCustomProviderOutput { + return o +} + +func (o AuthzPolicyCustomProviderOutput) ToAuthzPolicyCustomProviderOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderOutput { + return o +} + +func (o AuthzPolicyCustomProviderOutput) ToAuthzPolicyCustomProviderPtrOutput() AuthzPolicyCustomProviderPtrOutput { + return o.ToAuthzPolicyCustomProviderPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyCustomProviderOutput) ToAuthzPolicyCustomProviderPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyCustomProvider) *AuthzPolicyCustomProvider { + return &v + }).(AuthzPolicyCustomProviderPtrOutput) +} + +// Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. +// Structure is documented below. +func (o AuthzPolicyCustomProviderOutput) AuthzExtension() AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return o.ApplyT(func(v AuthzPolicyCustomProvider) *AuthzPolicyCustomProviderAuthzExtension { return v.AuthzExtension }).(AuthzPolicyCustomProviderAuthzExtensionPtrOutput) +} + +// Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. +// Structure is documented below. +func (o AuthzPolicyCustomProviderOutput) CloudIap() AuthzPolicyCustomProviderCloudIapPtrOutput { + return o.ApplyT(func(v AuthzPolicyCustomProvider) *AuthzPolicyCustomProviderCloudIap { return v.CloudIap }).(AuthzPolicyCustomProviderCloudIapPtrOutput) +} + +type AuthzPolicyCustomProviderPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyCustomProviderPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyCustomProvider)(nil)).Elem() +} + +func (o AuthzPolicyCustomProviderPtrOutput) ToAuthzPolicyCustomProviderPtrOutput() AuthzPolicyCustomProviderPtrOutput { + return o +} + +func (o AuthzPolicyCustomProviderPtrOutput) ToAuthzPolicyCustomProviderPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderPtrOutput { + return o +} + +func (o AuthzPolicyCustomProviderPtrOutput) Elem() AuthzPolicyCustomProviderOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProvider) AuthzPolicyCustomProvider { + if v != nil { + return *v + } + var ret AuthzPolicyCustomProvider + return ret + }).(AuthzPolicyCustomProviderOutput) +} + +// Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. +// Structure is documented below. +func (o AuthzPolicyCustomProviderPtrOutput) AuthzExtension() AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProvider) *AuthzPolicyCustomProviderAuthzExtension { + if v == nil { + return nil + } + return v.AuthzExtension + }).(AuthzPolicyCustomProviderAuthzExtensionPtrOutput) +} + +// Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. +// Structure is documented below. +func (o AuthzPolicyCustomProviderPtrOutput) CloudIap() AuthzPolicyCustomProviderCloudIapPtrOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProvider) *AuthzPolicyCustomProviderCloudIap { + if v == nil { + return nil + } + return v.CloudIap + }).(AuthzPolicyCustomProviderCloudIapPtrOutput) +} + +type AuthzPolicyCustomProviderAuthzExtension struct { + // A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + Resources []string `pulumi:"resources"` +} + +// AuthzPolicyCustomProviderAuthzExtensionInput is an input type that accepts AuthzPolicyCustomProviderAuthzExtensionArgs and AuthzPolicyCustomProviderAuthzExtensionOutput values. +// You can construct a concrete instance of `AuthzPolicyCustomProviderAuthzExtensionInput` via: +// +// AuthzPolicyCustomProviderAuthzExtensionArgs{...} +type AuthzPolicyCustomProviderAuthzExtensionInput interface { + pulumi.Input + + ToAuthzPolicyCustomProviderAuthzExtensionOutput() AuthzPolicyCustomProviderAuthzExtensionOutput + ToAuthzPolicyCustomProviderAuthzExtensionOutputWithContext(context.Context) AuthzPolicyCustomProviderAuthzExtensionOutput +} + +type AuthzPolicyCustomProviderAuthzExtensionArgs struct { + // A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + Resources pulumi.StringArrayInput `pulumi:"resources"` +} + +func (AuthzPolicyCustomProviderAuthzExtensionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyCustomProviderAuthzExtension)(nil)).Elem() +} + +func (i AuthzPolicyCustomProviderAuthzExtensionArgs) ToAuthzPolicyCustomProviderAuthzExtensionOutput() AuthzPolicyCustomProviderAuthzExtensionOutput { + return i.ToAuthzPolicyCustomProviderAuthzExtensionOutputWithContext(context.Background()) +} + +func (i AuthzPolicyCustomProviderAuthzExtensionArgs) ToAuthzPolicyCustomProviderAuthzExtensionOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderAuthzExtensionOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderAuthzExtensionOutput) +} + +func (i AuthzPolicyCustomProviderAuthzExtensionArgs) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutput() AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return i.ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyCustomProviderAuthzExtensionArgs) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderAuthzExtensionOutput).ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(ctx) +} + +// AuthzPolicyCustomProviderAuthzExtensionPtrInput is an input type that accepts AuthzPolicyCustomProviderAuthzExtensionArgs, AuthzPolicyCustomProviderAuthzExtensionPtr and AuthzPolicyCustomProviderAuthzExtensionPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyCustomProviderAuthzExtensionPtrInput` via: +// +// AuthzPolicyCustomProviderAuthzExtensionArgs{...} +// +// or: +// +// nil +type AuthzPolicyCustomProviderAuthzExtensionPtrInput interface { + pulumi.Input + + ToAuthzPolicyCustomProviderAuthzExtensionPtrOutput() AuthzPolicyCustomProviderAuthzExtensionPtrOutput + ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(context.Context) AuthzPolicyCustomProviderAuthzExtensionPtrOutput +} + +type authzPolicyCustomProviderAuthzExtensionPtrType AuthzPolicyCustomProviderAuthzExtensionArgs + +func AuthzPolicyCustomProviderAuthzExtensionPtr(v *AuthzPolicyCustomProviderAuthzExtensionArgs) AuthzPolicyCustomProviderAuthzExtensionPtrInput { + return (*authzPolicyCustomProviderAuthzExtensionPtrType)(v) +} + +func (*authzPolicyCustomProviderAuthzExtensionPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyCustomProviderAuthzExtension)(nil)).Elem() +} + +func (i *authzPolicyCustomProviderAuthzExtensionPtrType) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutput() AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return i.ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyCustomProviderAuthzExtensionPtrType) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderAuthzExtensionPtrOutput) +} + +type AuthzPolicyCustomProviderAuthzExtensionOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyCustomProviderAuthzExtensionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyCustomProviderAuthzExtension)(nil)).Elem() +} + +func (o AuthzPolicyCustomProviderAuthzExtensionOutput) ToAuthzPolicyCustomProviderAuthzExtensionOutput() AuthzPolicyCustomProviderAuthzExtensionOutput { + return o +} + +func (o AuthzPolicyCustomProviderAuthzExtensionOutput) ToAuthzPolicyCustomProviderAuthzExtensionOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderAuthzExtensionOutput { + return o +} + +func (o AuthzPolicyCustomProviderAuthzExtensionOutput) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutput() AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return o.ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyCustomProviderAuthzExtensionOutput) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyCustomProviderAuthzExtension) *AuthzPolicyCustomProviderAuthzExtension { + return &v + }).(AuthzPolicyCustomProviderAuthzExtensionPtrOutput) +} + +// A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. +func (o AuthzPolicyCustomProviderAuthzExtensionOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v AuthzPolicyCustomProviderAuthzExtension) []string { return v.Resources }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyCustomProviderAuthzExtensionPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyCustomProviderAuthzExtensionPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyCustomProviderAuthzExtension)(nil)).Elem() +} + +func (o AuthzPolicyCustomProviderAuthzExtensionPtrOutput) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutput() AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return o +} + +func (o AuthzPolicyCustomProviderAuthzExtensionPtrOutput) ToAuthzPolicyCustomProviderAuthzExtensionPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderAuthzExtensionPtrOutput { + return o +} + +func (o AuthzPolicyCustomProviderAuthzExtensionPtrOutput) Elem() AuthzPolicyCustomProviderAuthzExtensionOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProviderAuthzExtension) AuthzPolicyCustomProviderAuthzExtension { + if v != nil { + return *v + } + var ret AuthzPolicyCustomProviderAuthzExtension + return ret + }).(AuthzPolicyCustomProviderAuthzExtensionOutput) +} + +// A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. +func (o AuthzPolicyCustomProviderAuthzExtensionPtrOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProviderAuthzExtension) []string { + if v == nil { + return nil + } + return v.Resources + }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyCustomProviderCloudIap struct { + // Enable Cloud IAP at the AuthzPolicy level. + Enabled bool `pulumi:"enabled"` +} + +// AuthzPolicyCustomProviderCloudIapInput is an input type that accepts AuthzPolicyCustomProviderCloudIapArgs and AuthzPolicyCustomProviderCloudIapOutput values. +// You can construct a concrete instance of `AuthzPolicyCustomProviderCloudIapInput` via: +// +// AuthzPolicyCustomProviderCloudIapArgs{...} +type AuthzPolicyCustomProviderCloudIapInput interface { + pulumi.Input + + ToAuthzPolicyCustomProviderCloudIapOutput() AuthzPolicyCustomProviderCloudIapOutput + ToAuthzPolicyCustomProviderCloudIapOutputWithContext(context.Context) AuthzPolicyCustomProviderCloudIapOutput +} + +type AuthzPolicyCustomProviderCloudIapArgs struct { + // Enable Cloud IAP at the AuthzPolicy level. + Enabled pulumi.BoolInput `pulumi:"enabled"` +} + +func (AuthzPolicyCustomProviderCloudIapArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyCustomProviderCloudIap)(nil)).Elem() +} + +func (i AuthzPolicyCustomProviderCloudIapArgs) ToAuthzPolicyCustomProviderCloudIapOutput() AuthzPolicyCustomProviderCloudIapOutput { + return i.ToAuthzPolicyCustomProviderCloudIapOutputWithContext(context.Background()) +} + +func (i AuthzPolicyCustomProviderCloudIapArgs) ToAuthzPolicyCustomProviderCloudIapOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderCloudIapOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderCloudIapOutput) +} + +func (i AuthzPolicyCustomProviderCloudIapArgs) ToAuthzPolicyCustomProviderCloudIapPtrOutput() AuthzPolicyCustomProviderCloudIapPtrOutput { + return i.ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyCustomProviderCloudIapArgs) ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderCloudIapPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderCloudIapOutput).ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(ctx) +} + +// AuthzPolicyCustomProviderCloudIapPtrInput is an input type that accepts AuthzPolicyCustomProviderCloudIapArgs, AuthzPolicyCustomProviderCloudIapPtr and AuthzPolicyCustomProviderCloudIapPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyCustomProviderCloudIapPtrInput` via: +// +// AuthzPolicyCustomProviderCloudIapArgs{...} +// +// or: +// +// nil +type AuthzPolicyCustomProviderCloudIapPtrInput interface { + pulumi.Input + + ToAuthzPolicyCustomProviderCloudIapPtrOutput() AuthzPolicyCustomProviderCloudIapPtrOutput + ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(context.Context) AuthzPolicyCustomProviderCloudIapPtrOutput +} + +type authzPolicyCustomProviderCloudIapPtrType AuthzPolicyCustomProviderCloudIapArgs + +func AuthzPolicyCustomProviderCloudIapPtr(v *AuthzPolicyCustomProviderCloudIapArgs) AuthzPolicyCustomProviderCloudIapPtrInput { + return (*authzPolicyCustomProviderCloudIapPtrType)(v) +} + +func (*authzPolicyCustomProviderCloudIapPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyCustomProviderCloudIap)(nil)).Elem() +} + +func (i *authzPolicyCustomProviderCloudIapPtrType) ToAuthzPolicyCustomProviderCloudIapPtrOutput() AuthzPolicyCustomProviderCloudIapPtrOutput { + return i.ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyCustomProviderCloudIapPtrType) ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderCloudIapPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyCustomProviderCloudIapPtrOutput) +} + +type AuthzPolicyCustomProviderCloudIapOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyCustomProviderCloudIapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyCustomProviderCloudIap)(nil)).Elem() +} + +func (o AuthzPolicyCustomProviderCloudIapOutput) ToAuthzPolicyCustomProviderCloudIapOutput() AuthzPolicyCustomProviderCloudIapOutput { + return o +} + +func (o AuthzPolicyCustomProviderCloudIapOutput) ToAuthzPolicyCustomProviderCloudIapOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderCloudIapOutput { + return o +} + +func (o AuthzPolicyCustomProviderCloudIapOutput) ToAuthzPolicyCustomProviderCloudIapPtrOutput() AuthzPolicyCustomProviderCloudIapPtrOutput { + return o.ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyCustomProviderCloudIapOutput) ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderCloudIapPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyCustomProviderCloudIap) *AuthzPolicyCustomProviderCloudIap { + return &v + }).(AuthzPolicyCustomProviderCloudIapPtrOutput) +} + +// Enable Cloud IAP at the AuthzPolicy level. +func (o AuthzPolicyCustomProviderCloudIapOutput) Enabled() pulumi.BoolOutput { + return o.ApplyT(func(v AuthzPolicyCustomProviderCloudIap) bool { return v.Enabled }).(pulumi.BoolOutput) +} + +type AuthzPolicyCustomProviderCloudIapPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyCustomProviderCloudIapPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyCustomProviderCloudIap)(nil)).Elem() +} + +func (o AuthzPolicyCustomProviderCloudIapPtrOutput) ToAuthzPolicyCustomProviderCloudIapPtrOutput() AuthzPolicyCustomProviderCloudIapPtrOutput { + return o +} + +func (o AuthzPolicyCustomProviderCloudIapPtrOutput) ToAuthzPolicyCustomProviderCloudIapPtrOutputWithContext(ctx context.Context) AuthzPolicyCustomProviderCloudIapPtrOutput { + return o +} + +func (o AuthzPolicyCustomProviderCloudIapPtrOutput) Elem() AuthzPolicyCustomProviderCloudIapOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProviderCloudIap) AuthzPolicyCustomProviderCloudIap { + if v != nil { + return *v + } + var ret AuthzPolicyCustomProviderCloudIap + return ret + }).(AuthzPolicyCustomProviderCloudIapOutput) +} + +// Enable Cloud IAP at the AuthzPolicy level. +func (o AuthzPolicyCustomProviderCloudIapPtrOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AuthzPolicyCustomProviderCloudIap) *bool { + if v == nil { + return nil + } + return &v.Enabled + }).(pulumi.BoolPtrOutput) +} + +type AuthzPolicyHttpRule struct { + // Describes properties of one or more sources of a request. + // Structure is documented below. + From *AuthzPolicyHttpRuleFrom `pulumi:"from"` + // Describes properties of one or more targets of a request + // Structure is documented below. + To *AuthzPolicyHttpRuleTo `pulumi:"to"` + // CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + When *string `pulumi:"when"` +} + +// AuthzPolicyHttpRuleInput is an input type that accepts AuthzPolicyHttpRuleArgs and AuthzPolicyHttpRuleOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleInput` via: +// +// AuthzPolicyHttpRuleArgs{...} +type AuthzPolicyHttpRuleInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleOutput() AuthzPolicyHttpRuleOutput + ToAuthzPolicyHttpRuleOutputWithContext(context.Context) AuthzPolicyHttpRuleOutput +} + +type AuthzPolicyHttpRuleArgs struct { + // Describes properties of one or more sources of a request. + // Structure is documented below. + From AuthzPolicyHttpRuleFromPtrInput `pulumi:"from"` + // Describes properties of one or more targets of a request + // Structure is documented below. + To AuthzPolicyHttpRuleToPtrInput `pulumi:"to"` + // CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + When pulumi.StringPtrInput `pulumi:"when"` +} + +func (AuthzPolicyHttpRuleArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRule)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleArgs) ToAuthzPolicyHttpRuleOutput() AuthzPolicyHttpRuleOutput { + return i.ToAuthzPolicyHttpRuleOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleArgs) ToAuthzPolicyHttpRuleOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleOutput) +} + +// AuthzPolicyHttpRuleArrayInput is an input type that accepts AuthzPolicyHttpRuleArray and AuthzPolicyHttpRuleArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleArrayInput` via: +// +// AuthzPolicyHttpRuleArray{ AuthzPolicyHttpRuleArgs{...} } +type AuthzPolicyHttpRuleArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleArrayOutput() AuthzPolicyHttpRuleArrayOutput + ToAuthzPolicyHttpRuleArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleArrayOutput +} + +type AuthzPolicyHttpRuleArray []AuthzPolicyHttpRuleInput + +func (AuthzPolicyHttpRuleArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRule)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleArray) ToAuthzPolicyHttpRuleArrayOutput() AuthzPolicyHttpRuleArrayOutput { + return i.ToAuthzPolicyHttpRuleArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleArray) ToAuthzPolicyHttpRuleArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleArrayOutput) +} + +type AuthzPolicyHttpRuleOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRule)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleOutput) ToAuthzPolicyHttpRuleOutput() AuthzPolicyHttpRuleOutput { + return o +} + +func (o AuthzPolicyHttpRuleOutput) ToAuthzPolicyHttpRuleOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleOutput { + return o +} + +// Describes properties of one or more sources of a request. +// Structure is documented below. +func (o AuthzPolicyHttpRuleOutput) From() AuthzPolicyHttpRuleFromPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRule) *AuthzPolicyHttpRuleFrom { return v.From }).(AuthzPolicyHttpRuleFromPtrOutput) +} + +// Describes properties of one or more targets of a request +// Structure is documented below. +func (o AuthzPolicyHttpRuleOutput) To() AuthzPolicyHttpRuleToPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRule) *AuthzPolicyHttpRuleTo { return v.To }).(AuthzPolicyHttpRuleToPtrOutput) +} + +// CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. +func (o AuthzPolicyHttpRuleOutput) When() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRule) *string { return v.When }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRule)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleArrayOutput) ToAuthzPolicyHttpRuleArrayOutput() AuthzPolicyHttpRuleArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleArrayOutput) ToAuthzPolicyHttpRuleArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRule { + return vs[0].([]AuthzPolicyHttpRule)[vs[1].(int)] + }).(AuthzPolicyHttpRuleOutput) +} + +type AuthzPolicyHttpRuleFrom struct { + // Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + // Structure is documented below. + NotSources []AuthzPolicyHttpRuleFromNotSource `pulumi:"notSources"` + // Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + // Structure is documented below. + Sources []AuthzPolicyHttpRuleFromSource `pulumi:"sources"` +} + +// AuthzPolicyHttpRuleFromInput is an input type that accepts AuthzPolicyHttpRuleFromArgs and AuthzPolicyHttpRuleFromOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromInput` via: +// +// AuthzPolicyHttpRuleFromArgs{...} +type AuthzPolicyHttpRuleFromInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromOutput() AuthzPolicyHttpRuleFromOutput + ToAuthzPolicyHttpRuleFromOutputWithContext(context.Context) AuthzPolicyHttpRuleFromOutput +} + +type AuthzPolicyHttpRuleFromArgs struct { + // Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + // Structure is documented below. + NotSources AuthzPolicyHttpRuleFromNotSourceArrayInput `pulumi:"notSources"` + // Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + // Structure is documented below. + Sources AuthzPolicyHttpRuleFromSourceArrayInput `pulumi:"sources"` +} + +func (AuthzPolicyHttpRuleFromArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFrom)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromArgs) ToAuthzPolicyHttpRuleFromOutput() AuthzPolicyHttpRuleFromOutput { + return i.ToAuthzPolicyHttpRuleFromOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromArgs) ToAuthzPolicyHttpRuleFromOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromOutput) +} + +func (i AuthzPolicyHttpRuleFromArgs) ToAuthzPolicyHttpRuleFromPtrOutput() AuthzPolicyHttpRuleFromPtrOutput { + return i.ToAuthzPolicyHttpRuleFromPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromArgs) ToAuthzPolicyHttpRuleFromPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromOutput).ToAuthzPolicyHttpRuleFromPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleFromPtrInput is an input type that accepts AuthzPolicyHttpRuleFromArgs, AuthzPolicyHttpRuleFromPtr and AuthzPolicyHttpRuleFromPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromPtrInput` via: +// +// AuthzPolicyHttpRuleFromArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleFromPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromPtrOutput() AuthzPolicyHttpRuleFromPtrOutput + ToAuthzPolicyHttpRuleFromPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleFromPtrOutput +} + +type authzPolicyHttpRuleFromPtrType AuthzPolicyHttpRuleFromArgs + +func AuthzPolicyHttpRuleFromPtr(v *AuthzPolicyHttpRuleFromArgs) AuthzPolicyHttpRuleFromPtrInput { + return (*authzPolicyHttpRuleFromPtrType)(v) +} + +func (*authzPolicyHttpRuleFromPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFrom)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleFromPtrType) ToAuthzPolicyHttpRuleFromPtrOutput() AuthzPolicyHttpRuleFromPtrOutput { + return i.ToAuthzPolicyHttpRuleFromPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleFromPtrType) ToAuthzPolicyHttpRuleFromPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromPtrOutput) +} + +type AuthzPolicyHttpRuleFromOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFrom)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromOutput) ToAuthzPolicyHttpRuleFromOutput() AuthzPolicyHttpRuleFromOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromOutput) ToAuthzPolicyHttpRuleFromOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromOutput) ToAuthzPolicyHttpRuleFromPtrOutput() AuthzPolicyHttpRuleFromPtrOutput { + return o.ToAuthzPolicyHttpRuleFromPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleFromOutput) ToAuthzPolicyHttpRuleFromPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleFrom) *AuthzPolicyHttpRuleFrom { + return &v + }).(AuthzPolicyHttpRuleFromPtrOutput) +} + +// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromOutput) NotSources() AuthzPolicyHttpRuleFromNotSourceArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFrom) []AuthzPolicyHttpRuleFromNotSource { return v.NotSources }).(AuthzPolicyHttpRuleFromNotSourceArrayOutput) +} + +// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromOutput) Sources() AuthzPolicyHttpRuleFromSourceArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFrom) []AuthzPolicyHttpRuleFromSource { return v.Sources }).(AuthzPolicyHttpRuleFromSourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFrom)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromPtrOutput) ToAuthzPolicyHttpRuleFromPtrOutput() AuthzPolicyHttpRuleFromPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromPtrOutput) ToAuthzPolicyHttpRuleFromPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromPtrOutput) Elem() AuthzPolicyHttpRuleFromOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFrom) AuthzPolicyHttpRuleFrom { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleFrom + return ret + }).(AuthzPolicyHttpRuleFromOutput) +} + +// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromPtrOutput) NotSources() AuthzPolicyHttpRuleFromNotSourceArrayOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFrom) []AuthzPolicyHttpRuleFromNotSource { + if v == nil { + return nil + } + return v.NotSources + }).(AuthzPolicyHttpRuleFromNotSourceArrayOutput) +} + +// Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromPtrOutput) Sources() AuthzPolicyHttpRuleFromSourceArrayOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFrom) []AuthzPolicyHttpRuleFromSource { + if v == nil { + return nil + } + return v.Sources + }).(AuthzPolicyHttpRuleFromSourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromNotSource struct { + // A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + // Limited to 5 principals. + // Structure is documented below. + Principals []AuthzPolicyHttpRuleFromNotSourcePrincipal `pulumi:"principals"` + // A list of resources to match against the resource of the source VM of a request. + // Limited to 5 resources. + // Structure is documented below. + Resources []AuthzPolicyHttpRuleFromNotSourceResource `pulumi:"resources"` +} + +// AuthzPolicyHttpRuleFromNotSourceInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceArgs and AuthzPolicyHttpRuleFromNotSourceOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceArgs{...} +type AuthzPolicyHttpRuleFromNotSourceInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceOutput() AuthzPolicyHttpRuleFromNotSourceOutput + ToAuthzPolicyHttpRuleFromNotSourceOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceOutput +} + +type AuthzPolicyHttpRuleFromNotSourceArgs struct { + // A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + // Limited to 5 principals. + // Structure is documented below. + Principals AuthzPolicyHttpRuleFromNotSourcePrincipalArrayInput `pulumi:"principals"` + // A list of resources to match against the resource of the source VM of a request. + // Limited to 5 resources. + // Structure is documented below. + Resources AuthzPolicyHttpRuleFromNotSourceResourceArrayInput `pulumi:"resources"` +} + +func (AuthzPolicyHttpRuleFromNotSourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourceArgs) ToAuthzPolicyHttpRuleFromNotSourceOutput() AuthzPolicyHttpRuleFromNotSourceOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceArgs) ToAuthzPolicyHttpRuleFromNotSourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceOutput) +} + +// AuthzPolicyHttpRuleFromNotSourceArrayInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceArray and AuthzPolicyHttpRuleFromNotSourceArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceArrayInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceArray{ AuthzPolicyHttpRuleFromNotSourceArgs{...} } +type AuthzPolicyHttpRuleFromNotSourceArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceArrayOutput() AuthzPolicyHttpRuleFromNotSourceArrayOutput + ToAuthzPolicyHttpRuleFromNotSourceArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceArrayOutput +} + +type AuthzPolicyHttpRuleFromNotSourceArray []AuthzPolicyHttpRuleFromNotSourceInput + +func (AuthzPolicyHttpRuleFromNotSourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromNotSource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourceArray) ToAuthzPolicyHttpRuleFromNotSourceArrayOutput() AuthzPolicyHttpRuleFromNotSourceArrayOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceArray) ToAuthzPolicyHttpRuleFromNotSourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceOutput) ToAuthzPolicyHttpRuleFromNotSourceOutput() AuthzPolicyHttpRuleFromNotSourceOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceOutput) ToAuthzPolicyHttpRuleFromNotSourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceOutput { + return o +} + +// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. +// Limited to 5 principals. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromNotSourceOutput) Principals() AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSource) []AuthzPolicyHttpRuleFromNotSourcePrincipal { + return v.Principals + }).(AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput) +} + +// A list of resources to match against the resource of the source VM of a request. +// Limited to 5 resources. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromNotSourceOutput) Resources() AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSource) []AuthzPolicyHttpRuleFromNotSourceResource { + return v.Resources + }).(AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromNotSource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceArrayOutput) ToAuthzPolicyHttpRuleFromNotSourceArrayOutput() AuthzPolicyHttpRuleFromNotSourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceArrayOutput) ToAuthzPolicyHttpRuleFromNotSourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleFromNotSourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleFromNotSource { + return vs[0].([]AuthzPolicyHttpRuleFromNotSource)[vs[1].(int)] + }).(AuthzPolicyHttpRuleFromNotSourceOutput) +} + +type AuthzPolicyHttpRuleFromNotSourcePrincipal struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleFromNotSourcePrincipalInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourcePrincipalArgs and AuthzPolicyHttpRuleFromNotSourcePrincipalOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourcePrincipalInput` via: +// +// AuthzPolicyHttpRuleFromNotSourcePrincipalArgs{...} +type AuthzPolicyHttpRuleFromNotSourcePrincipalInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutput() AuthzPolicyHttpRuleFromNotSourcePrincipalOutput + ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourcePrincipalOutput +} + +type AuthzPolicyHttpRuleFromNotSourcePrincipalArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleFromNotSourcePrincipalArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourcePrincipal)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourcePrincipalArgs) ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutput() AuthzPolicyHttpRuleFromNotSourcePrincipalOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourcePrincipalArgs) ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourcePrincipalOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) +} + +// AuthzPolicyHttpRuleFromNotSourcePrincipalArrayInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourcePrincipalArray and AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourcePrincipalArrayInput` via: +// +// AuthzPolicyHttpRuleFromNotSourcePrincipalArray{ AuthzPolicyHttpRuleFromNotSourcePrincipalArgs{...} } +type AuthzPolicyHttpRuleFromNotSourcePrincipalArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput() AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput + ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput +} + +type AuthzPolicyHttpRuleFromNotSourcePrincipalArray []AuthzPolicyHttpRuleFromNotSourcePrincipalInput + +func (AuthzPolicyHttpRuleFromNotSourcePrincipalArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromNotSourcePrincipal)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourcePrincipalArray) ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput() AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourcePrincipalArray) ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput) +} + +type AuthzPolicyHttpRuleFromNotSourcePrincipalOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourcePrincipal)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutput() AuthzPolicyHttpRuleFromNotSourcePrincipalOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) ToAuthzPolicyHttpRuleFromNotSourcePrincipalOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourcePrincipalOutput { + return o +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourcePrincipal) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourcePrincipal) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourcePrincipal) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourcePrincipal) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourcePrincipal) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromNotSourcePrincipal)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput) ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput() AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput) ToAuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleFromNotSourcePrincipalOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleFromNotSourcePrincipal { + return vs[0].([]AuthzPolicyHttpRuleFromNotSourcePrincipal)[vs[1].(int)] + }).(AuthzPolicyHttpRuleFromNotSourcePrincipalOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResource struct { + // An IAM service account to match against the source service account of the VM sending the request. + // Structure is documented below. + IamServiceAccount *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount `pulumi:"iamServiceAccount"` + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + // Structure is documented below. + TagValueIdSet *AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet `pulumi:"tagValueIdSet"` +} + +// AuthzPolicyHttpRuleFromNotSourceResourceInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceResourceArgs and AuthzPolicyHttpRuleFromNotSourceResourceOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceResourceInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceResourceArgs{...} +type AuthzPolicyHttpRuleFromNotSourceResourceInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceResourceOutput() AuthzPolicyHttpRuleFromNotSourceResourceOutput + ToAuthzPolicyHttpRuleFromNotSourceResourceOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceResourceOutput +} + +type AuthzPolicyHttpRuleFromNotSourceResourceArgs struct { + // An IAM service account to match against the source service account of the VM sending the request. + // Structure is documented below. + IamServiceAccount AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrInput `pulumi:"iamServiceAccount"` + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + // Structure is documented below. + TagValueIdSet AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrInput `pulumi:"tagValueIdSet"` +} + +func (AuthzPolicyHttpRuleFromNotSourceResourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceOutput() AuthzPolicyHttpRuleFromNotSourceResourceOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceOutput) +} + +// AuthzPolicyHttpRuleFromNotSourceResourceArrayInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceResourceArray and AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceResourceArrayInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceResourceArray{ AuthzPolicyHttpRuleFromNotSourceResourceArgs{...} } +type AuthzPolicyHttpRuleFromNotSourceResourceArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutput() AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput + ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput +} + +type AuthzPolicyHttpRuleFromNotSourceResourceArray []AuthzPolicyHttpRuleFromNotSourceResourceInput + +func (AuthzPolicyHttpRuleFromNotSourceResourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromNotSourceResource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceArray) ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutput() AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceArray) ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceResourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceOutput() AuthzPolicyHttpRuleFromNotSourceResourceOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceOutput { + return o +} + +// An IAM service account to match against the source service account of the VM sending the request. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromNotSourceResourceOutput) IamServiceAccount() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResource) *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount { + return v.IamServiceAccount + }).(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) +} + +// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromNotSourceResourceOutput) TagValueIdSet() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResource) *AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet { + return v.TagValueIdSet + }).(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromNotSourceResource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutput() AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleFromNotSourceResourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleFromNotSourceResource { + return vs[0].([]AuthzPolicyHttpRuleFromNotSourceResource)[vs[1].(int)] + }).(AuthzPolicyHttpRuleFromNotSourceResourceOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs and AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs{...} +type AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput + ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput +} + +type AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput).ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs, AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtr and AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput + ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput +} + +type authzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrType AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs + +func AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtr(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrInput { + return (*authzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrType)(v) +} + +func (*authzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrType) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrType) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return o.ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount { + return &v + }).(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) Elem() AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount + return ret + }).(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput) +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Contains + }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Exact + }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *bool { + if v == nil { + return nil + } + return v.IgnoreCase + }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Prefix + }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Suffix + }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet struct { + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + // Limited to 5 matches. + Ids []string `pulumi:"ids"` +} + +// AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs and AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs{...} +type AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput + ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput +} + +type AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs struct { + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + // Limited to 5 matches. + Ids pulumi.StringArrayInput `pulumi:"ids"` +} + +func (AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput).ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrInput is an input type that accepts AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs, AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtr and AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrInput` via: +// +// AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput + ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput +} + +type authzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrType AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs + +func AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtr(v *AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrInput { + return (*authzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrType)(v) +} + +func (*authzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrType) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return i.ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrType) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return o.ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet) *AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet { + return &v + }).(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) +} + +// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. +// Limited to 5 matches. +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) Ids() pulumi.StringArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet) []string { return v.Ids }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) ToAuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) Elem() AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet) AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet + return ret + }).(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput) +} + +// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. +// Limited to 5 matches. +func (o AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput) Ids() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet) []string { + if v == nil { + return nil + } + return v.Ids + }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyHttpRuleFromSource struct { + // A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + // Limited to 5 principals. + // Structure is documented below. + Principals []AuthzPolicyHttpRuleFromSourcePrincipal `pulumi:"principals"` + // A list of resources to match against the resource of the source VM of a request. + // Limited to 5 resources. + // Structure is documented below. + Resources []AuthzPolicyHttpRuleFromSourceResource `pulumi:"resources"` +} + +// AuthzPolicyHttpRuleFromSourceInput is an input type that accepts AuthzPolicyHttpRuleFromSourceArgs and AuthzPolicyHttpRuleFromSourceOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceInput` via: +// +// AuthzPolicyHttpRuleFromSourceArgs{...} +type AuthzPolicyHttpRuleFromSourceInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceOutput() AuthzPolicyHttpRuleFromSourceOutput + ToAuthzPolicyHttpRuleFromSourceOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceOutput +} + +type AuthzPolicyHttpRuleFromSourceArgs struct { + // A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + // Limited to 5 principals. + // Structure is documented below. + Principals AuthzPolicyHttpRuleFromSourcePrincipalArrayInput `pulumi:"principals"` + // A list of resources to match against the resource of the source VM of a request. + // Limited to 5 resources. + // Structure is documented below. + Resources AuthzPolicyHttpRuleFromSourceResourceArrayInput `pulumi:"resources"` +} + +func (AuthzPolicyHttpRuleFromSourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourceArgs) ToAuthzPolicyHttpRuleFromSourceOutput() AuthzPolicyHttpRuleFromSourceOutput { + return i.ToAuthzPolicyHttpRuleFromSourceOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceArgs) ToAuthzPolicyHttpRuleFromSourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceOutput) +} + +// AuthzPolicyHttpRuleFromSourceArrayInput is an input type that accepts AuthzPolicyHttpRuleFromSourceArray and AuthzPolicyHttpRuleFromSourceArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceArrayInput` via: +// +// AuthzPolicyHttpRuleFromSourceArray{ AuthzPolicyHttpRuleFromSourceArgs{...} } +type AuthzPolicyHttpRuleFromSourceArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceArrayOutput() AuthzPolicyHttpRuleFromSourceArrayOutput + ToAuthzPolicyHttpRuleFromSourceArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceArrayOutput +} + +type AuthzPolicyHttpRuleFromSourceArray []AuthzPolicyHttpRuleFromSourceInput + +func (AuthzPolicyHttpRuleFromSourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromSource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourceArray) ToAuthzPolicyHttpRuleFromSourceArrayOutput() AuthzPolicyHttpRuleFromSourceArrayOutput { + return i.ToAuthzPolicyHttpRuleFromSourceArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceArray) ToAuthzPolicyHttpRuleFromSourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromSourceOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceOutput) ToAuthzPolicyHttpRuleFromSourceOutput() AuthzPolicyHttpRuleFromSourceOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceOutput) ToAuthzPolicyHttpRuleFromSourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceOutput { + return o +} + +// A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. +// Limited to 5 principals. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromSourceOutput) Principals() AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSource) []AuthzPolicyHttpRuleFromSourcePrincipal { return v.Principals }).(AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput) +} + +// A list of resources to match against the resource of the source VM of a request. +// Limited to 5 resources. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromSourceOutput) Resources() AuthzPolicyHttpRuleFromSourceResourceArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSource) []AuthzPolicyHttpRuleFromSourceResource { return v.Resources }).(AuthzPolicyHttpRuleFromSourceResourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromSourceArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromSource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceArrayOutput) ToAuthzPolicyHttpRuleFromSourceArrayOutput() AuthzPolicyHttpRuleFromSourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceArrayOutput) ToAuthzPolicyHttpRuleFromSourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleFromSourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleFromSource { + return vs[0].([]AuthzPolicyHttpRuleFromSource)[vs[1].(int)] + }).(AuthzPolicyHttpRuleFromSourceOutput) +} + +type AuthzPolicyHttpRuleFromSourcePrincipal struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleFromSourcePrincipalInput is an input type that accepts AuthzPolicyHttpRuleFromSourcePrincipalArgs and AuthzPolicyHttpRuleFromSourcePrincipalOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourcePrincipalInput` via: +// +// AuthzPolicyHttpRuleFromSourcePrincipalArgs{...} +type AuthzPolicyHttpRuleFromSourcePrincipalInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourcePrincipalOutput() AuthzPolicyHttpRuleFromSourcePrincipalOutput + ToAuthzPolicyHttpRuleFromSourcePrincipalOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourcePrincipalOutput +} + +type AuthzPolicyHttpRuleFromSourcePrincipalArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleFromSourcePrincipalArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourcePrincipal)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourcePrincipalArgs) ToAuthzPolicyHttpRuleFromSourcePrincipalOutput() AuthzPolicyHttpRuleFromSourcePrincipalOutput { + return i.ToAuthzPolicyHttpRuleFromSourcePrincipalOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourcePrincipalArgs) ToAuthzPolicyHttpRuleFromSourcePrincipalOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourcePrincipalOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourcePrincipalOutput) +} + +// AuthzPolicyHttpRuleFromSourcePrincipalArrayInput is an input type that accepts AuthzPolicyHttpRuleFromSourcePrincipalArray and AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourcePrincipalArrayInput` via: +// +// AuthzPolicyHttpRuleFromSourcePrincipalArray{ AuthzPolicyHttpRuleFromSourcePrincipalArgs{...} } +type AuthzPolicyHttpRuleFromSourcePrincipalArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutput() AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput + ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput +} + +type AuthzPolicyHttpRuleFromSourcePrincipalArray []AuthzPolicyHttpRuleFromSourcePrincipalInput + +func (AuthzPolicyHttpRuleFromSourcePrincipalArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromSourcePrincipal)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourcePrincipalArray) ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutput() AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput { + return i.ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourcePrincipalArray) ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput) +} + +type AuthzPolicyHttpRuleFromSourcePrincipalOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourcePrincipalOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourcePrincipal)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) ToAuthzPolicyHttpRuleFromSourcePrincipalOutput() AuthzPolicyHttpRuleFromSourcePrincipalOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) ToAuthzPolicyHttpRuleFromSourcePrincipalOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourcePrincipalOutput { + return o +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourcePrincipal) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourcePrincipal) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourcePrincipal) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourcePrincipal) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleFromSourcePrincipalOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourcePrincipal) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromSourcePrincipal)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput) ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutput() AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput) ToAuthzPolicyHttpRuleFromSourcePrincipalArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleFromSourcePrincipalOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleFromSourcePrincipal { + return vs[0].([]AuthzPolicyHttpRuleFromSourcePrincipal)[vs[1].(int)] + }).(AuthzPolicyHttpRuleFromSourcePrincipalOutput) +} + +type AuthzPolicyHttpRuleFromSourceResource struct { + // An IAM service account to match against the source service account of the VM sending the request. + // Structure is documented below. + IamServiceAccount *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount `pulumi:"iamServiceAccount"` + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + // Structure is documented below. + TagValueIdSet *AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet `pulumi:"tagValueIdSet"` +} + +// AuthzPolicyHttpRuleFromSourceResourceInput is an input type that accepts AuthzPolicyHttpRuleFromSourceResourceArgs and AuthzPolicyHttpRuleFromSourceResourceOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceResourceInput` via: +// +// AuthzPolicyHttpRuleFromSourceResourceArgs{...} +type AuthzPolicyHttpRuleFromSourceResourceInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceResourceOutput() AuthzPolicyHttpRuleFromSourceResourceOutput + ToAuthzPolicyHttpRuleFromSourceResourceOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceResourceOutput +} + +type AuthzPolicyHttpRuleFromSourceResourceArgs struct { + // An IAM service account to match against the source service account of the VM sending the request. + // Structure is documented below. + IamServiceAccount AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrInput `pulumi:"iamServiceAccount"` + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + // Structure is documented below. + TagValueIdSet AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrInput `pulumi:"tagValueIdSet"` +} + +func (AuthzPolicyHttpRuleFromSourceResourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourceResourceArgs) ToAuthzPolicyHttpRuleFromSourceResourceOutput() AuthzPolicyHttpRuleFromSourceResourceOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceArgs) ToAuthzPolicyHttpRuleFromSourceResourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceOutput) +} + +// AuthzPolicyHttpRuleFromSourceResourceArrayInput is an input type that accepts AuthzPolicyHttpRuleFromSourceResourceArray and AuthzPolicyHttpRuleFromSourceResourceArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceResourceArrayInput` via: +// +// AuthzPolicyHttpRuleFromSourceResourceArray{ AuthzPolicyHttpRuleFromSourceResourceArgs{...} } +type AuthzPolicyHttpRuleFromSourceResourceArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceResourceArrayOutput() AuthzPolicyHttpRuleFromSourceResourceArrayOutput + ToAuthzPolicyHttpRuleFromSourceResourceArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceResourceArrayOutput +} + +type AuthzPolicyHttpRuleFromSourceResourceArray []AuthzPolicyHttpRuleFromSourceResourceInput + +func (AuthzPolicyHttpRuleFromSourceResourceArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromSourceResource)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourceResourceArray) ToAuthzPolicyHttpRuleFromSourceResourceArrayOutput() AuthzPolicyHttpRuleFromSourceResourceArrayOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceArray) ToAuthzPolicyHttpRuleFromSourceResourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceArrayOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceResourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceResourceOutput) ToAuthzPolicyHttpRuleFromSourceResourceOutput() AuthzPolicyHttpRuleFromSourceResourceOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceOutput) ToAuthzPolicyHttpRuleFromSourceResourceOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceOutput { + return o +} + +// An IAM service account to match against the source service account of the VM sending the request. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromSourceResourceOutput) IamServiceAccount() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResource) *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount { + return v.IamServiceAccount + }).(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) +} + +// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. +// Structure is documented below. +func (o AuthzPolicyHttpRuleFromSourceResourceOutput) TagValueIdSet() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResource) *AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet { + return v.TagValueIdSet + }).(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceResourceArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleFromSourceResource)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceResourceArrayOutput) ToAuthzPolicyHttpRuleFromSourceResourceArrayOutput() AuthzPolicyHttpRuleFromSourceResourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceArrayOutput) ToAuthzPolicyHttpRuleFromSourceResourceArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleFromSourceResourceOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleFromSourceResource { + return vs[0].([]AuthzPolicyHttpRuleFromSourceResource)[vs[1].(int)] + }).(AuthzPolicyHttpRuleFromSourceResourceOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountInput is an input type that accepts AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs and AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountInput` via: +// +// AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs{...} +type AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput + ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput +} + +type AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput).ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrInput is an input type that accepts AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs, AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtr and AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrInput` via: +// +// AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput + ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput +} + +type authzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrType AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs + +func AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtr(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrInput { + return (*authzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrType)(v) +} + +func (*authzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrType) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrType) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return o.ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount { + return &v + }).(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) ToAuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) Elem() AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount + return ret + }).(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput) +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Contains + }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Exact + }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *bool { + if v == nil { + return nil + } + return v.IgnoreCase + }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Prefix + }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount) *string { + if v == nil { + return nil + } + return v.Suffix + }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet struct { + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + // Limited to 5 matches. + Ids []string `pulumi:"ids"` +} + +// AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetInput is an input type that accepts AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs and AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetInput` via: +// +// AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs{...} +type AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput + ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput +} + +type AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs struct { + // A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + // Limited to 5 matches. + Ids pulumi.StringArrayInput `pulumi:"ids"` +} + +func (AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput).ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrInput is an input type that accepts AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs, AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtr and AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrInput` via: +// +// AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput + ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput +} + +type authzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrType AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs + +func AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtr(v *AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrInput { + return (*authzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrType)(v) +} + +func (*authzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrType) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return i.ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrType) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return o.ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet) *AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet { + return &v + }).(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) +} + +// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. +// Limited to 5 matches. +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) Ids() pulumi.StringArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet) []string { return v.Ids }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) ToAuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) Elem() AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet) AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet + return ret + }).(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput) +} + +// A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. +// Limited to 5 matches. +func (o AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput) Ids() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet) []string { + if v == nil { + return nil + } + return v.Ids + }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyHttpRuleTo struct { + // Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + // Structure is documented below. + Operations []AuthzPolicyHttpRuleToOperation `pulumi:"operations"` +} + +// AuthzPolicyHttpRuleToInput is an input type that accepts AuthzPolicyHttpRuleToArgs and AuthzPolicyHttpRuleToOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToInput` via: +// +// AuthzPolicyHttpRuleToArgs{...} +type AuthzPolicyHttpRuleToInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOutput() AuthzPolicyHttpRuleToOutput + ToAuthzPolicyHttpRuleToOutputWithContext(context.Context) AuthzPolicyHttpRuleToOutput +} + +type AuthzPolicyHttpRuleToArgs struct { + // Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + // Structure is documented below. + Operations AuthzPolicyHttpRuleToOperationArrayInput `pulumi:"operations"` +} + +func (AuthzPolicyHttpRuleToArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleTo)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToArgs) ToAuthzPolicyHttpRuleToOutput() AuthzPolicyHttpRuleToOutput { + return i.ToAuthzPolicyHttpRuleToOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToArgs) ToAuthzPolicyHttpRuleToOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOutput) +} + +func (i AuthzPolicyHttpRuleToArgs) ToAuthzPolicyHttpRuleToPtrOutput() AuthzPolicyHttpRuleToPtrOutput { + return i.ToAuthzPolicyHttpRuleToPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToArgs) ToAuthzPolicyHttpRuleToPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOutput).ToAuthzPolicyHttpRuleToPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleToPtrInput is an input type that accepts AuthzPolicyHttpRuleToArgs, AuthzPolicyHttpRuleToPtr and AuthzPolicyHttpRuleToPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToPtrInput` via: +// +// AuthzPolicyHttpRuleToArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleToPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToPtrOutput() AuthzPolicyHttpRuleToPtrOutput + ToAuthzPolicyHttpRuleToPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleToPtrOutput +} + +type authzPolicyHttpRuleToPtrType AuthzPolicyHttpRuleToArgs + +func AuthzPolicyHttpRuleToPtr(v *AuthzPolicyHttpRuleToArgs) AuthzPolicyHttpRuleToPtrInput { + return (*authzPolicyHttpRuleToPtrType)(v) +} + +func (*authzPolicyHttpRuleToPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleTo)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleToPtrType) ToAuthzPolicyHttpRuleToPtrOutput() AuthzPolicyHttpRuleToPtrOutput { + return i.ToAuthzPolicyHttpRuleToPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleToPtrType) ToAuthzPolicyHttpRuleToPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToPtrOutput) +} + +type AuthzPolicyHttpRuleToOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleTo)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOutput) ToAuthzPolicyHttpRuleToOutput() AuthzPolicyHttpRuleToOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOutput) ToAuthzPolicyHttpRuleToOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOutput) ToAuthzPolicyHttpRuleToPtrOutput() AuthzPolicyHttpRuleToPtrOutput { + return o.ToAuthzPolicyHttpRuleToPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleToOutput) ToAuthzPolicyHttpRuleToPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleTo) *AuthzPolicyHttpRuleTo { + return &v + }).(AuthzPolicyHttpRuleToPtrOutput) +} + +// Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOutput) Operations() AuthzPolicyHttpRuleToOperationArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleTo) []AuthzPolicyHttpRuleToOperation { return v.Operations }).(AuthzPolicyHttpRuleToOperationArrayOutput) +} + +type AuthzPolicyHttpRuleToPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleTo)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToPtrOutput) ToAuthzPolicyHttpRuleToPtrOutput() AuthzPolicyHttpRuleToPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleToPtrOutput) ToAuthzPolicyHttpRuleToPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleToPtrOutput) Elem() AuthzPolicyHttpRuleToOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleTo) AuthzPolicyHttpRuleTo { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleTo + return ret + }).(AuthzPolicyHttpRuleToOutput) +} + +// Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToPtrOutput) Operations() AuthzPolicyHttpRuleToOperationArrayOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleTo) []AuthzPolicyHttpRuleToOperation { + if v == nil { + return nil + } + return v.Operations + }).(AuthzPolicyHttpRuleToOperationArrayOutput) +} + +type AuthzPolicyHttpRuleToOperation struct { + // A list of headers to match against in http header. + // Structure is documented below. + HeaderSet *AuthzPolicyHttpRuleToOperationHeaderSet `pulumi:"headerSet"` + // A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + // Limited to 5 matches. + // Structure is documented below. + Hosts []AuthzPolicyHttpRuleToOperationHost `pulumi:"hosts"` + // A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + Methods []string `pulumi:"methods"` + // A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + // Limited to 5 matches. + // Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + // Structure is documented below. + Paths []AuthzPolicyHttpRuleToOperationPath `pulumi:"paths"` +} + +// AuthzPolicyHttpRuleToOperationInput is an input type that accepts AuthzPolicyHttpRuleToOperationArgs and AuthzPolicyHttpRuleToOperationOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationInput` via: +// +// AuthzPolicyHttpRuleToOperationArgs{...} +type AuthzPolicyHttpRuleToOperationInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationOutput() AuthzPolicyHttpRuleToOperationOutput + ToAuthzPolicyHttpRuleToOperationOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationOutput +} + +type AuthzPolicyHttpRuleToOperationArgs struct { + // A list of headers to match against in http header. + // Structure is documented below. + HeaderSet AuthzPolicyHttpRuleToOperationHeaderSetPtrInput `pulumi:"headerSet"` + // A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + // Limited to 5 matches. + // Structure is documented below. + Hosts AuthzPolicyHttpRuleToOperationHostArrayInput `pulumi:"hosts"` + // A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + Methods pulumi.StringArrayInput `pulumi:"methods"` + // A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + // Limited to 5 matches. + // Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + // Structure is documented below. + Paths AuthzPolicyHttpRuleToOperationPathArrayInput `pulumi:"paths"` +} + +func (AuthzPolicyHttpRuleToOperationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperation)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationArgs) ToAuthzPolicyHttpRuleToOperationOutput() AuthzPolicyHttpRuleToOperationOutput { + return i.ToAuthzPolicyHttpRuleToOperationOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationArgs) ToAuthzPolicyHttpRuleToOperationOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationOutput) +} + +// AuthzPolicyHttpRuleToOperationArrayInput is an input type that accepts AuthzPolicyHttpRuleToOperationArray and AuthzPolicyHttpRuleToOperationArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationArrayInput` via: +// +// AuthzPolicyHttpRuleToOperationArray{ AuthzPolicyHttpRuleToOperationArgs{...} } +type AuthzPolicyHttpRuleToOperationArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationArrayOutput() AuthzPolicyHttpRuleToOperationArrayOutput + ToAuthzPolicyHttpRuleToOperationArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationArrayOutput +} + +type AuthzPolicyHttpRuleToOperationArray []AuthzPolicyHttpRuleToOperationInput + +func (AuthzPolicyHttpRuleToOperationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperation)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationArray) ToAuthzPolicyHttpRuleToOperationArrayOutput() AuthzPolicyHttpRuleToOperationArrayOutput { + return i.ToAuthzPolicyHttpRuleToOperationArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationArray) ToAuthzPolicyHttpRuleToOperationArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperation)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationOutput) ToAuthzPolicyHttpRuleToOperationOutput() AuthzPolicyHttpRuleToOperationOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationOutput) ToAuthzPolicyHttpRuleToOperationOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationOutput { + return o +} + +// A list of headers to match against in http header. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOperationOutput) HeaderSet() AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperation) *AuthzPolicyHttpRuleToOperationHeaderSet { return v.HeaderSet }).(AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) +} + +// A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. +// Limited to 5 matches. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOperationOutput) Hosts() AuthzPolicyHttpRuleToOperationHostArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperation) []AuthzPolicyHttpRuleToOperationHost { return v.Hosts }).(AuthzPolicyHttpRuleToOperationHostArrayOutput) +} + +// A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. +func (o AuthzPolicyHttpRuleToOperationOutput) Methods() pulumi.StringArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperation) []string { return v.Methods }).(pulumi.StringArrayOutput) +} + +// A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. +// Limited to 5 matches. +// Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOperationOutput) Paths() AuthzPolicyHttpRuleToOperationPathArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperation) []AuthzPolicyHttpRuleToOperationPath { return v.Paths }).(AuthzPolicyHttpRuleToOperationPathArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperation)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationArrayOutput) ToAuthzPolicyHttpRuleToOperationArrayOutput() AuthzPolicyHttpRuleToOperationArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationArrayOutput) ToAuthzPolicyHttpRuleToOperationArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleToOperationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleToOperation { + return vs[0].([]AuthzPolicyHttpRuleToOperation)[vs[1].(int)] + }).(AuthzPolicyHttpRuleToOperationOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSet struct { + // A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + // Structure is documented below. + Headers []AuthzPolicyHttpRuleToOperationHeaderSetHeader `pulumi:"headers"` +} + +// AuthzPolicyHttpRuleToOperationHeaderSetInput is an input type that accepts AuthzPolicyHttpRuleToOperationHeaderSetArgs and AuthzPolicyHttpRuleToOperationHeaderSetOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHeaderSetInput` via: +// +// AuthzPolicyHttpRuleToOperationHeaderSetArgs{...} +type AuthzPolicyHttpRuleToOperationHeaderSetInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHeaderSetOutput() AuthzPolicyHttpRuleToOperationHeaderSetOutput + ToAuthzPolicyHttpRuleToOperationHeaderSetOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHeaderSetOutput +} + +type AuthzPolicyHttpRuleToOperationHeaderSetArgs struct { + // A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + // Structure is documented below. + Headers AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayInput `pulumi:"headers"` +} + +func (AuthzPolicyHttpRuleToOperationHeaderSetArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSet)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetOutput() AuthzPolicyHttpRuleToOperationHeaderSetOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetOutput) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetOutput).ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleToOperationHeaderSetPtrInput is an input type that accepts AuthzPolicyHttpRuleToOperationHeaderSetArgs, AuthzPolicyHttpRuleToOperationHeaderSetPtr and AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHeaderSetPtrInput` via: +// +// AuthzPolicyHttpRuleToOperationHeaderSetArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleToOperationHeaderSetPtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput + ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput +} + +type authzPolicyHttpRuleToOperationHeaderSetPtrType AuthzPolicyHttpRuleToOperationHeaderSetArgs + +func AuthzPolicyHttpRuleToOperationHeaderSetPtr(v *AuthzPolicyHttpRuleToOperationHeaderSetArgs) AuthzPolicyHttpRuleToOperationHeaderSetPtrInput { + return (*authzPolicyHttpRuleToOperationHeaderSetPtrType)(v) +} + +func (*authzPolicyHttpRuleToOperationHeaderSetPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleToOperationHeaderSet)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleToOperationHeaderSetPtrType) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleToOperationHeaderSetPtrType) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHeaderSetOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSet)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetOutput() AuthzPolicyHttpRuleToOperationHeaderSetOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return o.ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleToOperationHeaderSet) *AuthzPolicyHttpRuleToOperationHeaderSet { + return &v + }).(AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) +} + +// A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOperationHeaderSetOutput) Headers() AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSet) []AuthzPolicyHttpRuleToOperationHeaderSetHeader { + return v.Headers + }).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleToOperationHeaderSet)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetPtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) Elem() AuthzPolicyHttpRuleToOperationHeaderSetOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSet) AuthzPolicyHttpRuleToOperationHeaderSet { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleToOperationHeaderSet + return ret + }).(AuthzPolicyHttpRuleToOperationHeaderSetOutput) +} + +// A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput) Headers() AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSet) []AuthzPolicyHttpRuleToOperationHeaderSetHeader { + if v == nil { + return nil + } + return v.Headers + }).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeader struct { + // Specifies the name of the header in the request. + Name *string `pulumi:"name"` + // Specifies how the header match will be performed. + // Structure is documented below. + Value *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue `pulumi:"value"` +} + +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderInput is an input type that accepts AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs and AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHeaderSetHeaderInput` via: +// +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs{...} +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs struct { + // Specifies the name of the header in the request. + Name pulumi.StringPtrInput `pulumi:"name"` + // Specifies how the header match will be performed. + // Structure is documented below. + Value AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrInput `pulumi:"value"` +} + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeader)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) +} + +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayInput is an input type that accepts AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray and AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayInput` via: +// +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray{ AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs{...} } +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray []AuthzPolicyHttpRuleToOperationHeaderSetHeaderInput + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperationHeaderSetHeader)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeader)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput { + return o +} + +// Specifies the name of the header in the request. +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeader) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +// Specifies how the header match will be performed. +// Structure is documented below. +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) Value() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeader) *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue { + return v.Value + }).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperationHeaderSetHeader)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleToOperationHeaderSetHeader { + return vs[0].([]AuthzPolicyHttpRuleToOperationHeaderSetHeader)[vs[1].(int)] + }).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueInput is an input type that accepts AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs and AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueInput` via: +// +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs{...} +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput).ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(ctx) +} + +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrInput is an input type that accepts AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs, AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtr and AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrInput` via: +// +// AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs{...} +// +// or: +// +// nil +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput + ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput +} + +type authzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrType AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs + +func AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtr(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrInput { + return (*authzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrType)(v) +} + +func (*authzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue)(nil)).Elem() +} + +func (i *authzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrType) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return i.ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrType) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return o.ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue { + return &v + }).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) ToAuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) Elem() AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue { + if v != nil { + return *v + } + var ret AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue + return ret + }).(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput) +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { + if v == nil { + return nil + } + return v.Contains + }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { + if v == nil { + return nil + } + return v.Exact + }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *bool { + if v == nil { + return nil + } + return v.IgnoreCase + }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { + if v == nil { + return nil + } + return v.Prefix + }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue) *string { + if v == nil { + return nil + } + return v.Suffix + }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleToOperationHost struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleToOperationHostInput is an input type that accepts AuthzPolicyHttpRuleToOperationHostArgs and AuthzPolicyHttpRuleToOperationHostOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHostInput` via: +// +// AuthzPolicyHttpRuleToOperationHostArgs{...} +type AuthzPolicyHttpRuleToOperationHostInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHostOutput() AuthzPolicyHttpRuleToOperationHostOutput + ToAuthzPolicyHttpRuleToOperationHostOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHostOutput +} + +type AuthzPolicyHttpRuleToOperationHostArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleToOperationHostArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHost)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationHostArgs) ToAuthzPolicyHttpRuleToOperationHostOutput() AuthzPolicyHttpRuleToOperationHostOutput { + return i.ToAuthzPolicyHttpRuleToOperationHostOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHostArgs) ToAuthzPolicyHttpRuleToOperationHostOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHostOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHostOutput) +} + +// AuthzPolicyHttpRuleToOperationHostArrayInput is an input type that accepts AuthzPolicyHttpRuleToOperationHostArray and AuthzPolicyHttpRuleToOperationHostArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationHostArrayInput` via: +// +// AuthzPolicyHttpRuleToOperationHostArray{ AuthzPolicyHttpRuleToOperationHostArgs{...} } +type AuthzPolicyHttpRuleToOperationHostArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationHostArrayOutput() AuthzPolicyHttpRuleToOperationHostArrayOutput + ToAuthzPolicyHttpRuleToOperationHostArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationHostArrayOutput +} + +type AuthzPolicyHttpRuleToOperationHostArray []AuthzPolicyHttpRuleToOperationHostInput + +func (AuthzPolicyHttpRuleToOperationHostArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperationHost)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationHostArray) ToAuthzPolicyHttpRuleToOperationHostArrayOutput() AuthzPolicyHttpRuleToOperationHostArrayOutput { + return i.ToAuthzPolicyHttpRuleToOperationHostArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationHostArray) ToAuthzPolicyHttpRuleToOperationHostArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHostArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationHostArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationHostOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHostOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHost)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHostOutput) ToAuthzPolicyHttpRuleToOperationHostOutput() AuthzPolicyHttpRuleToOperationHostOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHostOutput) ToAuthzPolicyHttpRuleToOperationHostOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHostOutput { + return o +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleToOperationHostOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHost) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleToOperationHostOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHost) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleToOperationHostOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHost) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleToOperationHostOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHost) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleToOperationHostOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationHost) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleToOperationHostArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationHostArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperationHost)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationHostArrayOutput) ToAuthzPolicyHttpRuleToOperationHostArrayOutput() AuthzPolicyHttpRuleToOperationHostArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHostArrayOutput) ToAuthzPolicyHttpRuleToOperationHostArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationHostArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationHostArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleToOperationHostOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleToOperationHost { + return vs[0].([]AuthzPolicyHttpRuleToOperationHost)[vs[1].(int)] + }).(AuthzPolicyHttpRuleToOperationHostOutput) +} + +type AuthzPolicyHttpRuleToOperationPath struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains *string `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact *string `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase *bool `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix *string `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix *string `pulumi:"suffix"` +} + +// AuthzPolicyHttpRuleToOperationPathInput is an input type that accepts AuthzPolicyHttpRuleToOperationPathArgs and AuthzPolicyHttpRuleToOperationPathOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationPathInput` via: +// +// AuthzPolicyHttpRuleToOperationPathArgs{...} +type AuthzPolicyHttpRuleToOperationPathInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationPathOutput() AuthzPolicyHttpRuleToOperationPathOutput + ToAuthzPolicyHttpRuleToOperationPathOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationPathOutput +} + +type AuthzPolicyHttpRuleToOperationPathArgs struct { + // The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc.def + Contains pulumi.StringPtrInput `pulumi:"contains"` + // The input string must match exactly the string specified here. + // Examples: + // * abc only matches the value abc. + Exact pulumi.StringPtrInput `pulumi:"exact"` + // If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + IgnoreCase pulumi.BoolPtrInput `pulumi:"ignoreCase"` + // The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value abc.xyz + Prefix pulumi.StringPtrInput `pulumi:"prefix"` + // The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + // Examples: + // * abc matches the value xyz.abc + Suffix pulumi.StringPtrInput `pulumi:"suffix"` +} + +func (AuthzPolicyHttpRuleToOperationPathArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationPath)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationPathArgs) ToAuthzPolicyHttpRuleToOperationPathOutput() AuthzPolicyHttpRuleToOperationPathOutput { + return i.ToAuthzPolicyHttpRuleToOperationPathOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationPathArgs) ToAuthzPolicyHttpRuleToOperationPathOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationPathOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationPathOutput) +} + +// AuthzPolicyHttpRuleToOperationPathArrayInput is an input type that accepts AuthzPolicyHttpRuleToOperationPathArray and AuthzPolicyHttpRuleToOperationPathArrayOutput values. +// You can construct a concrete instance of `AuthzPolicyHttpRuleToOperationPathArrayInput` via: +// +// AuthzPolicyHttpRuleToOperationPathArray{ AuthzPolicyHttpRuleToOperationPathArgs{...} } +type AuthzPolicyHttpRuleToOperationPathArrayInput interface { + pulumi.Input + + ToAuthzPolicyHttpRuleToOperationPathArrayOutput() AuthzPolicyHttpRuleToOperationPathArrayOutput + ToAuthzPolicyHttpRuleToOperationPathArrayOutputWithContext(context.Context) AuthzPolicyHttpRuleToOperationPathArrayOutput +} + +type AuthzPolicyHttpRuleToOperationPathArray []AuthzPolicyHttpRuleToOperationPathInput + +func (AuthzPolicyHttpRuleToOperationPathArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperationPath)(nil)).Elem() +} + +func (i AuthzPolicyHttpRuleToOperationPathArray) ToAuthzPolicyHttpRuleToOperationPathArrayOutput() AuthzPolicyHttpRuleToOperationPathArrayOutput { + return i.ToAuthzPolicyHttpRuleToOperationPathArrayOutputWithContext(context.Background()) +} + +func (i AuthzPolicyHttpRuleToOperationPathArray) ToAuthzPolicyHttpRuleToOperationPathArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationPathArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyHttpRuleToOperationPathArrayOutput) +} + +type AuthzPolicyHttpRuleToOperationPathOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationPathOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyHttpRuleToOperationPath)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationPathOutput) ToAuthzPolicyHttpRuleToOperationPathOutput() AuthzPolicyHttpRuleToOperationPathOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationPathOutput) ToAuthzPolicyHttpRuleToOperationPathOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationPathOutput { + return o +} + +// The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc.def +func (o AuthzPolicyHttpRuleToOperationPathOutput) Contains() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationPath) *string { return v.Contains }).(pulumi.StringPtrOutput) +} + +// The input string must match exactly the string specified here. +// Examples: +// * abc only matches the value abc. +func (o AuthzPolicyHttpRuleToOperationPathOutput) Exact() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationPath) *string { return v.Exact }).(pulumi.StringPtrOutput) +} + +// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. +func (o AuthzPolicyHttpRuleToOperationPathOutput) IgnoreCase() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationPath) *bool { return v.IgnoreCase }).(pulumi.BoolPtrOutput) +} + +// The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value abc.xyz +func (o AuthzPolicyHttpRuleToOperationPathOutput) Prefix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationPath) *string { return v.Prefix }).(pulumi.StringPtrOutput) +} + +// The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. +// Examples: +// * abc matches the value xyz.abc +func (o AuthzPolicyHttpRuleToOperationPathOutput) Suffix() pulumi.StringPtrOutput { + return o.ApplyT(func(v AuthzPolicyHttpRuleToOperationPath) *string { return v.Suffix }).(pulumi.StringPtrOutput) +} + +type AuthzPolicyHttpRuleToOperationPathArrayOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyHttpRuleToOperationPathArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AuthzPolicyHttpRuleToOperationPath)(nil)).Elem() +} + +func (o AuthzPolicyHttpRuleToOperationPathArrayOutput) ToAuthzPolicyHttpRuleToOperationPathArrayOutput() AuthzPolicyHttpRuleToOperationPathArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationPathArrayOutput) ToAuthzPolicyHttpRuleToOperationPathArrayOutputWithContext(ctx context.Context) AuthzPolicyHttpRuleToOperationPathArrayOutput { + return o +} + +func (o AuthzPolicyHttpRuleToOperationPathArrayOutput) Index(i pulumi.IntInput) AuthzPolicyHttpRuleToOperationPathOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AuthzPolicyHttpRuleToOperationPath { + return vs[0].([]AuthzPolicyHttpRuleToOperationPath)[vs[1].(int)] + }).(AuthzPolicyHttpRuleToOperationPathOutput) +} + +type AuthzPolicyTarget struct { + // All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + LoadBalancingScheme string `pulumi:"loadBalancingScheme"` + // A list of references to the Forwarding Rules on which this policy will be applied. + // + // *** + Resources []string `pulumi:"resources"` +} + +// AuthzPolicyTargetInput is an input type that accepts AuthzPolicyTargetArgs and AuthzPolicyTargetOutput values. +// You can construct a concrete instance of `AuthzPolicyTargetInput` via: +// +// AuthzPolicyTargetArgs{...} +type AuthzPolicyTargetInput interface { + pulumi.Input + + ToAuthzPolicyTargetOutput() AuthzPolicyTargetOutput + ToAuthzPolicyTargetOutputWithContext(context.Context) AuthzPolicyTargetOutput +} + +type AuthzPolicyTargetArgs struct { + // All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + LoadBalancingScheme pulumi.StringInput `pulumi:"loadBalancingScheme"` + // A list of references to the Forwarding Rules on which this policy will be applied. + // + // *** + Resources pulumi.StringArrayInput `pulumi:"resources"` +} + +func (AuthzPolicyTargetArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyTarget)(nil)).Elem() +} + +func (i AuthzPolicyTargetArgs) ToAuthzPolicyTargetOutput() AuthzPolicyTargetOutput { + return i.ToAuthzPolicyTargetOutputWithContext(context.Background()) +} + +func (i AuthzPolicyTargetArgs) ToAuthzPolicyTargetOutputWithContext(ctx context.Context) AuthzPolicyTargetOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyTargetOutput) +} + +func (i AuthzPolicyTargetArgs) ToAuthzPolicyTargetPtrOutput() AuthzPolicyTargetPtrOutput { + return i.ToAuthzPolicyTargetPtrOutputWithContext(context.Background()) +} + +func (i AuthzPolicyTargetArgs) ToAuthzPolicyTargetPtrOutputWithContext(ctx context.Context) AuthzPolicyTargetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyTargetOutput).ToAuthzPolicyTargetPtrOutputWithContext(ctx) +} + +// AuthzPolicyTargetPtrInput is an input type that accepts AuthzPolicyTargetArgs, AuthzPolicyTargetPtr and AuthzPolicyTargetPtrOutput values. +// You can construct a concrete instance of `AuthzPolicyTargetPtrInput` via: +// +// AuthzPolicyTargetArgs{...} +// +// or: +// +// nil +type AuthzPolicyTargetPtrInput interface { + pulumi.Input + + ToAuthzPolicyTargetPtrOutput() AuthzPolicyTargetPtrOutput + ToAuthzPolicyTargetPtrOutputWithContext(context.Context) AuthzPolicyTargetPtrOutput +} + +type authzPolicyTargetPtrType AuthzPolicyTargetArgs + +func AuthzPolicyTargetPtr(v *AuthzPolicyTargetArgs) AuthzPolicyTargetPtrInput { + return (*authzPolicyTargetPtrType)(v) +} + +func (*authzPolicyTargetPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyTarget)(nil)).Elem() +} + +func (i *authzPolicyTargetPtrType) ToAuthzPolicyTargetPtrOutput() AuthzPolicyTargetPtrOutput { + return i.ToAuthzPolicyTargetPtrOutputWithContext(context.Background()) +} + +func (i *authzPolicyTargetPtrType) ToAuthzPolicyTargetPtrOutputWithContext(ctx context.Context) AuthzPolicyTargetPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzPolicyTargetPtrOutput) +} + +type AuthzPolicyTargetOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyTargetOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AuthzPolicyTarget)(nil)).Elem() +} + +func (o AuthzPolicyTargetOutput) ToAuthzPolicyTargetOutput() AuthzPolicyTargetOutput { + return o +} + +func (o AuthzPolicyTargetOutput) ToAuthzPolicyTargetOutputWithContext(ctx context.Context) AuthzPolicyTargetOutput { + return o +} + +func (o AuthzPolicyTargetOutput) ToAuthzPolicyTargetPtrOutput() AuthzPolicyTargetPtrOutput { + return o.ToAuthzPolicyTargetPtrOutputWithContext(context.Background()) +} + +func (o AuthzPolicyTargetOutput) ToAuthzPolicyTargetPtrOutputWithContext(ctx context.Context) AuthzPolicyTargetPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v AuthzPolicyTarget) *AuthzPolicyTarget { + return &v + }).(AuthzPolicyTargetPtrOutput) +} + +// All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. +// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). +// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. +func (o AuthzPolicyTargetOutput) LoadBalancingScheme() pulumi.StringOutput { + return o.ApplyT(func(v AuthzPolicyTarget) string { return v.LoadBalancingScheme }).(pulumi.StringOutput) +} + +// A list of references to the Forwarding Rules on which this policy will be applied. +// +// *** +func (o AuthzPolicyTargetOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v AuthzPolicyTarget) []string { return v.Resources }).(pulumi.StringArrayOutput) +} + +type AuthzPolicyTargetPtrOutput struct{ *pulumi.OutputState } + +func (AuthzPolicyTargetPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzPolicyTarget)(nil)).Elem() +} + +func (o AuthzPolicyTargetPtrOutput) ToAuthzPolicyTargetPtrOutput() AuthzPolicyTargetPtrOutput { + return o +} + +func (o AuthzPolicyTargetPtrOutput) ToAuthzPolicyTargetPtrOutputWithContext(ctx context.Context) AuthzPolicyTargetPtrOutput { + return o +} + +func (o AuthzPolicyTargetPtrOutput) Elem() AuthzPolicyTargetOutput { + return o.ApplyT(func(v *AuthzPolicyTarget) AuthzPolicyTarget { + if v != nil { + return *v + } + var ret AuthzPolicyTarget + return ret + }).(AuthzPolicyTargetOutput) +} + +// All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. +// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). +// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. +func (o AuthzPolicyTargetPtrOutput) LoadBalancingScheme() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzPolicyTarget) *string { + if v == nil { + return nil + } + return &v.LoadBalancingScheme + }).(pulumi.StringPtrOutput) +} + +// A list of references to the Forwarding Rules on which this policy will be applied. +// +// *** +func (o AuthzPolicyTargetPtrOutput) Resources() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthzPolicyTarget) []string { + if v == nil { + return nil + } + return v.Resources + }).(pulumi.StringArrayOutput) +} + type ClientTlsPolicyClientCertificate struct { // The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. // Structure is documented below. @@ -1689,6 +5238,106 @@ func (o ClientTlsPolicyServerValidationCaGrpcEndpointPtrOutput) TargetUri() pulu }).(pulumi.StringPtrOutput) } +type InterceptDeploymentGroupConnectedEndpointGroup struct { + // (Output) + // Output only. A connected intercept endpoint group. + Name *string `pulumi:"name"` +} + +// InterceptDeploymentGroupConnectedEndpointGroupInput is an input type that accepts InterceptDeploymentGroupConnectedEndpointGroupArgs and InterceptDeploymentGroupConnectedEndpointGroupOutput values. +// You can construct a concrete instance of `InterceptDeploymentGroupConnectedEndpointGroupInput` via: +// +// InterceptDeploymentGroupConnectedEndpointGroupArgs{...} +type InterceptDeploymentGroupConnectedEndpointGroupInput interface { + pulumi.Input + + ToInterceptDeploymentGroupConnectedEndpointGroupOutput() InterceptDeploymentGroupConnectedEndpointGroupOutput + ToInterceptDeploymentGroupConnectedEndpointGroupOutputWithContext(context.Context) InterceptDeploymentGroupConnectedEndpointGroupOutput +} + +type InterceptDeploymentGroupConnectedEndpointGroupArgs struct { + // (Output) + // Output only. A connected intercept endpoint group. + Name pulumi.StringPtrInput `pulumi:"name"` +} + +func (InterceptDeploymentGroupConnectedEndpointGroupArgs) ElementType() reflect.Type { + return reflect.TypeOf((*InterceptDeploymentGroupConnectedEndpointGroup)(nil)).Elem() +} + +func (i InterceptDeploymentGroupConnectedEndpointGroupArgs) ToInterceptDeploymentGroupConnectedEndpointGroupOutput() InterceptDeploymentGroupConnectedEndpointGroupOutput { + return i.ToInterceptDeploymentGroupConnectedEndpointGroupOutputWithContext(context.Background()) +} + +func (i InterceptDeploymentGroupConnectedEndpointGroupArgs) ToInterceptDeploymentGroupConnectedEndpointGroupOutputWithContext(ctx context.Context) InterceptDeploymentGroupConnectedEndpointGroupOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentGroupConnectedEndpointGroupOutput) +} + +// InterceptDeploymentGroupConnectedEndpointGroupArrayInput is an input type that accepts InterceptDeploymentGroupConnectedEndpointGroupArray and InterceptDeploymentGroupConnectedEndpointGroupArrayOutput values. +// You can construct a concrete instance of `InterceptDeploymentGroupConnectedEndpointGroupArrayInput` via: +// +// InterceptDeploymentGroupConnectedEndpointGroupArray{ InterceptDeploymentGroupConnectedEndpointGroupArgs{...} } +type InterceptDeploymentGroupConnectedEndpointGroupArrayInput interface { + pulumi.Input + + ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutput() InterceptDeploymentGroupConnectedEndpointGroupArrayOutput + ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutputWithContext(context.Context) InterceptDeploymentGroupConnectedEndpointGroupArrayOutput +} + +type InterceptDeploymentGroupConnectedEndpointGroupArray []InterceptDeploymentGroupConnectedEndpointGroupInput + +func (InterceptDeploymentGroupConnectedEndpointGroupArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]InterceptDeploymentGroupConnectedEndpointGroup)(nil)).Elem() +} + +func (i InterceptDeploymentGroupConnectedEndpointGroupArray) ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutput() InterceptDeploymentGroupConnectedEndpointGroupArrayOutput { + return i.ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutputWithContext(context.Background()) +} + +func (i InterceptDeploymentGroupConnectedEndpointGroupArray) ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutputWithContext(ctx context.Context) InterceptDeploymentGroupConnectedEndpointGroupArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(InterceptDeploymentGroupConnectedEndpointGroupArrayOutput) +} + +type InterceptDeploymentGroupConnectedEndpointGroupOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentGroupConnectedEndpointGroupOutput) ElementType() reflect.Type { + return reflect.TypeOf((*InterceptDeploymentGroupConnectedEndpointGroup)(nil)).Elem() +} + +func (o InterceptDeploymentGroupConnectedEndpointGroupOutput) ToInterceptDeploymentGroupConnectedEndpointGroupOutput() InterceptDeploymentGroupConnectedEndpointGroupOutput { + return o +} + +func (o InterceptDeploymentGroupConnectedEndpointGroupOutput) ToInterceptDeploymentGroupConnectedEndpointGroupOutputWithContext(ctx context.Context) InterceptDeploymentGroupConnectedEndpointGroupOutput { + return o +} + +// (Output) +// Output only. A connected intercept endpoint group. +func (o InterceptDeploymentGroupConnectedEndpointGroupOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v InterceptDeploymentGroupConnectedEndpointGroup) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +type InterceptDeploymentGroupConnectedEndpointGroupArrayOutput struct{ *pulumi.OutputState } + +func (InterceptDeploymentGroupConnectedEndpointGroupArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]InterceptDeploymentGroupConnectedEndpointGroup)(nil)).Elem() +} + +func (o InterceptDeploymentGroupConnectedEndpointGroupArrayOutput) ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutput() InterceptDeploymentGroupConnectedEndpointGroupArrayOutput { + return o +} + +func (o InterceptDeploymentGroupConnectedEndpointGroupArrayOutput) ToInterceptDeploymentGroupConnectedEndpointGroupArrayOutputWithContext(ctx context.Context) InterceptDeploymentGroupConnectedEndpointGroupArrayOutput { + return o +} + +func (o InterceptDeploymentGroupConnectedEndpointGroupArrayOutput) Index(i pulumi.IntInput) InterceptDeploymentGroupConnectedEndpointGroupOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) InterceptDeploymentGroupConnectedEndpointGroup { + return vs[0].([]InterceptDeploymentGroupConnectedEndpointGroup)[vs[1].(int)] + }).(InterceptDeploymentGroupConnectedEndpointGroupOutput) +} + type MirroringDeploymentGroupConnectedEndpointGroup struct { // (Output) // Output only. A connected mirroring endpoint group. @@ -3380,6 +7029,52 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*AuthorizationPolicyRuleDestinationHttpHeaderMatchPtrInput)(nil)).Elem(), AuthorizationPolicyRuleDestinationHttpHeaderMatchArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AuthorizationPolicyRuleSourceInput)(nil)).Elem(), AuthorizationPolicyRuleSourceArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AuthorizationPolicyRuleSourceArrayInput)(nil)).Elem(), AuthorizationPolicyRuleSourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyCustomProviderInput)(nil)).Elem(), AuthzPolicyCustomProviderArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyCustomProviderPtrInput)(nil)).Elem(), AuthzPolicyCustomProviderArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyCustomProviderAuthzExtensionInput)(nil)).Elem(), AuthzPolicyCustomProviderAuthzExtensionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyCustomProviderAuthzExtensionPtrInput)(nil)).Elem(), AuthzPolicyCustomProviderAuthzExtensionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyCustomProviderCloudIapInput)(nil)).Elem(), AuthzPolicyCustomProviderCloudIapArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyCustomProviderCloudIapPtrInput)(nil)).Elem(), AuthzPolicyCustomProviderCloudIapArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleInput)(nil)).Elem(), AuthzPolicyHttpRuleArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromInput)(nil)).Elem(), AuthzPolicyHttpRuleFromArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleFromArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourcePrincipalInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourcePrincipalArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourcePrincipalArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourcePrincipalArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceResourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceResourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourcePrincipalInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourcePrincipalArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourcePrincipalArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourcePrincipalArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceResourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceResourceArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToInput)(nil)).Elem(), AuthzPolicyHttpRuleToArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleToArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHeaderSetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetPtrInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHeaderSetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeaderInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHeaderSetHeaderArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHostInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHostArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationHostArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationHostArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationPathInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationPathArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyHttpRuleToOperationPathArrayInput)(nil)).Elem(), AuthzPolicyHttpRuleToOperationPathArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyTargetInput)(nil)).Elem(), AuthzPolicyTargetArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzPolicyTargetPtrInput)(nil)).Elem(), AuthzPolicyTargetArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientTlsPolicyClientCertificateInput)(nil)).Elem(), ClientTlsPolicyClientCertificateArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientTlsPolicyClientCertificatePtrInput)(nil)).Elem(), ClientTlsPolicyClientCertificateArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientTlsPolicyClientCertificateCertificateProviderInstanceInput)(nil)).Elem(), ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs{}) @@ -3392,6 +7087,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ClientTlsPolicyServerValidationCaCertificateProviderInstancePtrInput)(nil)).Elem(), ClientTlsPolicyServerValidationCaCertificateProviderInstanceArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientTlsPolicyServerValidationCaGrpcEndpointInput)(nil)).Elem(), ClientTlsPolicyServerValidationCaGrpcEndpointArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClientTlsPolicyServerValidationCaGrpcEndpointPtrInput)(nil)).Elem(), ClientTlsPolicyServerValidationCaGrpcEndpointArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentGroupConnectedEndpointGroupInput)(nil)).Elem(), InterceptDeploymentGroupConnectedEndpointGroupArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*InterceptDeploymentGroupConnectedEndpointGroupArrayInput)(nil)).Elem(), InterceptDeploymentGroupConnectedEndpointGroupArray{}) pulumi.RegisterInputType(reflect.TypeOf((*MirroringDeploymentGroupConnectedEndpointGroupInput)(nil)).Elem(), MirroringDeploymentGroupConnectedEndpointGroupArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*MirroringDeploymentGroupConnectedEndpointGroupArrayInput)(nil)).Elem(), MirroringDeploymentGroupConnectedEndpointGroupArray{}) pulumi.RegisterInputType(reflect.TypeOf((*MirroringEndpointGroupAssociationLocationsDetailInput)(nil)).Elem(), MirroringEndpointGroupAssociationLocationsDetailArgs{}) @@ -3428,6 +7125,52 @@ func init() { pulumi.RegisterOutputType(AuthorizationPolicyRuleDestinationHttpHeaderMatchPtrOutput{}) pulumi.RegisterOutputType(AuthorizationPolicyRuleSourceOutput{}) pulumi.RegisterOutputType(AuthorizationPolicyRuleSourceArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyCustomProviderOutput{}) + pulumi.RegisterOutputType(AuthzPolicyCustomProviderPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyCustomProviderAuthzExtensionOutput{}) + pulumi.RegisterOutputType(AuthzPolicyCustomProviderAuthzExtensionPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyCustomProviderCloudIapOutput{}) + pulumi.RegisterOutputType(AuthzPolicyCustomProviderCloudIapPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourcePrincipalOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourcePrincipalArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceResourceOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceResourceArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourcePrincipalOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourcePrincipalArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceResourceOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceResourceArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHeaderSetOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHeaderSetPtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHeaderSetHeaderOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValuePtrOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHostOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationHostArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationPathOutput{}) + pulumi.RegisterOutputType(AuthzPolicyHttpRuleToOperationPathArrayOutput{}) + pulumi.RegisterOutputType(AuthzPolicyTargetOutput{}) + pulumi.RegisterOutputType(AuthzPolicyTargetPtrOutput{}) pulumi.RegisterOutputType(ClientTlsPolicyClientCertificateOutput{}) pulumi.RegisterOutputType(ClientTlsPolicyClientCertificatePtrOutput{}) pulumi.RegisterOutputType(ClientTlsPolicyClientCertificateCertificateProviderInstanceOutput{}) @@ -3440,6 +7183,8 @@ func init() { pulumi.RegisterOutputType(ClientTlsPolicyServerValidationCaCertificateProviderInstancePtrOutput{}) pulumi.RegisterOutputType(ClientTlsPolicyServerValidationCaGrpcEndpointOutput{}) pulumi.RegisterOutputType(ClientTlsPolicyServerValidationCaGrpcEndpointPtrOutput{}) + pulumi.RegisterOutputType(InterceptDeploymentGroupConnectedEndpointGroupOutput{}) + pulumi.RegisterOutputType(InterceptDeploymentGroupConnectedEndpointGroupArrayOutput{}) pulumi.RegisterOutputType(MirroringDeploymentGroupConnectedEndpointGroupOutput{}) pulumi.RegisterOutputType(MirroringDeploymentGroupConnectedEndpointGroupArrayOutput{}) pulumi.RegisterOutputType(MirroringEndpointGroupAssociationLocationsDetailOutput{}) diff --git a/sdk/go/gcp/networkservices/authzExtension.go b/sdk/go/gcp/networkservices/authzExtension.go new file mode 100644 index 0000000000..641f23bc3c --- /dev/null +++ b/sdk/go/gcp/networkservices/authzExtension.go @@ -0,0 +1,645 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package networkservices + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. +// +// To get more information about AuthzExtension, see: +// +// * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions) +// +// ## Example Usage +// +// ### Network Services Authz Extension Basic +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkservices" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{ +// Name: pulumi.String("authz-service"), +// Project: pulumi.String("my-project-name"), +// Region: pulumi.String("us-west1"), +// Protocol: pulumi.String("HTTP2"), +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// PortName: pulumi.String("grpc"), +// }) +// if err != nil { +// return err +// } +// _, err = networkservices.NewAuthzExtension(ctx, "default", &networkservices.AuthzExtensionArgs{ +// Name: pulumi.String("my-authz-ext"), +// Project: pulumi.String("my-project-name"), +// Location: pulumi.String("us-west1"), +// Description: pulumi.String("my description"), +// LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"), +// Authority: pulumi.String("ext11.com"), +// Service: _default.SelfLink, +// Timeout: pulumi.String("0.1s"), +// FailOpen: pulumi.Bool(false), +// ForwardHeaders: pulumi.StringArray{ +// pulumi.String("Authorization"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// AuthzExtension can be imported using any of these accepted formats: +// +// * `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}` +// +// * `{{project}}/{{location}}/{{name}}` +// +// * `{{location}}/{{name}}` +// +// * `{{name}}` +// +// When using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example: +// +// ```sh +// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}} +// ``` +// +// ```sh +// $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}} +// ``` +type AuthzExtension struct { + pulumi.CustomResourceState + + // The :authority header in the gRPC request sent from Envoy to the extension service. + Authority pulumi.StringOutput `pulumi:"authority"` + // The timestamp when the resource was created. + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // A human-readable description of the resource. + Description pulumi.StringPtrOutput `pulumi:"description"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapOutput `pulumi:"effectiveLabels"` + // Determines how the proxy behaves if the call to the extension fails or times out. + // When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + // * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + // * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + FailOpen pulumi.BoolOutput `pulumi:"failOpen"` + // List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + ForwardHeaders pulumi.StringArrayOutput `pulumi:"forwardHeaders"` + // Set of labels associated with the AuthzExtension resource. + // + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapOutput `pulumi:"labels"` + // All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + LoadBalancingScheme pulumi.StringOutput `pulumi:"loadBalancingScheme"` + // The location of the resource. + // + // *** + Location pulumi.StringOutput `pulumi:"location"` + // The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + // {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + Metadata pulumi.StringMapOutput `pulumi:"metadata"` + // Identifier. Name of the AuthzExtension resource. + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringOutput `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapOutput `pulumi:"pulumiLabels"` + // The reference to the service that runs the extension. + // To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + // https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + Service pulumi.StringOutput `pulumi:"service"` + // Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + Timeout pulumi.StringOutput `pulumi:"timeout"` + // The timestamp when the resource was updated. + UpdateTime pulumi.StringOutput `pulumi:"updateTime"` + // The format of communication supported by the callout extension. + // Default value is `EXT_PROC_GRPC`. + // Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + WireFormat pulumi.StringPtrOutput `pulumi:"wireFormat"` +} + +// NewAuthzExtension registers a new resource with the given unique name, arguments, and options. +func NewAuthzExtension(ctx *pulumi.Context, + name string, args *AuthzExtensionArgs, opts ...pulumi.ResourceOption) (*AuthzExtension, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Authority == nil { + return nil, errors.New("invalid value for required argument 'Authority'") + } + if args.LoadBalancingScheme == nil { + return nil, errors.New("invalid value for required argument 'LoadBalancingScheme'") + } + if args.Location == nil { + return nil, errors.New("invalid value for required argument 'Location'") + } + if args.Service == nil { + return nil, errors.New("invalid value for required argument 'Service'") + } + if args.Timeout == nil { + return nil, errors.New("invalid value for required argument 'Timeout'") + } + secrets := pulumi.AdditionalSecretOutputs([]string{ + "effectiveLabels", + "pulumiLabels", + }) + opts = append(opts, secrets) + opts = internal.PkgResourceDefaultOpts(opts) + var resource AuthzExtension + err := ctx.RegisterResource("gcp:networkservices/authzExtension:AuthzExtension", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetAuthzExtension gets an existing AuthzExtension resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetAuthzExtension(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *AuthzExtensionState, opts ...pulumi.ResourceOption) (*AuthzExtension, error) { + var resource AuthzExtension + err := ctx.ReadResource("gcp:networkservices/authzExtension:AuthzExtension", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering AuthzExtension resources. +type authzExtensionState struct { + // The :authority header in the gRPC request sent from Envoy to the extension service. + Authority *string `pulumi:"authority"` + // The timestamp when the resource was created. + CreateTime *string `pulumi:"createTime"` + // A human-readable description of the resource. + Description *string `pulumi:"description"` + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels map[string]string `pulumi:"effectiveLabels"` + // Determines how the proxy behaves if the call to the extension fails or times out. + // When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + // * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + // * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + FailOpen *bool `pulumi:"failOpen"` + // List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + ForwardHeaders []string `pulumi:"forwardHeaders"` + // Set of labels associated with the AuthzExtension resource. + // + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels map[string]string `pulumi:"labels"` + // All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + LoadBalancingScheme *string `pulumi:"loadBalancingScheme"` + // The location of the resource. + // + // *** + Location *string `pulumi:"location"` + // The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + // {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + Metadata map[string]string `pulumi:"metadata"` + // Identifier. Name of the AuthzExtension resource. + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels map[string]string `pulumi:"pulumiLabels"` + // The reference to the service that runs the extension. + // To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + // https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + Service *string `pulumi:"service"` + // Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + Timeout *string `pulumi:"timeout"` + // The timestamp when the resource was updated. + UpdateTime *string `pulumi:"updateTime"` + // The format of communication supported by the callout extension. + // Default value is `EXT_PROC_GRPC`. + // Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + WireFormat *string `pulumi:"wireFormat"` +} + +type AuthzExtensionState struct { + // The :authority header in the gRPC request sent from Envoy to the extension service. + Authority pulumi.StringPtrInput + // The timestamp when the resource was created. + CreateTime pulumi.StringPtrInput + // A human-readable description of the resource. + Description pulumi.StringPtrInput + // All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + EffectiveLabels pulumi.StringMapInput + // Determines how the proxy behaves if the call to the extension fails or times out. + // When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + // * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + // * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + FailOpen pulumi.BoolPtrInput + // List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + ForwardHeaders pulumi.StringArrayInput + // Set of labels associated with the AuthzExtension resource. + // + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapInput + // All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + LoadBalancingScheme pulumi.StringPtrInput + // The location of the resource. + // + // *** + Location pulumi.StringPtrInput + // The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + // {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + Metadata pulumi.StringMapInput + // Identifier. Name of the AuthzExtension resource. + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput + // The combination of labels configured directly on the resource + // and default labels configured on the provider. + PulumiLabels pulumi.StringMapInput + // The reference to the service that runs the extension. + // To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + // https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + Service pulumi.StringPtrInput + // Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + Timeout pulumi.StringPtrInput + // The timestamp when the resource was updated. + UpdateTime pulumi.StringPtrInput + // The format of communication supported by the callout extension. + // Default value is `EXT_PROC_GRPC`. + // Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + WireFormat pulumi.StringPtrInput +} + +func (AuthzExtensionState) ElementType() reflect.Type { + return reflect.TypeOf((*authzExtensionState)(nil)).Elem() +} + +type authzExtensionArgs struct { + // The :authority header in the gRPC request sent from Envoy to the extension service. + Authority string `pulumi:"authority"` + // A human-readable description of the resource. + Description *string `pulumi:"description"` + // Determines how the proxy behaves if the call to the extension fails or times out. + // When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + // * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + // * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + FailOpen *bool `pulumi:"failOpen"` + // List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + ForwardHeaders []string `pulumi:"forwardHeaders"` + // Set of labels associated with the AuthzExtension resource. + // + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels map[string]string `pulumi:"labels"` + // All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + LoadBalancingScheme string `pulumi:"loadBalancingScheme"` + // The location of the resource. + // + // *** + Location string `pulumi:"location"` + // The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + // {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + Metadata map[string]string `pulumi:"metadata"` + // Identifier. Name of the AuthzExtension resource. + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project *string `pulumi:"project"` + // The reference to the service that runs the extension. + // To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + // https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + Service string `pulumi:"service"` + // Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + Timeout string `pulumi:"timeout"` + // The format of communication supported by the callout extension. + // Default value is `EXT_PROC_GRPC`. + // Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + WireFormat *string `pulumi:"wireFormat"` +} + +// The set of arguments for constructing a AuthzExtension resource. +type AuthzExtensionArgs struct { + // The :authority header in the gRPC request sent from Envoy to the extension service. + Authority pulumi.StringInput + // A human-readable description of the resource. + Description pulumi.StringPtrInput + // Determines how the proxy behaves if the call to the extension fails or times out. + // When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + // * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + // * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + FailOpen pulumi.BoolPtrInput + // List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + ForwardHeaders pulumi.StringArrayInput + // Set of labels associated with the AuthzExtension resource. + // + // **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + // Please refer to the field `effectiveLabels` for all of the labels present on the resource. + Labels pulumi.StringMapInput + // All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + // For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + // Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + LoadBalancingScheme pulumi.StringInput + // The location of the resource. + // + // *** + Location pulumi.StringInput + // The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + // {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + Metadata pulumi.StringMapInput + // Identifier. Name of the AuthzExtension resource. + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the provider project is used. + Project pulumi.StringPtrInput + // The reference to the service that runs the extension. + // To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + // https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + Service pulumi.StringInput + // Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + Timeout pulumi.StringInput + // The format of communication supported by the callout extension. + // Default value is `EXT_PROC_GRPC`. + // Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + WireFormat pulumi.StringPtrInput +} + +func (AuthzExtensionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*authzExtensionArgs)(nil)).Elem() +} + +type AuthzExtensionInput interface { + pulumi.Input + + ToAuthzExtensionOutput() AuthzExtensionOutput + ToAuthzExtensionOutputWithContext(ctx context.Context) AuthzExtensionOutput +} + +func (*AuthzExtension) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzExtension)(nil)).Elem() +} + +func (i *AuthzExtension) ToAuthzExtensionOutput() AuthzExtensionOutput { + return i.ToAuthzExtensionOutputWithContext(context.Background()) +} + +func (i *AuthzExtension) ToAuthzExtensionOutputWithContext(ctx context.Context) AuthzExtensionOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzExtensionOutput) +} + +// AuthzExtensionArrayInput is an input type that accepts AuthzExtensionArray and AuthzExtensionArrayOutput values. +// You can construct a concrete instance of `AuthzExtensionArrayInput` via: +// +// AuthzExtensionArray{ AuthzExtensionArgs{...} } +type AuthzExtensionArrayInput interface { + pulumi.Input + + ToAuthzExtensionArrayOutput() AuthzExtensionArrayOutput + ToAuthzExtensionArrayOutputWithContext(context.Context) AuthzExtensionArrayOutput +} + +type AuthzExtensionArray []AuthzExtensionInput + +func (AuthzExtensionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*AuthzExtension)(nil)).Elem() +} + +func (i AuthzExtensionArray) ToAuthzExtensionArrayOutput() AuthzExtensionArrayOutput { + return i.ToAuthzExtensionArrayOutputWithContext(context.Background()) +} + +func (i AuthzExtensionArray) ToAuthzExtensionArrayOutputWithContext(ctx context.Context) AuthzExtensionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzExtensionArrayOutput) +} + +// AuthzExtensionMapInput is an input type that accepts AuthzExtensionMap and AuthzExtensionMapOutput values. +// You can construct a concrete instance of `AuthzExtensionMapInput` via: +// +// AuthzExtensionMap{ "key": AuthzExtensionArgs{...} } +type AuthzExtensionMapInput interface { + pulumi.Input + + ToAuthzExtensionMapOutput() AuthzExtensionMapOutput + ToAuthzExtensionMapOutputWithContext(context.Context) AuthzExtensionMapOutput +} + +type AuthzExtensionMap map[string]AuthzExtensionInput + +func (AuthzExtensionMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*AuthzExtension)(nil)).Elem() +} + +func (i AuthzExtensionMap) ToAuthzExtensionMapOutput() AuthzExtensionMapOutput { + return i.ToAuthzExtensionMapOutputWithContext(context.Background()) +} + +func (i AuthzExtensionMap) ToAuthzExtensionMapOutputWithContext(ctx context.Context) AuthzExtensionMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(AuthzExtensionMapOutput) +} + +type AuthzExtensionOutput struct{ *pulumi.OutputState } + +func (AuthzExtensionOutput) ElementType() reflect.Type { + return reflect.TypeOf((**AuthzExtension)(nil)).Elem() +} + +func (o AuthzExtensionOutput) ToAuthzExtensionOutput() AuthzExtensionOutput { + return o +} + +func (o AuthzExtensionOutput) ToAuthzExtensionOutputWithContext(ctx context.Context) AuthzExtensionOutput { + return o +} + +// The :authority header in the gRPC request sent from Envoy to the extension service. +func (o AuthzExtensionOutput) Authority() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.Authority }).(pulumi.StringOutput) +} + +// The timestamp when the resource was created. +func (o AuthzExtensionOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// A human-readable description of the resource. +func (o AuthzExtensionOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +// All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. +func (o AuthzExtensionOutput) EffectiveLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringMapOutput { return v.EffectiveLabels }).(pulumi.StringMapOutput) +} + +// Determines how the proxy behaves if the call to the extension fails or times out. +// When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: +// * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. +// * If response headers have been delivered, then the HTTP stream to the downstream client is reset. +func (o AuthzExtensionOutput) FailOpen() pulumi.BoolOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.BoolOutput { return v.FailOpen }).(pulumi.BoolOutput) +} + +// List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. +func (o AuthzExtensionOutput) ForwardHeaders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringArrayOutput { return v.ForwardHeaders }).(pulumi.StringArrayOutput) +} + +// Set of labels associated with the AuthzExtension resource. +// +// **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. +// Please refer to the field `effectiveLabels` for all of the labels present on the resource. +func (o AuthzExtensionOutput) Labels() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringMapOutput { return v.Labels }).(pulumi.StringMapOutput) +} + +// All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. +// For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). +// Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. +func (o AuthzExtensionOutput) LoadBalancingScheme() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.LoadBalancingScheme }).(pulumi.StringOutput) +} + +// The location of the resource. +// +// *** +func (o AuthzExtensionOutput) Location() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) +} + +// The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: +// {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. +func (o AuthzExtensionOutput) Metadata() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringMapOutput { return v.Metadata }).(pulumi.StringMapOutput) +} + +// Identifier. Name of the AuthzExtension resource. +func (o AuthzExtensionOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The ID of the project in which the resource belongs. +// If it is not provided, the provider project is used. +func (o AuthzExtensionOutput) Project() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) +} + +// The combination of labels configured directly on the resource +// and default labels configured on the provider. +func (o AuthzExtensionOutput) PulumiLabels() pulumi.StringMapOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringMapOutput { return v.PulumiLabels }).(pulumi.StringMapOutput) +} + +// The reference to the service that runs the extension. +// To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: +// https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. +func (o AuthzExtensionOutput) Service() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.Service }).(pulumi.StringOutput) +} + +// Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. +func (o AuthzExtensionOutput) Timeout() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.Timeout }).(pulumi.StringOutput) +} + +// The timestamp when the resource was updated. +func (o AuthzExtensionOutput) UpdateTime() pulumi.StringOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringOutput { return v.UpdateTime }).(pulumi.StringOutput) +} + +// The format of communication supported by the callout extension. +// Default value is `EXT_PROC_GRPC`. +// Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. +func (o AuthzExtensionOutput) WireFormat() pulumi.StringPtrOutput { + return o.ApplyT(func(v *AuthzExtension) pulumi.StringPtrOutput { return v.WireFormat }).(pulumi.StringPtrOutput) +} + +type AuthzExtensionArrayOutput struct{ *pulumi.OutputState } + +func (AuthzExtensionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*AuthzExtension)(nil)).Elem() +} + +func (o AuthzExtensionArrayOutput) ToAuthzExtensionArrayOutput() AuthzExtensionArrayOutput { + return o +} + +func (o AuthzExtensionArrayOutput) ToAuthzExtensionArrayOutputWithContext(ctx context.Context) AuthzExtensionArrayOutput { + return o +} + +func (o AuthzExtensionArrayOutput) Index(i pulumi.IntInput) AuthzExtensionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *AuthzExtension { + return vs[0].([]*AuthzExtension)[vs[1].(int)] + }).(AuthzExtensionOutput) +} + +type AuthzExtensionMapOutput struct{ *pulumi.OutputState } + +func (AuthzExtensionMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*AuthzExtension)(nil)).Elem() +} + +func (o AuthzExtensionMapOutput) ToAuthzExtensionMapOutput() AuthzExtensionMapOutput { + return o +} + +func (o AuthzExtensionMapOutput) ToAuthzExtensionMapOutputWithContext(ctx context.Context) AuthzExtensionMapOutput { + return o +} + +func (o AuthzExtensionMapOutput) MapIndex(k pulumi.StringInput) AuthzExtensionOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *AuthzExtension { + return vs[0].(map[string]*AuthzExtension)[vs[1].(string)] + }).(AuthzExtensionOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*AuthzExtensionInput)(nil)).Elem(), &AuthzExtension{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzExtensionArrayInput)(nil)).Elem(), AuthzExtensionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AuthzExtensionMapInput)(nil)).Elem(), AuthzExtensionMap{}) + pulumi.RegisterOutputType(AuthzExtensionOutput{}) + pulumi.RegisterOutputType(AuthzExtensionArrayOutput{}) + pulumi.RegisterOutputType(AuthzExtensionMapOutput{}) +} diff --git a/sdk/go/gcp/networkservices/init.go b/sdk/go/gcp/networkservices/init.go index 2df3e10f95..f1ccee02be 100644 --- a/sdk/go/gcp/networkservices/init.go +++ b/sdk/go/gcp/networkservices/init.go @@ -21,6 +21,8 @@ func (m *module) Version() semver.Version { func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi.Resource, err error) { switch typ { + case "gcp:networkservices/authzExtension:AuthzExtension": + r = &AuthzExtension{} case "gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset": r = &EdgeCacheKeyset{} case "gcp:networkservices/edgeCacheOrigin:EdgeCacheOrigin": @@ -62,6 +64,11 @@ func init() { if err != nil { version = semver.Version{Major: 1} } + pulumi.RegisterResourceModule( + "gcp", + "networkservices/authzExtension", + &module{version}, + ) pulumi.RegisterResourceModule( "gcp", "networkservices/edgeCacheKeyset", diff --git a/sdk/go/gcp/oracledatabase/autonomousDatabase.go b/sdk/go/gcp/oracledatabase/autonomousDatabase.go index b3aad6e15e..5dfb20ddb7 100644 --- a/sdk/go/gcp/oracledatabase/autonomousDatabase.go +++ b/sdk/go/gcp/oracledatabase/autonomousDatabase.go @@ -48,7 +48,7 @@ import ( // AutonomousDatabaseId: pulumi.String("my-instance"), // Location: pulumi.String("us-east4"), // Project: pulumi.String("my-project"), -// Database: pulumi.String("testdb"), +// Database: pulumi.String("mydatabase"), // AdminPassword: pulumi.String("123Abpassword"), // Network: pulumi.String(_default.Id), // Cidr: pulumi.String("10.5.0.0/24"), @@ -96,7 +96,7 @@ import ( // Location: pulumi.String("us-east4"), // Project: pulumi.String("my-project"), // DisplayName: pulumi.String("autonomousDatabase displayname"), -// Database: pulumi.String("testdatabase"), +// Database: pulumi.String("mydatabase"), // AdminPassword: pulumi.String("123Abpassword"), // Network: pulumi.String(_default.Id), // Cidr: pulumi.String("10.5.0.0/24"), diff --git a/sdk/go/gcp/orgpolicy/policy.go b/sdk/go/gcp/orgpolicy/policy.go index 55609e55c5..c4c7c3407b 100644 --- a/sdk/go/gcp/orgpolicy/policy.go +++ b/sdk/go/gcp/orgpolicy/policy.go @@ -50,11 +50,11 @@ import ( // return err // } // _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{ -// Name: basic.Name.ApplyT(func(name string) (string, error) { -// return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", name), nil +// Name: basic.ProjectId.ApplyT(func(projectId string) (string, error) { +// return fmt.Sprintf("projects/%v/policies/iam.disableServiceAccountKeyUpload", projectId), nil // }).(pulumi.StringOutput), -// Parent: basic.Name.ApplyT(func(name string) (string, error) { -// return fmt.Sprintf("projects/%v", name), nil +// Parent: basic.ProjectId.ApplyT(func(projectId string) (string, error) { +// return fmt.Sprintf("projects/%v", projectId), nil // }).(pulumi.StringOutput), // Spec: &orgpolicy.PolicySpecArgs{ // Rules: orgpolicy.PolicySpecRuleArray{ @@ -175,11 +175,11 @@ import ( // return err // } // _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{ -// Name: basic.Name.ApplyT(func(name string) (string, error) { -// return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", name), nil +// Name: basic.ProjectId.ApplyT(func(projectId string) (string, error) { +// return fmt.Sprintf("projects/%v/policies/gcp.resourceLocations", projectId), nil // }).(pulumi.StringOutput), -// Parent: basic.Name.ApplyT(func(name string) (string, error) { -// return fmt.Sprintf("projects/%v", name), nil +// Parent: basic.ProjectId.ApplyT(func(projectId string) (string, error) { +// return fmt.Sprintf("projects/%v", projectId), nil // }).(pulumi.StringOutput), // Spec: &orgpolicy.PolicySpecArgs{ // Rules: orgpolicy.PolicySpecRuleArray{ @@ -276,6 +276,68 @@ import ( // } // // ``` +// ### Org Policy Policy Parameters Enforce +// +// ```go +// package main +// +// import ( +// +// "encoding/json" +// "fmt" +// +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/orgpolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// basic, err := organizations.NewProject(ctx, "basic", &organizations.ProjectArgs{ +// ProjectId: pulumi.String("id"), +// Name: pulumi.String("id"), +// OrgId: pulumi.String("123456789"), +// DeletionPolicy: pulumi.String("DELETE"), +// }) +// if err != nil { +// return err +// } +// tmpJSON0, err := json.Marshal(map[string]interface{}{ +// "isSizeLimitCheck": true, +// "allowedDiskTypes": []string{ +// "pd-ssd", +// "pd-standard", +// }, +// }) +// if err != nil { +// return err +// } +// json0 := string(tmpJSON0) +// _, err = orgpolicy.NewPolicy(ctx, "primary", &orgpolicy.PolicyArgs{ +// Name: basic.Name.ApplyT(func(name string) (string, error) { +// return fmt.Sprintf("projects/%v/policies/compute.managed.restrictDiskCreation", name), nil +// }).(pulumi.StringOutput), +// Parent: basic.Name.ApplyT(func(name string) (string, error) { +// return fmt.Sprintf("projects/%v", name), nil +// }).(pulumi.StringOutput), +// Spec: &orgpolicy.PolicySpecArgs{ +// Rules: orgpolicy.PolicySpecRuleArray{ +// &orgpolicy.PolicySpecRuleArgs{ +// Enforce: pulumi.String("TRUE"), +// Parameters: pulumi.String(json0), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` // // ## Import // diff --git a/sdk/go/gcp/orgpolicy/pulumiTypes.go b/sdk/go/gcp/orgpolicy/pulumiTypes.go index 32e6590e0b..f2874e4c95 100644 --- a/sdk/go/gcp/orgpolicy/pulumiTypes.go +++ b/sdk/go/gcp/orgpolicy/pulumiTypes.go @@ -248,6 +248,8 @@ type PolicyDryRunSpecRule struct { DenyAll *string `pulumi:"denyAll"` // If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce *string `pulumi:"enforce"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + Parameters *string `pulumi:"parameters"` // List of values to be used for this policy rule. This field can be set only in policies for list constraints. // Structure is documented below. Values *PolicyDryRunSpecRuleValues `pulumi:"values"` @@ -274,6 +276,8 @@ type PolicyDryRunSpecRuleArgs struct { DenyAll pulumi.StringPtrInput `pulumi:"denyAll"` // If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce pulumi.StringPtrInput `pulumi:"enforce"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + Parameters pulumi.StringPtrInput `pulumi:"parameters"` // List of values to be used for this policy rule. This field can be set only in policies for list constraints. // Structure is documented below. Values PolicyDryRunSpecRuleValuesPtrInput `pulumi:"values"` @@ -351,6 +355,11 @@ func (o PolicyDryRunSpecRuleOutput) Enforce() pulumi.StringPtrOutput { return o.ApplyT(func(v PolicyDryRunSpecRule) *string { return v.Enforce }).(pulumi.StringPtrOutput) } +// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } +func (o PolicyDryRunSpecRuleOutput) Parameters() pulumi.StringPtrOutput { + return o.ApplyT(func(v PolicyDryRunSpecRule) *string { return v.Parameters }).(pulumi.StringPtrOutput) +} + // List of values to be used for this policy rule. This field can be set only in policies for list constraints. // Structure is documented below. func (o PolicyDryRunSpecRuleOutput) Values() PolicyDryRunSpecRuleValuesPtrOutput { @@ -962,6 +971,8 @@ type PolicySpecRule struct { DenyAll *string `pulumi:"denyAll"` // If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce *string `pulumi:"enforce"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + Parameters *string `pulumi:"parameters"` // List of values to be used for this policy rule. This field can be set only in policies for list constraints. // Structure is documented below. Values *PolicySpecRuleValues `pulumi:"values"` @@ -988,6 +999,8 @@ type PolicySpecRuleArgs struct { DenyAll pulumi.StringPtrInput `pulumi:"denyAll"` // If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. Enforce pulumi.StringPtrInput `pulumi:"enforce"` + // Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + Parameters pulumi.StringPtrInput `pulumi:"parameters"` // List of values to be used for this policy rule. This field can be set only in policies for list constraints. // Structure is documented below. Values PolicySpecRuleValuesPtrInput `pulumi:"values"` @@ -1065,6 +1078,11 @@ func (o PolicySpecRuleOutput) Enforce() pulumi.StringPtrOutput { return o.ApplyT(func(v PolicySpecRule) *string { return v.Enforce }).(pulumi.StringPtrOutput) } +// Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } +func (o PolicySpecRuleOutput) Parameters() pulumi.StringPtrOutput { + return o.ApplyT(func(v PolicySpecRule) *string { return v.Parameters }).(pulumi.StringPtrOutput) +} + // List of values to be used for this policy rule. This field can be set only in policies for list constraints. // Structure is documented below. func (o PolicySpecRuleOutput) Values() PolicySpecRuleValuesPtrOutput { diff --git a/sdk/go/gcp/sql/databaseInstance.go b/sdk/go/gcp/sql/databaseInstance.go index 8afd91f652..e54bb28180 100644 --- a/sdk/go/gcp/sql/databaseInstance.go +++ b/sdk/go/gcp/sql/databaseInstance.go @@ -344,8 +344,8 @@ type DatabaseInstance struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include `MYSQL_5_6`, // `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - // `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + // `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. // `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, // `SQLSERVER_2019_WEB`. // [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -475,8 +475,8 @@ type databaseInstanceState struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include `MYSQL_5_6`, // `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - // `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + // `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. // `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, // `SQLSERVER_2019_WEB`. // [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -562,8 +562,8 @@ type DatabaseInstanceState struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include `MYSQL_5_6`, // `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - // `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + // `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. // `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, // `SQLSERVER_2019_WEB`. // [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -648,8 +648,8 @@ type databaseInstanceArgs struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include `MYSQL_5_6`, // `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - // `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + // `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. // `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, // `SQLSERVER_2019_WEB`. // [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -714,8 +714,8 @@ type DatabaseInstanceArgs struct { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include `MYSQL_5_6`, // `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - // `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + // `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + // `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. // `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, // `SQLSERVER_2019_WEB`. // [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -879,8 +879,8 @@ func (o DatabaseInstanceOutput) ConnectionName() pulumi.StringOutput { // The MySQL, PostgreSQL or // SQL Server version to use. Supported values include `MYSQL_5_6`, // `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, -// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, -// `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. +// `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, +// `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. // `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, // `SQLSERVER_2019_WEB`. // [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/go/gcp/sql/pulumiTypes.go b/sdk/go/gcp/sql/pulumiTypes.go index 997a8bf6a3..e775f2bcc7 100644 --- a/sdk/go/gcp/sql/pulumiTypes.go +++ b/sdk/go/gcp/sql/pulumiTypes.go @@ -1082,7 +1082,7 @@ type DatabaseInstanceSettings struct { BackupConfiguration *DatabaseInstanceSettingsBackupConfiguration `pulumi:"backupConfiguration"` // The name of server instance collation. Collation *string `pulumi:"collation"` - // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + // Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. ConnectorEnforcement *string `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfig *DatabaseInstanceSettingsDataCacheConfig `pulumi:"dataCacheConfig"` @@ -1154,7 +1154,7 @@ type DatabaseInstanceSettingsArgs struct { BackupConfiguration DatabaseInstanceSettingsBackupConfigurationPtrInput `pulumi:"backupConfiguration"` // The name of server instance collation. Collation pulumi.StringPtrInput `pulumi:"collation"` - // Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + // Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. ConnectorEnforcement pulumi.StringPtrInput `pulumi:"connectorEnforcement"` // Data cache configurations. DataCacheConfig DatabaseInstanceSettingsDataCacheConfigPtrInput `pulumi:"dataCacheConfig"` @@ -1315,7 +1315,7 @@ func (o DatabaseInstanceSettingsOutput) Collation() pulumi.StringPtrOutput { return o.ApplyT(func(v DatabaseInstanceSettings) *string { return v.Collation }).(pulumi.StringPtrOutput) } -// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. +// Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. func (o DatabaseInstanceSettingsOutput) ConnectorEnforcement() pulumi.StringPtrOutput { return o.ApplyT(func(v DatabaseInstanceSettings) *string { return v.ConnectorEnforcement }).(pulumi.StringPtrOutput) } @@ -1524,7 +1524,7 @@ func (o DatabaseInstanceSettingsPtrOutput) Collation() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. +// Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. func (o DatabaseInstanceSettingsPtrOutput) ConnectorEnforcement() pulumi.StringPtrOutput { return o.ApplyT(func(v *DatabaseInstanceSettings) *string { if v == nil { diff --git a/sdk/go/gcp/storage/pulumiTypes.go b/sdk/go/gcp/storage/pulumiTypes.go index 27374e5b96..6e22dddf75 100644 --- a/sdk/go/gcp/storage/pulumiTypes.go +++ b/sdk/go/gcp/storage/pulumiTypes.go @@ -5582,6 +5582,8 @@ type TransferJobTransferSpec struct { GcsDataSink *TransferJobTransferSpecGcsDataSink `pulumi:"gcsDataSink"` // A Google Cloud Storage data source. Structure documented below. GcsDataSource *TransferJobTransferSpecGcsDataSource `pulumi:"gcsDataSource"` + // An HDFS data source. Structure documented below. + HdfsDataSource *TransferJobTransferSpecHdfsDataSource `pulumi:"hdfsDataSource"` // A HTTP URL data source. Structure documented below. HttpDataSource *TransferJobTransferSpecHttpDataSource `pulumi:"httpDataSource"` // Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' `lastModificationTime` do not exclude objects in a data sink. Structure documented below. @@ -5618,6 +5620,8 @@ type TransferJobTransferSpecArgs struct { GcsDataSink TransferJobTransferSpecGcsDataSinkPtrInput `pulumi:"gcsDataSink"` // A Google Cloud Storage data source. Structure documented below. GcsDataSource TransferJobTransferSpecGcsDataSourcePtrInput `pulumi:"gcsDataSource"` + // An HDFS data source. Structure documented below. + HdfsDataSource TransferJobTransferSpecHdfsDataSourcePtrInput `pulumi:"hdfsDataSource"` // A HTTP URL data source. Structure documented below. HttpDataSource TransferJobTransferSpecHttpDataSourcePtrInput `pulumi:"httpDataSource"` // Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' `lastModificationTime` do not exclude objects in a data sink. Structure documented below. @@ -5733,6 +5737,11 @@ func (o TransferJobTransferSpecOutput) GcsDataSource() TransferJobTransferSpecGc return o.ApplyT(func(v TransferJobTransferSpec) *TransferJobTransferSpecGcsDataSource { return v.GcsDataSource }).(TransferJobTransferSpecGcsDataSourcePtrOutput) } +// An HDFS data source. Structure documented below. +func (o TransferJobTransferSpecOutput) HdfsDataSource() TransferJobTransferSpecHdfsDataSourcePtrOutput { + return o.ApplyT(func(v TransferJobTransferSpec) *TransferJobTransferSpecHdfsDataSource { return v.HdfsDataSource }).(TransferJobTransferSpecHdfsDataSourcePtrOutput) +} + // A HTTP URL data source. Structure documented below. func (o TransferJobTransferSpecOutput) HttpDataSource() TransferJobTransferSpecHttpDataSourcePtrOutput { return o.ApplyT(func(v TransferJobTransferSpec) *TransferJobTransferSpecHttpDataSource { return v.HttpDataSource }).(TransferJobTransferSpecHttpDataSourcePtrOutput) @@ -5832,6 +5841,16 @@ func (o TransferJobTransferSpecPtrOutput) GcsDataSource() TransferJobTransferSpe }).(TransferJobTransferSpecGcsDataSourcePtrOutput) } +// An HDFS data source. Structure documented below. +func (o TransferJobTransferSpecPtrOutput) HdfsDataSource() TransferJobTransferSpecHdfsDataSourcePtrOutput { + return o.ApplyT(func(v *TransferJobTransferSpec) *TransferJobTransferSpecHdfsDataSource { + if v == nil { + return nil + } + return v.HdfsDataSource + }).(TransferJobTransferSpecHdfsDataSourcePtrOutput) +} + // A HTTP URL data source. Structure documented below. func (o TransferJobTransferSpecPtrOutput) HttpDataSource() TransferJobTransferSpecHttpDataSourcePtrOutput { return o.ApplyT(func(v *TransferJobTransferSpec) *TransferJobTransferSpecHttpDataSource { @@ -6926,6 +6945,143 @@ func (o TransferJobTransferSpecGcsDataSourcePtrOutput) Path() pulumi.StringPtrOu }).(pulumi.StringPtrOutput) } +type TransferJobTransferSpecHdfsDataSource struct { + // Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + Path string `pulumi:"path"` +} + +// TransferJobTransferSpecHdfsDataSourceInput is an input type that accepts TransferJobTransferSpecHdfsDataSourceArgs and TransferJobTransferSpecHdfsDataSourceOutput values. +// You can construct a concrete instance of `TransferJobTransferSpecHdfsDataSourceInput` via: +// +// TransferJobTransferSpecHdfsDataSourceArgs{...} +type TransferJobTransferSpecHdfsDataSourceInput interface { + pulumi.Input + + ToTransferJobTransferSpecHdfsDataSourceOutput() TransferJobTransferSpecHdfsDataSourceOutput + ToTransferJobTransferSpecHdfsDataSourceOutputWithContext(context.Context) TransferJobTransferSpecHdfsDataSourceOutput +} + +type TransferJobTransferSpecHdfsDataSourceArgs struct { + // Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + Path pulumi.StringInput `pulumi:"path"` +} + +func (TransferJobTransferSpecHdfsDataSourceArgs) ElementType() reflect.Type { + return reflect.TypeOf((*TransferJobTransferSpecHdfsDataSource)(nil)).Elem() +} + +func (i TransferJobTransferSpecHdfsDataSourceArgs) ToTransferJobTransferSpecHdfsDataSourceOutput() TransferJobTransferSpecHdfsDataSourceOutput { + return i.ToTransferJobTransferSpecHdfsDataSourceOutputWithContext(context.Background()) +} + +func (i TransferJobTransferSpecHdfsDataSourceArgs) ToTransferJobTransferSpecHdfsDataSourceOutputWithContext(ctx context.Context) TransferJobTransferSpecHdfsDataSourceOutput { + return pulumi.ToOutputWithContext(ctx, i).(TransferJobTransferSpecHdfsDataSourceOutput) +} + +func (i TransferJobTransferSpecHdfsDataSourceArgs) ToTransferJobTransferSpecHdfsDataSourcePtrOutput() TransferJobTransferSpecHdfsDataSourcePtrOutput { + return i.ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(context.Background()) +} + +func (i TransferJobTransferSpecHdfsDataSourceArgs) ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(ctx context.Context) TransferJobTransferSpecHdfsDataSourcePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(TransferJobTransferSpecHdfsDataSourceOutput).ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(ctx) +} + +// TransferJobTransferSpecHdfsDataSourcePtrInput is an input type that accepts TransferJobTransferSpecHdfsDataSourceArgs, TransferJobTransferSpecHdfsDataSourcePtr and TransferJobTransferSpecHdfsDataSourcePtrOutput values. +// You can construct a concrete instance of `TransferJobTransferSpecHdfsDataSourcePtrInput` via: +// +// TransferJobTransferSpecHdfsDataSourceArgs{...} +// +// or: +// +// nil +type TransferJobTransferSpecHdfsDataSourcePtrInput interface { + pulumi.Input + + ToTransferJobTransferSpecHdfsDataSourcePtrOutput() TransferJobTransferSpecHdfsDataSourcePtrOutput + ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(context.Context) TransferJobTransferSpecHdfsDataSourcePtrOutput +} + +type transferJobTransferSpecHdfsDataSourcePtrType TransferJobTransferSpecHdfsDataSourceArgs + +func TransferJobTransferSpecHdfsDataSourcePtr(v *TransferJobTransferSpecHdfsDataSourceArgs) TransferJobTransferSpecHdfsDataSourcePtrInput { + return (*transferJobTransferSpecHdfsDataSourcePtrType)(v) +} + +func (*transferJobTransferSpecHdfsDataSourcePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**TransferJobTransferSpecHdfsDataSource)(nil)).Elem() +} + +func (i *transferJobTransferSpecHdfsDataSourcePtrType) ToTransferJobTransferSpecHdfsDataSourcePtrOutput() TransferJobTransferSpecHdfsDataSourcePtrOutput { + return i.ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(context.Background()) +} + +func (i *transferJobTransferSpecHdfsDataSourcePtrType) ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(ctx context.Context) TransferJobTransferSpecHdfsDataSourcePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(TransferJobTransferSpecHdfsDataSourcePtrOutput) +} + +type TransferJobTransferSpecHdfsDataSourceOutput struct{ *pulumi.OutputState } + +func (TransferJobTransferSpecHdfsDataSourceOutput) ElementType() reflect.Type { + return reflect.TypeOf((*TransferJobTransferSpecHdfsDataSource)(nil)).Elem() +} + +func (o TransferJobTransferSpecHdfsDataSourceOutput) ToTransferJobTransferSpecHdfsDataSourceOutput() TransferJobTransferSpecHdfsDataSourceOutput { + return o +} + +func (o TransferJobTransferSpecHdfsDataSourceOutput) ToTransferJobTransferSpecHdfsDataSourceOutputWithContext(ctx context.Context) TransferJobTransferSpecHdfsDataSourceOutput { + return o +} + +func (o TransferJobTransferSpecHdfsDataSourceOutput) ToTransferJobTransferSpecHdfsDataSourcePtrOutput() TransferJobTransferSpecHdfsDataSourcePtrOutput { + return o.ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(context.Background()) +} + +func (o TransferJobTransferSpecHdfsDataSourceOutput) ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(ctx context.Context) TransferJobTransferSpecHdfsDataSourcePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v TransferJobTransferSpecHdfsDataSource) *TransferJobTransferSpecHdfsDataSource { + return &v + }).(TransferJobTransferSpecHdfsDataSourcePtrOutput) +} + +// Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. +func (o TransferJobTransferSpecHdfsDataSourceOutput) Path() pulumi.StringOutput { + return o.ApplyT(func(v TransferJobTransferSpecHdfsDataSource) string { return v.Path }).(pulumi.StringOutput) +} + +type TransferJobTransferSpecHdfsDataSourcePtrOutput struct{ *pulumi.OutputState } + +func (TransferJobTransferSpecHdfsDataSourcePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TransferJobTransferSpecHdfsDataSource)(nil)).Elem() +} + +func (o TransferJobTransferSpecHdfsDataSourcePtrOutput) ToTransferJobTransferSpecHdfsDataSourcePtrOutput() TransferJobTransferSpecHdfsDataSourcePtrOutput { + return o +} + +func (o TransferJobTransferSpecHdfsDataSourcePtrOutput) ToTransferJobTransferSpecHdfsDataSourcePtrOutputWithContext(ctx context.Context) TransferJobTransferSpecHdfsDataSourcePtrOutput { + return o +} + +func (o TransferJobTransferSpecHdfsDataSourcePtrOutput) Elem() TransferJobTransferSpecHdfsDataSourceOutput { + return o.ApplyT(func(v *TransferJobTransferSpecHdfsDataSource) TransferJobTransferSpecHdfsDataSource { + if v != nil { + return *v + } + var ret TransferJobTransferSpecHdfsDataSource + return ret + }).(TransferJobTransferSpecHdfsDataSourceOutput) +} + +// Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. +func (o TransferJobTransferSpecHdfsDataSourcePtrOutput) Path() pulumi.StringPtrOutput { + return o.ApplyT(func(v *TransferJobTransferSpecHdfsDataSource) *string { + if v == nil { + return nil + } + return &v.Path + }).(pulumi.StringPtrOutput) +} + type TransferJobTransferSpecHttpDataSource struct { // The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported. ListUrl string `pulumi:"listUrl"` @@ -7434,8 +7590,6 @@ func (o TransferJobTransferSpecPosixDataSinkPtrOutput) RootDirectory() pulumi.St type TransferJobTransferSpecPosixDataSource struct { // Root directory path to the filesystem. - // - // The `awsS3DataSource` block supports: RootDirectory string `pulumi:"rootDirectory"` } @@ -7452,8 +7606,6 @@ type TransferJobTransferSpecPosixDataSourceInput interface { type TransferJobTransferSpecPosixDataSourceArgs struct { // Root directory path to the filesystem. - // - // The `awsS3DataSource` block supports: RootDirectory pulumi.StringInput `pulumi:"rootDirectory"` } @@ -7535,8 +7687,6 @@ func (o TransferJobTransferSpecPosixDataSourceOutput) ToTransferJobTransferSpecP } // Root directory path to the filesystem. -// -// The `awsS3DataSource` block supports: func (o TransferJobTransferSpecPosixDataSourceOutput) RootDirectory() pulumi.StringOutput { return o.ApplyT(func(v TransferJobTransferSpecPosixDataSource) string { return v.RootDirectory }).(pulumi.StringOutput) } @@ -7566,8 +7716,6 @@ func (o TransferJobTransferSpecPosixDataSourcePtrOutput) Elem() TransferJobTrans } // Root directory path to the filesystem. -// -// The `awsS3DataSource` block supports: func (o TransferJobTransferSpecPosixDataSourcePtrOutput) RootDirectory() pulumi.StringPtrOutput { return o.ApplyT(func(v *TransferJobTransferSpecPosixDataSource) *string { if v == nil { @@ -10029,6 +10177,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecGcsDataSinkPtrInput)(nil)).Elem(), TransferJobTransferSpecGcsDataSinkArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecGcsDataSourceInput)(nil)).Elem(), TransferJobTransferSpecGcsDataSourceArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecGcsDataSourcePtrInput)(nil)).Elem(), TransferJobTransferSpecGcsDataSourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecHdfsDataSourceInput)(nil)).Elem(), TransferJobTransferSpecHdfsDataSourceArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecHdfsDataSourcePtrInput)(nil)).Elem(), TransferJobTransferSpecHdfsDataSourceArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecHttpDataSourceInput)(nil)).Elem(), TransferJobTransferSpecHttpDataSourceArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecHttpDataSourcePtrInput)(nil)).Elem(), TransferJobTransferSpecHttpDataSourceArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*TransferJobTransferSpecObjectConditionsInput)(nil)).Elem(), TransferJobTransferSpecObjectConditionsArgs{}) @@ -10159,6 +10309,8 @@ func init() { pulumi.RegisterOutputType(TransferJobTransferSpecGcsDataSinkPtrOutput{}) pulumi.RegisterOutputType(TransferJobTransferSpecGcsDataSourceOutput{}) pulumi.RegisterOutputType(TransferJobTransferSpecGcsDataSourcePtrOutput{}) + pulumi.RegisterOutputType(TransferJobTransferSpecHdfsDataSourceOutput{}) + pulumi.RegisterOutputType(TransferJobTransferSpecHdfsDataSourcePtrOutput{}) pulumi.RegisterOutputType(TransferJobTransferSpecHttpDataSourceOutput{}) pulumi.RegisterOutputType(TransferJobTransferSpecHttpDataSourcePtrOutput{}) pulumi.RegisterOutputType(TransferJobTransferSpecObjectConditionsOutput{}) diff --git a/sdk/go/gcp/tpu/pulumiTypes.go b/sdk/go/gcp/tpu/pulumiTypes.go index 9346935e6e..07089f39e0 100644 --- a/sdk/go/gcp/tpu/pulumiTypes.go +++ b/sdk/go/gcp/tpu/pulumiTypes.go @@ -873,14 +873,12 @@ type V2VmNetworkConfig struct { // false, the specified subnetwork or network should have Private Google Access enabled. EnableExternalIps *bool `pulumi:"enableExternalIps"` // The name of the network for the TPU node. It must be a preexisting Google Compute Engine - // network. If both network and subnetwork are specified, the given subnetwork must belong - // to the given network. If network is not specified, it will be looked up from the - // subnetwork if one is provided, or otherwise use "default". + // network. If none is provided, "default" will be used. Network *string `pulumi:"network"` + // Specifies networking queue count for TPU VM instance's network interface. + QueueCount *int `pulumi:"queueCount"` // The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - // Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - // must belong to the given network. If subnetwork is not specified, the subnetwork with the - // same name as the network will be used. + // Engine subnetwork. If none is provided, "default" will be used. Subnetwork *string `pulumi:"subnetwork"` } @@ -903,14 +901,12 @@ type V2VmNetworkConfigArgs struct { // false, the specified subnetwork or network should have Private Google Access enabled. EnableExternalIps pulumi.BoolPtrInput `pulumi:"enableExternalIps"` // The name of the network for the TPU node. It must be a preexisting Google Compute Engine - // network. If both network and subnetwork are specified, the given subnetwork must belong - // to the given network. If network is not specified, it will be looked up from the - // subnetwork if one is provided, or otherwise use "default". + // network. If none is provided, "default" will be used. Network pulumi.StringPtrInput `pulumi:"network"` + // Specifies networking queue count for TPU VM instance's network interface. + QueueCount pulumi.IntPtrInput `pulumi:"queueCount"` // The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - // Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - // must belong to the given network. If subnetwork is not specified, the subnetwork with the - // same name as the network will be used. + // Engine subnetwork. If none is provided, "default" will be used. Subnetwork pulumi.StringPtrInput `pulumi:"subnetwork"` } @@ -967,6 +963,31 @@ func (i *v2vmNetworkConfigPtrType) ToV2VmNetworkConfigPtrOutputWithContext(ctx c return pulumi.ToOutputWithContext(ctx, i).(V2VmNetworkConfigPtrOutput) } +// V2VmNetworkConfigArrayInput is an input type that accepts V2VmNetworkConfigArray and V2VmNetworkConfigArrayOutput values. +// You can construct a concrete instance of `V2VmNetworkConfigArrayInput` via: +// +// V2VmNetworkConfigArray{ V2VmNetworkConfigArgs{...} } +type V2VmNetworkConfigArrayInput interface { + pulumi.Input + + ToV2VmNetworkConfigArrayOutput() V2VmNetworkConfigArrayOutput + ToV2VmNetworkConfigArrayOutputWithContext(context.Context) V2VmNetworkConfigArrayOutput +} + +type V2VmNetworkConfigArray []V2VmNetworkConfigInput + +func (V2VmNetworkConfigArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]V2VmNetworkConfig)(nil)).Elem() +} + +func (i V2VmNetworkConfigArray) ToV2VmNetworkConfigArrayOutput() V2VmNetworkConfigArrayOutput { + return i.ToV2VmNetworkConfigArrayOutputWithContext(context.Background()) +} + +func (i V2VmNetworkConfigArray) ToV2VmNetworkConfigArrayOutputWithContext(ctx context.Context) V2VmNetworkConfigArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(V2VmNetworkConfigArrayOutput) +} + type V2VmNetworkConfigOutput struct{ *pulumi.OutputState } func (V2VmNetworkConfigOutput) ElementType() reflect.Type { @@ -1004,17 +1025,18 @@ func (o V2VmNetworkConfigOutput) EnableExternalIps() pulumi.BoolPtrOutput { } // The name of the network for the TPU node. It must be a preexisting Google Compute Engine -// network. If both network and subnetwork are specified, the given subnetwork must belong -// to the given network. If network is not specified, it will be looked up from the -// subnetwork if one is provided, or otherwise use "default". +// network. If none is provided, "default" will be used. func (o V2VmNetworkConfigOutput) Network() pulumi.StringPtrOutput { return o.ApplyT(func(v V2VmNetworkConfig) *string { return v.Network }).(pulumi.StringPtrOutput) } +// Specifies networking queue count for TPU VM instance's network interface. +func (o V2VmNetworkConfigOutput) QueueCount() pulumi.IntPtrOutput { + return o.ApplyT(func(v V2VmNetworkConfig) *int { return v.QueueCount }).(pulumi.IntPtrOutput) +} + // The name of the subnetwork for the TPU node. It must be a preexisting Google Compute -// Engine subnetwork. If both network and subnetwork are specified, the given subnetwork -// must belong to the given network. If subnetwork is not specified, the subnetwork with the -// same name as the network will be used. +// Engine subnetwork. If none is provided, "default" will be used. func (o V2VmNetworkConfigOutput) Subnetwork() pulumi.StringPtrOutput { return o.ApplyT(func(v V2VmNetworkConfig) *string { return v.Subnetwork }).(pulumi.StringPtrOutput) } @@ -1066,9 +1088,7 @@ func (o V2VmNetworkConfigPtrOutput) EnableExternalIps() pulumi.BoolPtrOutput { } // The name of the network for the TPU node. It must be a preexisting Google Compute Engine -// network. If both network and subnetwork are specified, the given subnetwork must belong -// to the given network. If network is not specified, it will be looked up from the -// subnetwork if one is provided, or otherwise use "default". +// network. If none is provided, "default" will be used. func (o V2VmNetworkConfigPtrOutput) Network() pulumi.StringPtrOutput { return o.ApplyT(func(v *V2VmNetworkConfig) *string { if v == nil { @@ -1078,10 +1098,18 @@ func (o V2VmNetworkConfigPtrOutput) Network() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } +// Specifies networking queue count for TPU VM instance's network interface. +func (o V2VmNetworkConfigPtrOutput) QueueCount() pulumi.IntPtrOutput { + return o.ApplyT(func(v *V2VmNetworkConfig) *int { + if v == nil { + return nil + } + return v.QueueCount + }).(pulumi.IntPtrOutput) +} + // The name of the subnetwork for the TPU node. It must be a preexisting Google Compute -// Engine subnetwork. If both network and subnetwork are specified, the given subnetwork -// must belong to the given network. If subnetwork is not specified, the subnetwork with the -// same name as the network will be used. +// Engine subnetwork. If none is provided, "default" will be used. func (o V2VmNetworkConfigPtrOutput) Subnetwork() pulumi.StringPtrOutput { return o.ApplyT(func(v *V2VmNetworkConfig) *string { if v == nil { @@ -1091,6 +1119,26 @@ func (o V2VmNetworkConfigPtrOutput) Subnetwork() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } +type V2VmNetworkConfigArrayOutput struct{ *pulumi.OutputState } + +func (V2VmNetworkConfigArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]V2VmNetworkConfig)(nil)).Elem() +} + +func (o V2VmNetworkConfigArrayOutput) ToV2VmNetworkConfigArrayOutput() V2VmNetworkConfigArrayOutput { + return o +} + +func (o V2VmNetworkConfigArrayOutput) ToV2VmNetworkConfigArrayOutputWithContext(ctx context.Context) V2VmNetworkConfigArrayOutput { + return o +} + +func (o V2VmNetworkConfigArrayOutput) Index(i pulumi.IntInput) V2VmNetworkConfigOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) V2VmNetworkConfig { + return vs[0].([]V2VmNetworkConfig)[vs[1].(int)] + }).(V2VmNetworkConfigOutput) +} + type V2VmNetworkEndpoint struct { // (Output) // The access config for the TPU worker. @@ -1923,6 +1971,7 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*V2VmDataDiskArrayInput)(nil)).Elem(), V2VmDataDiskArray{}) pulumi.RegisterInputType(reflect.TypeOf((*V2VmNetworkConfigInput)(nil)).Elem(), V2VmNetworkConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*V2VmNetworkConfigPtrInput)(nil)).Elem(), V2VmNetworkConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*V2VmNetworkConfigArrayInput)(nil)).Elem(), V2VmNetworkConfigArray{}) pulumi.RegisterInputType(reflect.TypeOf((*V2VmNetworkEndpointInput)(nil)).Elem(), V2VmNetworkEndpointArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*V2VmNetworkEndpointArrayInput)(nil)).Elem(), V2VmNetworkEndpointArray{}) pulumi.RegisterInputType(reflect.TypeOf((*V2VmNetworkEndpointAccessConfigInput)(nil)).Elem(), V2VmNetworkEndpointAccessConfigArgs{}) @@ -1950,6 +1999,7 @@ func init() { pulumi.RegisterOutputType(V2VmDataDiskArrayOutput{}) pulumi.RegisterOutputType(V2VmNetworkConfigOutput{}) pulumi.RegisterOutputType(V2VmNetworkConfigPtrOutput{}) + pulumi.RegisterOutputType(V2VmNetworkConfigArrayOutput{}) pulumi.RegisterOutputType(V2VmNetworkEndpointOutput{}) pulumi.RegisterOutputType(V2VmNetworkEndpointArrayOutput{}) pulumi.RegisterOutputType(V2VmNetworkEndpointAccessConfigOutput{}) diff --git a/sdk/go/gcp/tpu/v2vm.go b/sdk/go/gcp/tpu/v2vm.go index 48ea2a9b68..6a5ce705da 100644 --- a/sdk/go/gcp/tpu/v2vm.go +++ b/sdk/go/gcp/tpu/v2vm.go @@ -127,6 +127,7 @@ import ( // EnableExternalIps: pulumi.Bool(true), // Network: network.ID(), // Subnetwork: subnet.ID(), +// QueueCount: pulumi.Int(32), // }, // SchedulingConfig: &tpu.V2VmSchedulingConfigArgs{ // Preemptible: pulumi.Bool(true), @@ -239,6 +240,10 @@ type V2Vm struct { // Network configurations for the TPU node. // Structure is documented below. NetworkConfig V2VmNetworkConfigOutput `pulumi:"networkConfig"` + // Repeated network configurations for the TPU node. This field is used to specify multiple + // network configs for the TPU node. + // Structure is documented below. + NetworkConfigs V2VmNetworkConfigArrayOutput `pulumi:"networkConfigs"` // The network endpoints where TPU workers can be accessed and sent work. It is recommended that // runtime clients of the node reach out to the 0th entry in this map first. // Structure is documented below. @@ -354,6 +359,10 @@ type v2vmState struct { // Network configurations for the TPU node. // Structure is documented below. NetworkConfig *V2VmNetworkConfig `pulumi:"networkConfig"` + // Repeated network configurations for the TPU node. This field is used to specify multiple + // network configs for the TPU node. + // Structure is documented below. + NetworkConfigs []V2VmNetworkConfig `pulumi:"networkConfigs"` // The network endpoints where TPU workers can be accessed and sent work. It is recommended that // runtime clients of the node reach out to the 0th entry in this map first. // Structure is documented below. @@ -432,6 +441,10 @@ type V2VmState struct { // Network configurations for the TPU node. // Structure is documented below. NetworkConfig V2VmNetworkConfigPtrInput + // Repeated network configurations for the TPU node. This field is used to specify multiple + // network configs for the TPU node. + // Structure is documented below. + NetworkConfigs V2VmNetworkConfigArrayInput // The network endpoints where TPU workers can be accessed and sent work. It is recommended that // runtime clients of the node reach out to the 0th entry in this map first. // Structure is documented below. @@ -504,6 +517,10 @@ type v2vmArgs struct { // Network configurations for the TPU node. // Structure is documented below. NetworkConfig *V2VmNetworkConfig `pulumi:"networkConfig"` + // Repeated network configurations for the TPU node. This field is used to specify multiple + // network configs for the TPU node. + // Structure is documented below. + NetworkConfigs []V2VmNetworkConfig `pulumi:"networkConfigs"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -559,6 +576,10 @@ type V2VmArgs struct { // Network configurations for the TPU node. // Structure is documented below. NetworkConfig V2VmNetworkConfigPtrInput + // Repeated network configurations for the TPU node. This field is used to specify multiple + // network configs for the TPU node. + // Structure is documented below. + NetworkConfigs V2VmNetworkConfigArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -751,6 +772,13 @@ func (o V2VmOutput) NetworkConfig() V2VmNetworkConfigOutput { return o.ApplyT(func(v *V2Vm) V2VmNetworkConfigOutput { return v.NetworkConfig }).(V2VmNetworkConfigOutput) } +// Repeated network configurations for the TPU node. This field is used to specify multiple +// network configs for the TPU node. +// Structure is documented below. +func (o V2VmOutput) NetworkConfigs() V2VmNetworkConfigArrayOutput { + return o.ApplyT(func(v *V2Vm) V2VmNetworkConfigArrayOutput { return v.NetworkConfigs }).(V2VmNetworkConfigArrayOutput) +} + // The network endpoints where TPU workers can be accessed and sent work. It is recommended that // runtime clients of the node reach out to the 0th entry in this map first. // Structure is documented below. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeter.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeter.java index d4dc238289..09d65da087 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeter.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/ServicePerimeter.java @@ -356,24 +356,6 @@ public Output createTime() { public Output> description() { return Codegen.optional(this.description); } - /** - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - @Export(name="etag", refs={String.class}, tree="[0]") - private Output etag; - - /** - * @return An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - public Output etag() { - return this.etag; - } /** * Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterState.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterState.java index 1fdc1a0ef6..a27b16c314 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimeterState.java @@ -50,25 +50,6 @@ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - @Import(name="etag") - private @Nullable Output etag; - - /** - * @return An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - public Optional> etag() { - return Optional.ofNullable(this.etag); - } - /** * Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. @@ -264,7 +245,6 @@ private ServicePerimeterState() {} private ServicePerimeterState(ServicePerimeterState $) { this.createTime = $.createTime; this.description = $.description; - this.etag = $.etag; this.name = $.name; this.parent = $.parent; this.perimeterType = $.perimeterType; @@ -337,31 +317,6 @@ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param etag An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - * @return builder - * - */ - public Builder etag(@Nullable Output etag) { - $.etag = etag; - return this; - } - - /** - * @param etag An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - * @return builder - * - */ - public Builder etag(String etag) { - return etag(Output.of(etag)); - } - /** * @param name Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimetersServicePerimeterArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimetersServicePerimeterArgs.java index 2b8070a22a..d2a8e06e13 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimetersServicePerimeterArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/ServicePerimetersServicePerimeterArgs.java @@ -53,27 +53,6 @@ public Optional> description() { return Optional.ofNullable(this.description); } - /** - * (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - @Import(name="etag") - private @Nullable Output etag; - - /** - * @return (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - public Optional> etag() { - return Optional.ofNullable(this.etag); - } - /** * Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. @@ -250,7 +229,6 @@ private ServicePerimetersServicePerimeterArgs() {} private ServicePerimetersServicePerimeterArgs(ServicePerimetersServicePerimeterArgs $) { this.createTime = $.createTime; this.description = $.description; - this.etag = $.etag; this.name = $.name; this.perimeterType = $.perimeterType; this.spec = $.spec; @@ -324,33 +302,6 @@ public Builder description(String description) { return description(Output.of(description)); } - /** - * @param etag (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - * @return builder - * - */ - public Builder etag(@Nullable Output etag) { - $.etag = etag; - return this; - } - - /** - * @param etag (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - * @return builder - * - */ - public Builder etag(String etag) { - return etag(Output.of(etag)); - } - /** * @param name Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimetersServicePerimeter.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimetersServicePerimeter.java index 2b7807912b..7e17e6e3d6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimetersServicePerimeter.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/outputs/ServicePerimetersServicePerimeter.java @@ -27,14 +27,6 @@ public final class ServicePerimetersServicePerimeter { * */ private @Nullable String description; - /** - * @return (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - private @Nullable String etag; /** * @return Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. @@ -121,16 +113,6 @@ public Optional createTime() { public Optional description() { return Optional.ofNullable(this.description); } - /** - * @return (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - * - */ - public Optional etag() { - return Optional.ofNullable(this.etag); - } /** * @return Resource name for the ServicePerimeter. The short_name component must * begin with a letter and only include alphanumeric and '_'. @@ -225,7 +207,6 @@ public static Builder builder(ServicePerimetersServicePerimeter defaults) { public static final class Builder { private @Nullable String createTime; private @Nullable String description; - private @Nullable String etag; private String name; private @Nullable String perimeterType; private @Nullable ServicePerimetersServicePerimeterSpec spec; @@ -238,7 +219,6 @@ public Builder(ServicePerimetersServicePerimeter defaults) { Objects.requireNonNull(defaults); this.createTime = defaults.createTime; this.description = defaults.description; - this.etag = defaults.etag; this.name = defaults.name; this.perimeterType = defaults.perimeterType; this.spec = defaults.spec; @@ -261,12 +241,6 @@ public Builder description(@Nullable String description) { return this; } @CustomType.Setter - public Builder etag(@Nullable String etag) { - - this.etag = etag; - return this; - } - @CustomType.Setter public Builder name(String name) { if (name == null) { throw new MissingRequiredPropertyException("ServicePerimetersServicePerimeter", "name"); @@ -316,7 +290,6 @@ public ServicePerimetersServicePerimeter build() { final var _resultValue = new ServicePerimetersServicePerimeter(); _resultValue.createTime = createTime; _resultValue.description = description; - _resultValue.etag = etag; _resultValue.name = name; _resultValue.perimeterType = perimeterType; _resultValue.spec = spec; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/Repository.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/Repository.java index 4ce19ad611..0a810693c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/Repository.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/Repository.java @@ -70,6 +70,43 @@ * } * * <!--End PulumiCodeChooser --> + * ### Artifact Registry Repository Multi Region + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.artifactregistry.Repository;
+ * import com.pulumi.gcp.artifactregistry.RepositoryArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var my_repo = new Repository("my-repo", RepositoryArgs.builder()
+ *             .repositoryId("my-repository")
+ *             .description("example docker repository")
+ *             .location("us")
+ *             .format("DOCKER")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> * ### Artifact Registry Repository Docker * * <!--Start PulumiCodeChooser --> @@ -1094,8 +1131,6 @@ * * * `{{location}}/{{repository_id}}` * - * * `{{repository_id}}` - * * When using the `pulumi import` command, Repository can be imported using one of the formats above. For example: * * ```sh @@ -1110,10 +1145,6 @@ * $ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}} * ``` * - * ```sh - * $ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}} - * ``` - * */ @ResourceType(type="gcp:artifactregistry/repository:Repository") public class Repository extends com.pulumi.resources.CustomResource { @@ -1219,8 +1250,6 @@ public Output> effectiveLabels() { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * */ @Export(name="format", refs={String.class}, tree="[0]") private Output format; @@ -1231,8 +1260,6 @@ public Output> effectiveLabels() { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * */ public Output format() { return this.format; @@ -1286,14 +1313,24 @@ public Output>> labels() { return Codegen.optional(this.labels); } /** - * The name of the location this repository is located in. + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * */ @Export(name="location", refs={String.class}, tree="[0]") private Output location; /** - * @return The name of the location this repository is located in. + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * */ public Output location() { @@ -1405,6 +1442,8 @@ public Output> remoteRepositoryConfig * The last part of the repository name, for example: * "repo1" * + * *** + * */ @Export(name="repositoryId", refs={String.class}, tree="[0]") private Output repositoryId; @@ -1413,6 +1452,8 @@ public Output> remoteRepositoryConfig * @return The last part of the repository name, for example: * "repo1" * + * *** + * */ public Output repositoryId() { return this.repositoryId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryArgs.java index 28614899e1..1ae874f13c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryArgs.java @@ -102,8 +102,6 @@ public Optional> dockerConfig() { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * */ @Import(name="format", required=true) private Output format; @@ -114,8 +112,6 @@ public Optional> dockerConfig() { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * */ public Output format() { return this.format; @@ -172,14 +168,24 @@ public Optional>> labels() { } /** - * The name of the location this repository is located in. + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * */ @Import(name="location") private @Nullable Output location; /** - * @return The name of the location this repository is located in. + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * */ public Optional> location() { @@ -264,6 +270,8 @@ public Optional> remoteRepositoryCo * The last part of the repository name, for example: * "repo1" * + * *** + * */ @Import(name="repositoryId", required=true) private Output repositoryId; @@ -272,6 +280,8 @@ public Optional> remoteRepositoryCo * @return The last part of the repository name, for example: * "repo1" * + * *** + * */ public Output repositoryId() { return this.repositoryId; @@ -447,8 +457,6 @@ public Builder dockerConfig(RepositoryDockerConfigArgs dockerConfig) { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * * @return builder * */ @@ -463,8 +471,6 @@ public Builder format(Output format) { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * * @return builder * */ @@ -535,7 +541,12 @@ public Builder labels(Map labels) { } /** - * @param location The name of the location this repository is located in. + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * * @return builder * @@ -546,7 +557,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * * @return builder * @@ -657,6 +673,8 @@ public Builder remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs remot * @param repositoryId The last part of the repository name, for example: * "repo1" * + * *** + * * @return builder * */ @@ -669,6 +687,8 @@ public Builder repositoryId(Output repositoryId) { * @param repositoryId The last part of the repository name, for example: * "repo1" * + * *** + * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java index 61c2a78309..cce6bfd040 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java @@ -362,8 +362,12 @@ public Output etag() { return this.etag; } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -372,8 +376,12 @@ public Output etag() { private Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java index a5c4265640..5527fecfeb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java @@ -26,8 +26,12 @@ public Optional> condition() { } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -36,8 +40,12 @@ public Optional> condition() { private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -171,8 +179,12 @@ public Builder condition(RepositoryIamBindingConditionArgs condition) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -185,8 +197,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java index 43dd79d509..d6cfaf61de 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java @@ -361,8 +361,12 @@ public Output etag() { return this.etag; } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -371,8 +375,12 @@ public Output etag() { private Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java index 7d5bb366ba..0149cdba31 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java @@ -25,8 +25,12 @@ public Optional> condition() { } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -35,8 +39,12 @@ public Optional> condition() { private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -170,8 +178,12 @@ public Builder condition(RepositoryIamMemberConditionArgs condition) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -184,8 +196,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java index 4f2de908de..5d8fbb6ba9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java @@ -353,8 +353,12 @@ public Output etag() { return this.etag; } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -363,8 +367,12 @@ public Output etag() { private Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java index 609aa7ec9c..65d4e96445 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java @@ -17,8 +17,12 @@ public final class RepositoryIamPolicyArgs extends com.pulumi.resources.Resource public static final RepositoryIamPolicyArgs Empty = new RepositoryIamPolicyArgs(); /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -27,8 +31,12 @@ public final class RepositoryIamPolicyArgs extends com.pulumi.resources.Resource private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -114,8 +122,12 @@ public Builder(RepositoryIamPolicyArgs defaults) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -128,8 +140,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyArgs.java index d30eabd639..788e6d5ddd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyArgs.java @@ -17,8 +17,12 @@ public final class GetRepositoryIamPolicyArgs extends com.pulumi.resources.Invok public static final GetRepositoryIamPolicyArgs Empty = new GetRepositoryIamPolicyArgs(); /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -27,8 +31,12 @@ public final class GetRepositoryIamPolicyArgs extends com.pulumi.resources.Invok private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -96,8 +104,12 @@ public Builder(GetRepositoryIamPolicyArgs defaults) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -110,8 +122,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyPlainArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyPlainArgs.java index 2cccd940ba..2d08807164 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyPlainArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/GetRepositoryIamPolicyPlainArgs.java @@ -16,8 +16,12 @@ public final class GetRepositoryIamPolicyPlainArgs extends com.pulumi.resources. public static final GetRepositoryIamPolicyPlainArgs Empty = new GetRepositoryIamPolicyPlainArgs(); /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -26,8 +30,12 @@ public final class GetRepositoryIamPolicyPlainArgs extends com.pulumi.resources. private @Nullable String location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -95,8 +103,12 @@ public Builder(GetRepositoryIamPolicyPlainArgs defaults) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java index 9af7b17cd8..284618d6c7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java @@ -40,8 +40,12 @@ public Optional> etag() { } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -50,8 +54,12 @@ public Optional> etag() { private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -207,8 +215,12 @@ public Builder etag(String etag) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -221,8 +233,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java index d9dbfca662..905d9377d6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java @@ -39,8 +39,12 @@ public Optional> etag() { } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -49,8 +53,12 @@ public Optional> etag() { private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -206,8 +214,12 @@ public Builder etag(String etag) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -220,8 +232,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java index a0f3460bdc..cdf16102f2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java @@ -31,8 +31,12 @@ public Optional> etag() { } /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -41,8 +45,12 @@ public Optional> etag() { private @Nullable Output location; /** - * @return The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -150,8 +158,12 @@ public Builder etag(String etag) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * @@ -164,8 +176,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryState.java index 0356f1c992..950a7be456 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryState.java @@ -131,8 +131,6 @@ public Optional>> effectiveLabels() { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * */ @Import(name="format") private @Nullable Output format; @@ -143,8 +141,6 @@ public Optional>> effectiveLabels() { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * */ public Optional> format() { return Optional.ofNullable(this.format); @@ -201,14 +197,24 @@ public Optional>> labels() { } /** - * The name of the location this repository is located in. + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * */ @Import(name="location") private @Nullable Output location; /** - * @return The name of the location this repository is located in. + * @return The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * */ public Optional> location() { @@ -327,6 +333,8 @@ public Optional> remoteRepositoryCo * The last part of the repository name, for example: * "repo1" * + * *** + * */ @Import(name="repositoryId") private @Nullable Output repositoryId; @@ -335,6 +343,8 @@ public Optional> remoteRepositoryCo * @return The last part of the repository name, for example: * "repo1" * + * *** + * */ public Optional> repositoryId() { return Optional.ofNullable(this.repositoryId); @@ -572,8 +582,6 @@ public Builder effectiveLabels(Map effectiveLabels) { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * * @return builder * */ @@ -588,8 +596,6 @@ public Builder format(@Nullable Output format) { * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). * - * *** - * * @return builder * */ @@ -660,7 +666,12 @@ public Builder labels(Map labels) { } /** - * @param location The name of the location this repository is located in. + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * * @return builder * @@ -671,7 +682,12 @@ public Builder location(@Nullable Output location) { } /** - * @param location The name of the location this repository is located in. + * @param location The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. * * @return builder * @@ -828,6 +844,8 @@ public Builder remoteRepositoryConfig(RepositoryRemoteRepositoryConfigArgs remot * @param repositoryId The last part of the repository name, for example: * "repo1" * + * *** + * * @return builder * */ @@ -840,6 +858,8 @@ public Builder repositoryId(@Nullable Output repositoryId) { * @param repositoryId The last part of the repository name, for example: * "repo1" * + * *** + * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRule.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRule.java index 7d3b029767..f39a8c6b73 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRule.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRule.java @@ -329,6 +329,7 @@ * .target(defaultTargetHttpProxy.id()) * .portRange("80") * .loadBalancingScheme("EXTERNAL_MANAGED") + * .networkTier("PREMIUM") * .build()); * * } @@ -1036,6 +1037,38 @@ public Output name() { public Output network() { return this.network; } + /** + * This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + */ + @Export(name="networkTier", refs={String.class}, tree="[0]") + private Output networkTier; + + /** + * @return This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + */ + public Output networkTier() { + return this.networkTier; + } /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRuleArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRuleArgs.java index 19fc64ded2..6037d822e1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRuleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/GlobalForwardingRuleArgs.java @@ -327,6 +327,39 @@ public Optional> network() { return Optional.ofNullable(this.network); } + /** + * This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + */ + @Import(name="networkTier") + private @Nullable Output networkTier; + + /** + * @return This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + */ + public Optional> networkTier() { + return Optional.ofNullable(this.networkTier); + } + /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. * @@ -515,6 +548,7 @@ private GlobalForwardingRuleArgs(GlobalForwardingRuleArgs $) { this.metadataFilters = $.metadataFilters; this.name = $.name; this.network = $.network; + this.networkTier = $.networkTier; this.noAutomateDnsZone = $.noAutomateDnsZone; this.portRange = $.portRange; this.project = $.project; @@ -932,6 +966,45 @@ public Builder network(String network) { return network(Output.of(network)); } + /** + * @param networkTier This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + * @return builder + * + */ + public Builder networkTier(@Nullable Output networkTier) { + $.networkTier = networkTier; + return this; + } + + /** + * @param networkTier This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + * @return builder + * + */ + public Builder networkTier(String networkTier) { + return networkTier(Output.of(networkTier)); + } + /** * @param noAutomateDnsZone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTier.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTier.java index 8d65dfa272..1fe875cb46 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTier.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTier.java @@ -137,7 +137,7 @@ public class ProjectCloudArmorTier extends com.pulumi.resources.CustomResource { /** * Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -147,7 +147,7 @@ public class ProjectCloudArmorTier extends com.pulumi.resources.CustomResource { /** * @return Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTierArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTierArgs.java index cc20c51472..9f6c488780 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTierArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ProjectCloudArmorTierArgs.java @@ -18,7 +18,7 @@ public final class ProjectCloudArmorTierArgs extends com.pulumi.resources.Resour /** * Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -28,7 +28,7 @@ public final class ProjectCloudArmorTierArgs extends com.pulumi.resources.Resour /** * @return Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -81,7 +81,7 @@ public Builder(ProjectCloudArmorTierArgs defaults) { /** * @param cloudArmorTier Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -95,7 +95,7 @@ public Builder cloudArmorTier(Output cloudArmorTier) { /** * @param cloudArmorTier Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/GlobalForwardingRuleState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/GlobalForwardingRuleState.java index e22e8a654d..ceff805889 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/GlobalForwardingRuleState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/GlobalForwardingRuleState.java @@ -389,6 +389,39 @@ public Optional> network() { return Optional.ofNullable(this.network); } + /** + * This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + */ + @Import(name="networkTier") + private @Nullable Output networkTier; + + /** + * @return This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + */ + public Optional> networkTier() { + return Optional.ofNullable(this.networkTier); + } + /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. * @@ -643,6 +676,7 @@ private GlobalForwardingRuleState(GlobalForwardingRuleState $) { this.metadataFilters = $.metadataFilters; this.name = $.name; this.network = $.network; + this.networkTier = $.networkTier; this.noAutomateDnsZone = $.noAutomateDnsZone; this.portRange = $.portRange; this.project = $.project; @@ -1150,6 +1184,45 @@ public Builder network(String network) { return network(Output.of(network)); } + /** + * @param networkTier This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + * @return builder + * + */ + public Builder networkTier(@Nullable Output networkTier) { + $.networkTier = networkTier; + return this; + } + + /** + * @param networkTier This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + * + * @return builder + * + */ + public Builder networkTier(String networkTier) { + return networkTier(Output.of(networkTier)); + } + /** * @param noAutomateDnsZone This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ProjectCloudArmorTierState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ProjectCloudArmorTierState.java index 5e33e17e3f..78c26b06bc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ProjectCloudArmorTierState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ProjectCloudArmorTierState.java @@ -17,7 +17,7 @@ public final class ProjectCloudArmorTierState extends com.pulumi.resources.Resou /** * Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -27,7 +27,7 @@ public final class ProjectCloudArmorTierState extends com.pulumi.resources.Resou /** * @return Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -80,7 +80,7 @@ public Builder(ProjectCloudArmorTierState defaults) { /** * @param cloudArmorTier Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * @@ -94,7 +94,7 @@ public Builder cloudArmorTier(@Nullable Output cloudArmorTier) { /** * @param cloudArmorTier Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * *** * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/outputs/GetGlobalForwardingRuleResult.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/outputs/GetGlobalForwardingRuleResult.java index 1db2f678c8..833a3123d8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/outputs/GetGlobalForwardingRuleResult.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/outputs/GetGlobalForwardingRuleResult.java @@ -37,6 +37,7 @@ public final class GetGlobalForwardingRuleResult { private List metadataFilters; private String name; private String network; + private String networkTier; private Boolean noAutomateDnsZone; private String portRange; private @Nullable String project; @@ -99,6 +100,9 @@ public String name() { public String network() { return this.network; } + public String networkTier() { + return this.networkTier; + } public Boolean noAutomateDnsZone() { return this.noAutomateDnsZone; } @@ -157,6 +161,7 @@ public static final class Builder { private List metadataFilters; private String name; private String network; + private String networkTier; private Boolean noAutomateDnsZone; private String portRange; private @Nullable String project; @@ -186,6 +191,7 @@ public Builder(GetGlobalForwardingRuleResult defaults) { this.metadataFilters = defaults.metadataFilters; this.name = defaults.name; this.network = defaults.network; + this.networkTier = defaults.networkTier; this.noAutomateDnsZone = defaults.noAutomateDnsZone; this.portRange = defaults.portRange; this.project = defaults.project; @@ -323,6 +329,14 @@ public Builder network(String network) { return this; } @CustomType.Setter + public Builder networkTier(String networkTier) { + if (networkTier == null) { + throw new MissingRequiredPropertyException("GetGlobalForwardingRuleResult", "networkTier"); + } + this.networkTier = networkTier; + return this; + } + @CustomType.Setter public Builder noAutomateDnsZone(Boolean noAutomateDnsZone) { if (noAutomateDnsZone == null) { throw new MissingRequiredPropertyException("GetGlobalForwardingRuleResult", "noAutomateDnsZone"); @@ -431,6 +445,7 @@ public GetGlobalForwardingRuleResult build() { _resultValue.metadataFilters = metadataFilters; _resultValue.name = name; _resultValue.network = network; + _resultValue.networkTier = networkTier; _resultValue.noAutomateDnsZone = noAutomateDnsZone; _resultValue.portRange = portRange; _resultValue.project = project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/DatabaseInstance.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/DatabaseInstance.java index 8b9299ccf5..f3803ae939 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/firebase/DatabaseInstance.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/DatabaseInstance.java @@ -103,10 +103,12 @@ * import com.pulumi.core.Output; * import com.pulumi.gcp.organizations.Project; * import com.pulumi.gcp.organizations.ProjectArgs; - * import com.pulumi.gcp.firebase.Project; - * import com.pulumi.gcp.firebase.ProjectArgs; * import com.pulumi.gcp.projects.Service; * import com.pulumi.gcp.projects.ServiceArgs; + * import com.pulumi.gcp.firebase.Project; + * import com.pulumi.gcp.firebase.ProjectArgs; + * import com.pulumi.time.sleep; + * import com.pulumi.time.SleepArgs; * import com.pulumi.gcp.firebase.DatabaseInstance; * import com.pulumi.gcp.firebase.DatabaseInstanceArgs; * import com.pulumi.resources.CustomResourceOptions; @@ -131,22 +133,37 @@ * .labels(Map.of("firebase", "enabled")) * .build()); * - * var defaultProject = new Project("defaultProject", ProjectArgs.builder() + * var firebase = new Service("firebase", ServiceArgs.builder() * .project(default_.projectId()) + * .service("firebase.googleapis.com") + * .disableOnDestroy(false) * .build()); * + * var defaultProject = new Project("defaultProject", ProjectArgs.builder() + * .project(default_.projectId()) + * .build(), CustomResourceOptions.builder() + * .dependsOn(firebase) + * .build()); + * * var firebaseDatabase = new Service("firebaseDatabase", ServiceArgs.builder() * .project(defaultProject.project()) * .service("firebasedatabase.googleapis.com") + * .disableOnDestroy(false) * .build()); * + * var wait60Seconds = new Sleep("wait60Seconds", SleepArgs.builder() + * .createDuration("60s") + * .build(), CustomResourceOptions.builder() + * .dependsOn(firebaseDatabase) + * .build()); + * * var defaultDatabaseInstance = new DatabaseInstance("defaultDatabaseInstance", DatabaseInstanceArgs.builder() * .project(defaultProject.project()) * .region("us-central1") * .instanceId("rtdb-project-default-rtdb") * .type("DEFAULT_DATABASE") * .build(), CustomResourceOptions.builder() - * .dependsOn(firebaseDatabase) + * .dependsOn(wait60Seconds) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/HostingVersion.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/HostingVersion.java index ebeb023f62..ceb6823a88 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/firebase/HostingVersion.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/HostingVersion.java @@ -75,6 +75,118 @@ * } * * <!--End PulumiCodeChooser --> + * ### Firebasehosting Version Headers + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.firebase.HostingSite;
+ * import com.pulumi.gcp.firebase.HostingSiteArgs;
+ * import com.pulumi.gcp.firebase.HostingVersion;
+ * import com.pulumi.gcp.firebase.HostingVersionArgs;
+ * import com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;
+ * import com.pulumi.gcp.firebase.HostingRelease;
+ * import com.pulumi.gcp.firebase.HostingReleaseArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var default_ = new HostingSite("default", HostingSiteArgs.builder()
+ *             .project("my-project-name")
+ *             .siteId("site-id")
+ *             .build());
+ * 
+ *         var defaultHostingVersion = new HostingVersion("defaultHostingVersion", HostingVersionArgs.builder()
+ *             .siteId(default_.siteId())
+ *             .config(HostingVersionConfigArgs.builder()
+ *                 .headers(HostingVersionConfigHeaderArgs.builder()
+ *                     .glob("/headers/**")
+ *                     .headers(Map.of("my-header", "my-value"))
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var defaultHostingRelease = new HostingRelease("defaultHostingRelease", HostingReleaseArgs.builder()
+ *             .siteId(default_.siteId())
+ *             .versionName(defaultHostingVersion.name())
+ *             .message("With custom headers")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * ### Firebasehosting Version Headers Regex + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.firebase.HostingSite;
+ * import com.pulumi.gcp.firebase.HostingSiteArgs;
+ * import com.pulumi.gcp.firebase.HostingVersion;
+ * import com.pulumi.gcp.firebase.HostingVersionArgs;
+ * import com.pulumi.gcp.firebase.inputs.HostingVersionConfigArgs;
+ * import com.pulumi.gcp.firebase.HostingRelease;
+ * import com.pulumi.gcp.firebase.HostingReleaseArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var default_ = new HostingSite("default", HostingSiteArgs.builder()
+ *             .project("my-project-name")
+ *             .siteId("site-id")
+ *             .build());
+ * 
+ *         var defaultHostingVersion = new HostingVersion("defaultHostingVersion", HostingVersionArgs.builder()
+ *             .siteId(default_.siteId())
+ *             .config(HostingVersionConfigArgs.builder()
+ *                 .headers(HostingVersionConfigHeaderArgs.builder()
+ *                     .regex("^~/headers$")
+ *                     .headers(Map.of("my-header", "my-value"))
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *         var defaultHostingRelease = new HostingRelease("defaultHostingRelease", HostingReleaseArgs.builder()
+ *             .siteId(default_.siteId())
+ *             .versionName(defaultHostingVersion.name())
+ *             .message("With custom headers")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> * ### Firebasehosting Version Path * * <!--Start PulumiCodeChooser --> diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/Project.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/Project.java index 480cfc14b0..5c2b170686 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/firebase/Project.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/Project.java @@ -14,7 +14,7 @@ import javax.annotation.Nullable; /** - * A Google Cloud Firebase instance. This enables Firebase resources on a given google project. + * A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project. * Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP * identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. * Once Firebase has been added to a Google Project it cannot be removed. @@ -128,14 +128,14 @@ public Output project() { return this.project; } /** - * The number of the google project that firebase is enabled on. + * The number of the Google Project that Firebase is enabled on. * */ @Export(name="projectNumber", refs={String.class}, tree="[0]") private Output projectNumber; /** - * @return The number of the google project that firebase is enabled on. + * @return The number of the Google Project that Firebase is enabled on. * */ public Output projectNumber() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigArgs.java index cece02837a..8f65567dfc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigArgs.java @@ -5,6 +5,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.firebase.inputs.HostingVersionConfigHeaderArgs; import com.pulumi.gcp.firebase.inputs.HostingVersionConfigRedirectArgs; import com.pulumi.gcp.firebase.inputs.HostingVersionConfigRewriteArgs; import java.util.List; @@ -17,6 +18,25 @@ public final class HostingVersionConfigArgs extends com.pulumi.resources.Resourc public static final HostingVersionConfigArgs Empty = new HostingVersionConfigArgs(); + /** + * An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + */ + @Import(name="headers") + private @Nullable Output> headers; + + /** + * @return An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + */ + public Optional>> headers() { + return Optional.ofNullable(this.headers); + } + /** * An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, * triggers Hosting to respond with a redirect to the specified destination path. @@ -58,6 +78,7 @@ public Optional>> rewrites() { private HostingVersionConfigArgs() {} private HostingVersionConfigArgs(HostingVersionConfigArgs $) { + this.headers = $.headers; this.redirects = $.redirects; this.rewrites = $.rewrites; } @@ -80,6 +101,43 @@ public Builder(HostingVersionConfigArgs defaults) { $ = new HostingVersionConfigArgs(Objects.requireNonNull(defaults)); } + /** + * @param headers An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headers(@Nullable Output> headers) { + $.headers = headers; + return this; + } + + /** + * @param headers An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headers(List headers) { + return headers(Output.of(headers)); + } + + /** + * @param headers An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headers(HostingVersionConfigHeaderArgs... headers) { + return headers(List.of(headers)); + } + /** * @param redirects An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, * triggers Hosting to respond with a redirect to the specified destination path. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigHeaderArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigHeaderArgs.java new file mode 100644 index 0000000000..d117958094 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/HostingVersionConfigHeaderArgs.java @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.firebase.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class HostingVersionConfigHeaderArgs extends com.pulumi.resources.ResourceArgs { + + public static final HostingVersionConfigHeaderArgs Empty = new HostingVersionConfigHeaderArgs(); + + /** + * The user-supplied glob to match against the request URL path. + * + */ + @Import(name="glob") + private @Nullable Output glob; + + /** + * @return The user-supplied glob to match against the request URL path. + * + */ + public Optional> glob() { + return Optional.ofNullable(this.glob); + } + + /** + * The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + * + */ + @Import(name="headers", required=true) + private Output> headers; + + /** + * @return The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + * + */ + public Output> headers() { + return this.headers; + } + + /** + * The user-supplied RE2 regular expression to match against the request URL path. + * + */ + @Import(name="regex") + private @Nullable Output regex; + + /** + * @return The user-supplied RE2 regular expression to match against the request URL path. + * + */ + public Optional> regex() { + return Optional.ofNullable(this.regex); + } + + private HostingVersionConfigHeaderArgs() {} + + private HostingVersionConfigHeaderArgs(HostingVersionConfigHeaderArgs $) { + this.glob = $.glob; + this.headers = $.headers; + this.regex = $.regex; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(HostingVersionConfigHeaderArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private HostingVersionConfigHeaderArgs $; + + public Builder() { + $ = new HostingVersionConfigHeaderArgs(); + } + + public Builder(HostingVersionConfigHeaderArgs defaults) { + $ = new HostingVersionConfigHeaderArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param glob The user-supplied glob to match against the request URL path. + * + * @return builder + * + */ + public Builder glob(@Nullable Output glob) { + $.glob = glob; + return this; + } + + /** + * @param glob The user-supplied glob to match against the request URL path. + * + * @return builder + * + */ + public Builder glob(String glob) { + return glob(Output.of(glob)); + } + + /** + * @param headers The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + * + * @return builder + * + */ + public Builder headers(Output> headers) { + $.headers = headers; + return this; + } + + /** + * @param headers The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + * + * @return builder + * + */ + public Builder headers(Map headers) { + return headers(Output.of(headers)); + } + + /** + * @param regex The user-supplied RE2 regular expression to match against the request URL path. + * + * @return builder + * + */ + public Builder regex(@Nullable Output regex) { + $.regex = regex; + return this; + } + + /** + * @param regex The user-supplied RE2 regular expression to match against the request URL path. + * + * @return builder + * + */ + public Builder regex(String regex) { + return regex(Output.of(regex)); + } + + public HostingVersionConfigHeaderArgs build() { + if ($.headers == null) { + throw new MissingRequiredPropertyException("HostingVersionConfigHeaderArgs", "headers"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/ProjectState.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/ProjectState.java index 2d183da905..1ff6c77cf7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/ProjectState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/inputs/ProjectState.java @@ -48,14 +48,14 @@ public Optional> project() { } /** - * The number of the google project that firebase is enabled on. + * The number of the Google Project that Firebase is enabled on. * */ @Import(name="projectNumber") private @Nullable Output projectNumber; /** - * @return The number of the google project that firebase is enabled on. + * @return The number of the Google Project that Firebase is enabled on. * */ public Optional> projectNumber() { @@ -133,7 +133,7 @@ public Builder project(String project) { } /** - * @param projectNumber The number of the google project that firebase is enabled on. + * @param projectNumber The number of the Google Project that Firebase is enabled on. * * @return builder * @@ -144,7 +144,7 @@ public Builder projectNumber(@Nullable Output projectNumber) { } /** - * @param projectNumber The number of the google project that firebase is enabled on. + * @param projectNumber The number of the Google Project that Firebase is enabled on. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfig.java index 5ed3de4142..e6d528f48c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfig.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfig.java @@ -4,6 +4,7 @@ package com.pulumi.gcp.firebase.outputs; import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.firebase.outputs.HostingVersionConfigHeader; import com.pulumi.gcp.firebase.outputs.HostingVersionConfigRedirect; import com.pulumi.gcp.firebase.outputs.HostingVersionConfigRewrite; import java.util.List; @@ -12,6 +13,13 @@ @CustomType public final class HostingVersionConfig { + /** + * @return An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + */ + private @Nullable List headers; /** * @return An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, * triggers Hosting to respond with a redirect to the specified destination path. @@ -28,6 +36,15 @@ public final class HostingVersionConfig { private @Nullable List rewrites; private HostingVersionConfig() {} + /** + * @return An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + * + */ + public List headers() { + return this.headers == null ? List.of() : this.headers; + } /** * @return An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, * triggers Hosting to respond with a redirect to the specified destination path. @@ -56,15 +73,26 @@ public static Builder builder(HostingVersionConfig defaults) { } @CustomType.Builder public static final class Builder { + private @Nullable List headers; private @Nullable List redirects; private @Nullable List rewrites; public Builder() {} public Builder(HostingVersionConfig defaults) { Objects.requireNonNull(defaults); + this.headers = defaults.headers; this.redirects = defaults.redirects; this.rewrites = defaults.rewrites; } + @CustomType.Setter + public Builder headers(@Nullable List headers) { + + this.headers = headers; + return this; + } + public Builder headers(HostingVersionConfigHeader... headers) { + return headers(List.of(headers)); + } @CustomType.Setter public Builder redirects(@Nullable List redirects) { @@ -85,6 +113,7 @@ public Builder rewrites(HostingVersionConfigRewrite... rewrites) { } public HostingVersionConfig build() { final var _resultValue = new HostingVersionConfig(); + _resultValue.headers = headers; _resultValue.redirects = redirects; _resultValue.rewrites = rewrites; return _resultValue; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfigHeader.java b/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfigHeader.java new file mode 100644 index 0000000000..5b903b71eb --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/firebase/outputs/HostingVersionConfigHeader.java @@ -0,0 +1,103 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.firebase.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class HostingVersionConfigHeader { + /** + * @return The user-supplied glob to match against the request URL path. + * + */ + private @Nullable String glob; + /** + * @return The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + * + */ + private Map headers; + /** + * @return The user-supplied RE2 regular expression to match against the request URL path. + * + */ + private @Nullable String regex; + + private HostingVersionConfigHeader() {} + /** + * @return The user-supplied glob to match against the request URL path. + * + */ + public Optional glob() { + return Optional.ofNullable(this.glob); + } + /** + * @return The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + * + */ + public Map headers() { + return this.headers; + } + /** + * @return The user-supplied RE2 regular expression to match against the request URL path. + * + */ + public Optional regex() { + return Optional.ofNullable(this.regex); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(HostingVersionConfigHeader defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String glob; + private Map headers; + private @Nullable String regex; + public Builder() {} + public Builder(HostingVersionConfigHeader defaults) { + Objects.requireNonNull(defaults); + this.glob = defaults.glob; + this.headers = defaults.headers; + this.regex = defaults.regex; + } + + @CustomType.Setter + public Builder glob(@Nullable String glob) { + + this.glob = glob; + return this; + } + @CustomType.Setter + public Builder headers(Map headers) { + if (headers == null) { + throw new MissingRequiredPropertyException("HostingVersionConfigHeader", "headers"); + } + this.headers = headers; + return this; + } + @CustomType.Setter + public Builder regex(@Nullable String regex) { + + this.regex = regex; + return this; + } + public HostingVersionConfigHeader build() { + final var _resultValue = new HostingVersionConfigHeader(); + _resultValue.glob = glob; + _resultValue.headers = headers; + _resultValue.regex = regex; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/Config.java b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/Config.java index dbe71a1ef7..23cf13d782 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/Config.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/Config.java @@ -132,7 +132,7 @@ * .quota(ConfigQuotaArgs.builder() * .signUpQuotaConfig(ConfigQuotaSignUpQuotaConfigArgs.builder() * .quota(1000) - * .startTime("") + * .startTime("2014-10-02T15:01:23Z") * .quotaDuration("7200s") * .build()) * .build()) diff --git a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/inputs/ConfigQuotaArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/inputs/ConfigQuotaArgs.java index 76d584676b..9d83ae7b0a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/inputs/ConfigQuotaArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/inputs/ConfigQuotaArgs.java @@ -16,7 +16,7 @@ public final class ConfigQuotaArgs extends com.pulumi.resources.ResourceArgs { public static final ConfigQuotaArgs Empty = new ConfigQuotaArgs(); /** - * Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. * */ @@ -24,7 +24,7 @@ public final class ConfigQuotaArgs extends com.pulumi.resources.ResourceArgs { private @Nullable Output signUpQuotaConfig; /** - * @return Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * @return Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. * */ @@ -57,7 +57,7 @@ public Builder(ConfigQuotaArgs defaults) { } /** - * @param signUpQuotaConfig Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * @param signUpQuotaConfig Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. * * @return builder @@ -69,7 +69,7 @@ public Builder signUpQuotaConfig(@Nullable Output quota; /** - * @return A sign up APIs quota that customers can override temporarily. + * @return A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. * */ public Optional> quota() { @@ -88,7 +88,7 @@ public Builder(ConfigQuotaSignUpQuotaConfigArgs defaults) { } /** - * @param quota A sign up APIs quota that customers can override temporarily. + * @param quota A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. * * @return builder * @@ -99,7 +99,7 @@ public Builder quota(@Nullable Output quota) { } /** - * @param quota A sign up APIs quota that customers can override temporarily. + * @param quota A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuota.java b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuota.java index 4e7c951a25..09496cef24 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuota.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuota.java @@ -12,7 +12,7 @@ @CustomType public final class ConfigQuota { /** - * @return Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * @return Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. * */ @@ -20,7 +20,7 @@ public final class ConfigQuota { private ConfigQuota() {} /** - * @return Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * @return Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuotaSignUpQuotaConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuotaSignUpQuotaConfig.java index 2f644cac6f..6c559ac4c6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuotaSignUpQuotaConfig.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/identityplatform/outputs/ConfigQuotaSignUpQuotaConfig.java @@ -13,7 +13,7 @@ @CustomType public final class ConfigQuotaSignUpQuotaConfig { /** - * @return A sign up APIs quota that customers can override temporarily. + * @return A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. * */ private @Nullable Integer quota; @@ -30,7 +30,7 @@ public final class ConfigQuotaSignUpQuotaConfig { private ConfigQuotaSignUpQuotaConfig() {} /** - * @return A sign up APIs quota that customers can override temporarily. + * @return A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. * */ public Optional quota() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/looker/Instance.java b/sdk/java/src/main/java/com/pulumi/gcp/looker/Instance.java index 0a543bd04c..919b5b2e40 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/looker/Instance.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/looker/Instance.java @@ -736,8 +736,11 @@ public Output oauthConfig() { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * */ @Export(name="platformEdition", refs={String.class}, tree="[0]") @@ -748,8 +751,11 @@ public Output oauthConfig() { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * */ public Output> platformEdition() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/looker/InstanceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/looker/InstanceArgs.java index fccd363059..063dd2a887 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/looker/InstanceArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/looker/InstanceArgs.java @@ -192,8 +192,11 @@ public Output oauthConfig() { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * */ @Import(name="platformEdition") @@ -204,8 +207,11 @@ public Output oauthConfig() { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * */ public Optional> platformEdition() { @@ -603,8 +609,11 @@ public Builder oauthConfig(InstanceOauthConfigArgs oauthConfig) { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * * @return builder * @@ -619,8 +628,11 @@ public Builder platformEdition(@Nullable Output platformEdition) { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/looker/inputs/InstanceState.java b/sdk/java/src/main/java/com/pulumi/gcp/looker/inputs/InstanceState.java index 1eeadc7317..459a405f94 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/looker/inputs/InstanceState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/looker/inputs/InstanceState.java @@ -283,8 +283,11 @@ public Optional> oauthConfig() { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * */ @Import(name="platformEdition") @@ -295,8 +298,11 @@ public Optional> oauthConfig() { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * */ public Optional> platformEdition() { @@ -846,8 +852,11 @@ public Builder oauthConfig(InstanceOauthConfigArgs oauthConfig) { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * * @return builder * @@ -862,8 +871,11 @@ public Builder platformEdition(@Nullable Output platformEdition) { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.java index 2a32672d9d..887c9701c6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/inputs/SpokeLinkedRouterApplianceInstancesInstanceArgs.java @@ -5,10 +5,9 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; import java.lang.String; import java.util.Objects; -import java.util.Optional; -import javax.annotation.Nullable; public final class SpokeLinkedRouterApplianceInstancesInstanceArgs extends com.pulumi.resources.ResourceArgs { @@ -19,30 +18,30 @@ public final class SpokeLinkedRouterApplianceInstancesInstanceArgs extends com.p * The IP address on the VM to use for peering. * */ - @Import(name="ipAddress") - private @Nullable Output ipAddress; + @Import(name="ipAddress", required=true) + private Output ipAddress; /** * @return The IP address on the VM to use for peering. * */ - public Optional> ipAddress() { - return Optional.ofNullable(this.ipAddress); + public Output ipAddress() { + return this.ipAddress; } /** * The URI of the virtual machine resource * */ - @Import(name="virtualMachine") - private @Nullable Output virtualMachine; + @Import(name="virtualMachine", required=true) + private Output virtualMachine; /** * @return The URI of the virtual machine resource * */ - public Optional> virtualMachine() { - return Optional.ofNullable(this.virtualMachine); + public Output virtualMachine() { + return this.virtualMachine; } private SpokeLinkedRouterApplianceInstancesInstanceArgs() {} @@ -76,7 +75,7 @@ public Builder(SpokeLinkedRouterApplianceInstancesInstanceArgs defaults) { * @return builder * */ - public Builder ipAddress(@Nullable Output ipAddress) { + public Builder ipAddress(Output ipAddress) { $.ipAddress = ipAddress; return this; } @@ -97,7 +96,7 @@ public Builder ipAddress(String ipAddress) { * @return builder * */ - public Builder virtualMachine(@Nullable Output virtualMachine) { + public Builder virtualMachine(Output virtualMachine) { $.virtualMachine = virtualMachine; return this; } @@ -113,6 +112,12 @@ public Builder virtualMachine(String virtualMachine) { } public SpokeLinkedRouterApplianceInstancesInstanceArgs build() { + if ($.ipAddress == null) { + throw new MissingRequiredPropertyException("SpokeLinkedRouterApplianceInstancesInstanceArgs", "ipAddress"); + } + if ($.virtualMachine == null) { + throw new MissingRequiredPropertyException("SpokeLinkedRouterApplianceInstancesInstanceArgs", "virtualMachine"); + } return $; } } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/outputs/SpokeLinkedRouterApplianceInstancesInstance.java b/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/outputs/SpokeLinkedRouterApplianceInstancesInstance.java index 0623436697..82eab2f1d5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/outputs/SpokeLinkedRouterApplianceInstancesInstance.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/networkconnectivity/outputs/SpokeLinkedRouterApplianceInstancesInstance.java @@ -4,10 +4,9 @@ package com.pulumi.gcp.networkconnectivity.outputs; import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; import java.lang.String; import java.util.Objects; -import java.util.Optional; -import javax.annotation.Nullable; @CustomType public final class SpokeLinkedRouterApplianceInstancesInstance { @@ -15,27 +14,27 @@ public final class SpokeLinkedRouterApplianceInstancesInstance { * @return The IP address on the VM to use for peering. * */ - private @Nullable String ipAddress; + private String ipAddress; /** * @return The URI of the virtual machine resource * */ - private @Nullable String virtualMachine; + private String virtualMachine; private SpokeLinkedRouterApplianceInstancesInstance() {} /** * @return The IP address on the VM to use for peering. * */ - public Optional ipAddress() { - return Optional.ofNullable(this.ipAddress); + public String ipAddress() { + return this.ipAddress; } /** * @return The URI of the virtual machine resource * */ - public Optional virtualMachine() { - return Optional.ofNullable(this.virtualMachine); + public String virtualMachine() { + return this.virtualMachine; } public static Builder builder() { @@ -47,8 +46,8 @@ public static Builder builder(SpokeLinkedRouterApplianceInstancesInstance defaul } @CustomType.Builder public static final class Builder { - private @Nullable String ipAddress; - private @Nullable String virtualMachine; + private String ipAddress; + private String virtualMachine; public Builder() {} public Builder(SpokeLinkedRouterApplianceInstancesInstance defaults) { Objects.requireNonNull(defaults); @@ -57,14 +56,18 @@ public Builder(SpokeLinkedRouterApplianceInstancesInstance defaults) { } @CustomType.Setter - public Builder ipAddress(@Nullable String ipAddress) { - + public Builder ipAddress(String ipAddress) { + if (ipAddress == null) { + throw new MissingRequiredPropertyException("SpokeLinkedRouterApplianceInstancesInstance", "ipAddress"); + } this.ipAddress = ipAddress; return this; } @CustomType.Setter - public Builder virtualMachine(@Nullable String virtualMachine) { - + public Builder virtualMachine(String virtualMachine) { + if (virtualMachine == null) { + throw new MissingRequiredPropertyException("SpokeLinkedRouterApplianceInstancesInstance", "virtualMachine"); + } this.virtualMachine = virtualMachine; return this; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AuthzPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AuthzPolicy.java new file mode 100644 index 0000000000..726d8ccd7c --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AuthzPolicy.java @@ -0,0 +1,500 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.networksecurity.AuthzPolicyArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyState; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyCustomProvider; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRule; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyTarget; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. + * + * To get more information about AuthzPolicy, see: + * + * * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies) + * + * ## Example Usage + * + * ### Network Services Authz Policy Advanced + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.compute.Network;
+ * import com.pulumi.gcp.compute.NetworkArgs;
+ * import com.pulumi.gcp.compute.Subnetwork;
+ * import com.pulumi.gcp.compute.SubnetworkArgs;
+ * import com.pulumi.gcp.compute.Address;
+ * import com.pulumi.gcp.compute.AddressArgs;
+ * import com.pulumi.gcp.compute.RegionHealthCheck;
+ * import com.pulumi.gcp.compute.RegionHealthCheckArgs;
+ * import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
+ * import com.pulumi.gcp.compute.RegionBackendService;
+ * import com.pulumi.gcp.compute.RegionBackendServiceArgs;
+ * import com.pulumi.gcp.compute.RegionUrlMap;
+ * import com.pulumi.gcp.compute.RegionUrlMapArgs;
+ * import com.pulumi.gcp.compute.RegionTargetHttpProxy;
+ * import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
+ * import com.pulumi.gcp.compute.ForwardingRule;
+ * import com.pulumi.gcp.compute.ForwardingRuleArgs;
+ * import com.pulumi.gcp.networkservices.AuthzExtension;
+ * import com.pulumi.gcp.networkservices.AuthzExtensionArgs;
+ * import com.pulumi.gcp.networksecurity.AuthzPolicy;
+ * import com.pulumi.gcp.networksecurity.AuthzPolicyArgs;
+ * import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyTargetArgs;
+ * import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderArgs;
+ * import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderAuthzExtensionArgs;
+ * import com.pulumi.resources.CustomResourceOptions;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var default_ = new Network("default", NetworkArgs.builder()
+ *             .name("lb-network")
+ *             .project("my-project-name")
+ *             .autoCreateSubnetworks(false)
+ *             .build());
+ * 
+ *         var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
+ *             .name("backend-subnet")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .ipCidrRange("10.1.2.0/24")
+ *             .network(default_.id())
+ *             .build());
+ * 
+ *         var proxyOnly = new Subnetwork("proxyOnly", SubnetworkArgs.builder()
+ *             .name("proxy-only-subnet")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .ipCidrRange("10.129.0.0/23")
+ *             .purpose("REGIONAL_MANAGED_PROXY")
+ *             .role("ACTIVE")
+ *             .network(default_.id())
+ *             .build());
+ * 
+ *         var defaultAddress = new Address("defaultAddress", AddressArgs.builder()
+ *             .name("l7-ilb-ip-address")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .subnetwork(defaultSubnetwork.id())
+ *             .addressType("INTERNAL")
+ *             .purpose("GCE_ENDPOINT")
+ *             .build());
+ * 
+ *         var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
+ *             .name("l7-ilb-basic-check")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
+ *                 .portSpecification("USE_SERVING_PORT")
+ *                 .build())
+ *             .build());
+ * 
+ *         var urlMap = new RegionBackendService("urlMap", RegionBackendServiceArgs.builder()
+ *             .name("l7-ilb-backend-service")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .loadBalancingScheme("INTERNAL_MANAGED")
+ *             .healthChecks(defaultRegionHealthCheck.id())
+ *             .build());
+ * 
+ *         var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
+ *             .name("l7-ilb-map")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .defaultService(urlMap.id())
+ *             .build());
+ * 
+ *         var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
+ *             .name("l7-ilb-proxy")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .urlMap(defaultRegionUrlMap.id())
+ *             .build());
+ * 
+ *         var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
+ *             .name("l7-ilb-forwarding-rule")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .loadBalancingScheme("INTERNAL_MANAGED")
+ *             .network(default_.id())
+ *             .subnetwork(defaultSubnetwork.id())
+ *             .ipProtocol("TCP")
+ *             .portRange("80")
+ *             .target(defaultRegionTargetHttpProxy.id())
+ *             .ipAddress(defaultAddress.id())
+ *             .build(), CustomResourceOptions.builder()
+ *                 .dependsOn(proxyOnly)
+ *                 .build());
+ * 
+ *         var authzExtension = new RegionBackendService("authzExtension", RegionBackendServiceArgs.builder()
+ *             .name("authz-service")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .protocol("HTTP2")
+ *             .loadBalancingScheme("INTERNAL_MANAGED")
+ *             .portName("grpc")
+ *             .build());
+ * 
+ *         var defaultAuthzExtension = new AuthzExtension("defaultAuthzExtension", AuthzExtensionArgs.builder()
+ *             .name("my-authz-ext")
+ *             .project("my-project-name")
+ *             .location("us-west1")
+ *             .description("my description")
+ *             .loadBalancingScheme("INTERNAL_MANAGED")
+ *             .authority("ext11.com")
+ *             .service(authzExtension.selfLink())
+ *             .timeout("0.1s")
+ *             .failOpen(false)
+ *             .forwardHeaders("Authorization")
+ *             .build());
+ * 
+ *         var defaultAuthzPolicy = new AuthzPolicy("defaultAuthzPolicy", AuthzPolicyArgs.builder()
+ *             .name("my-authz-policy")
+ *             .project("my-project-name")
+ *             .location("us-west1")
+ *             .description("my description")
+ *             .target(AuthzPolicyTargetArgs.builder()
+ *                 .loadBalancingScheme("INTERNAL_MANAGED")
+ *                 .resources(defaultForwardingRule.selfLink())
+ *                 .build())
+ *             .action("CUSTOM")
+ *             .customProvider(AuthzPolicyCustomProviderArgs.builder()
+ *                 .authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs.builder()
+ *                     .resources(defaultAuthzExtension.id())
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * AuthzPolicy can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}` + * + * * `{{project}}/{{location}}/{{name}}` + * + * * `{{location}}/{{name}}` + * + * * `{{name}}` + * + * When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}} + * ``` + * + */ +@ResourceType(type="gcp:networksecurity/authzPolicy:AuthzPolicy") +public class AuthzPolicy extends com.pulumi.resources.CustomResource { + /** + * When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + */ + @Export(name="action", refs={String.class}, tree="[0]") + private Output action; + + /** + * @return When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + */ + public Output action() { + return this.action; + } + /** + * The timestamp when the resource was created. + * + */ + @Export(name="createTime", refs={String.class}, tree="[0]") + private Output createTime; + + /** + * @return The timestamp when the resource was created. + * + */ + public Output createTime() { + return this.createTime; + } + /** + * Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + */ + @Export(name="customProvider", refs={AuthzPolicyCustomProvider.class}, tree="[0]") + private Output customProvider; + + /** + * @return Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + */ + public Output> customProvider() { + return Codegen.optional(this.customProvider); + } + /** + * A human-readable description of the resource. + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return A human-readable description of the resource. + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Export(name="effectiveLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Output> effectiveLabels() { + return this.effectiveLabels; + } + /** + * A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + */ + @Export(name="httpRules", refs={List.class,AuthzPolicyHttpRule.class}, tree="[0,1]") + private Output> httpRules; + + /** + * @return A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + */ + public Output>> httpRules() { + return Codegen.optional(this.httpRules); + } + /** + * Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + */ + @Export(name="labels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> labels; + + /** + * @return Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + */ + public Output>> labels() { + return Codegen.optional(this.labels); + } + /** + * The location of the resource. + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return The location of the resource. + * + */ + public Output location() { + return this.location; + } + /** + * Identifier. Name of the AuthzPolicy resource. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Identifier. Name of the AuthzPolicy resource. + * + */ + public Output name() { + return this.name; + } + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + public Output project() { + return this.project; + } + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Export(name="pulumiLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Output> pulumiLabels() { + return this.pulumiLabels; + } + /** + * Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + */ + @Export(name="target", refs={AuthzPolicyTarget.class}, tree="[0]") + private Output target; + + /** + * @return Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + */ + public Output target() { + return this.target; + } + /** + * The timestamp when the resource was updated. + * + */ + @Export(name="updateTime", refs={String.class}, tree="[0]") + private Output updateTime; + + /** + * @return The timestamp when the resource was updated. + * + */ + public Output updateTime() { + return this.updateTime; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public AuthzPolicy(java.lang.String name) { + this(name, AuthzPolicyArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public AuthzPolicy(java.lang.String name, AuthzPolicyArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public AuthzPolicy(java.lang.String name, AuthzPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networksecurity/authzPolicy:AuthzPolicy", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private AuthzPolicy(java.lang.String name, Output id, @Nullable AuthzPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networksecurity/authzPolicy:AuthzPolicy", name, state, makeResourceOptions(options, id), false); + } + + private static AuthzPolicyArgs makeArgs(AuthzPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? AuthzPolicyArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "effectiveLabels", + "pulumiLabels" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static AuthzPolicy get(java.lang.String name, Output id, @Nullable AuthzPolicyState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new AuthzPolicy(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AuthzPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AuthzPolicyArgs.java new file mode 100644 index 0000000000..0263923762 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AuthzPolicyArgs.java @@ -0,0 +1,442 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyTargetArgs; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyArgs Empty = new AuthzPolicyArgs(); + + /** + * When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + */ + @Import(name="action", required=true) + private Output action; + + /** + * @return When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + */ + public Output action() { + return this.action; + } + + /** + * Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + */ + @Import(name="customProvider") + private @Nullable Output customProvider; + + /** + * @return Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + */ + public Optional> customProvider() { + return Optional.ofNullable(this.customProvider); + } + + /** + * A human-readable description of the resource. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A human-readable description of the resource. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + */ + @Import(name="httpRules") + private @Nullable Output> httpRules; + + /** + * @return A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + */ + public Optional>> httpRules() { + return Optional.ofNullable(this.httpRules); + } + + /** + * Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * The location of the resource. + * + */ + @Import(name="location", required=true) + private Output location; + + /** + * @return The location of the resource. + * + */ + public Output location() { + return this.location; + } + + /** + * Identifier. Name of the AuthzPolicy resource. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Identifier. Name of the AuthzPolicy resource. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + @Import(name="project") + private @Nullable Output project; + + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + */ + @Import(name="target", required=true) + private Output target; + + /** + * @return Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + */ + public Output target() { + return this.target; + } + + private AuthzPolicyArgs() {} + + private AuthzPolicyArgs(AuthzPolicyArgs $) { + this.action = $.action; + this.customProvider = $.customProvider; + this.description = $.description; + this.httpRules = $.httpRules; + this.labels = $.labels; + this.location = $.location; + this.name = $.name; + this.project = $.project; + this.target = $.target; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyArgs $; + + public Builder() { + $ = new AuthzPolicyArgs(); + } + + public Builder(AuthzPolicyArgs defaults) { + $ = new AuthzPolicyArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param action When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + * @return builder + * + */ + public Builder action(Output action) { + $.action = action; + return this; + } + + /** + * @param action When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + * @return builder + * + */ + public Builder action(String action) { + return action(Output.of(action)); + } + + /** + * @param customProvider Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + * @return builder + * + */ + public Builder customProvider(@Nullable Output customProvider) { + $.customProvider = customProvider; + return this; + } + + /** + * @param customProvider Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + * @return builder + * + */ + public Builder customProvider(AuthzPolicyCustomProviderArgs customProvider) { + return customProvider(Output.of(customProvider)); + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param httpRules A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + * @return builder + * + */ + public Builder httpRules(@Nullable Output> httpRules) { + $.httpRules = httpRules; + return this; + } + + /** + * @param httpRules A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + * @return builder + * + */ + public Builder httpRules(List httpRules) { + return httpRules(Output.of(httpRules)); + } + + /** + * @param httpRules A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + * @return builder + * + */ + public Builder httpRules(AuthzPolicyHttpRuleArgs... httpRules) { + return httpRules(List.of(httpRules)); + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param location The location of the resource. + * + * @return builder + * + */ + public Builder location(Output location) { + $.location = location; + return this; + } + + /** + * @param location The location of the resource. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param name Identifier. Name of the AuthzPolicy resource. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Identifier. Name of the AuthzPolicy resource. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param target Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + * @return builder + * + */ + public Builder target(Output target) { + $.target = target; + return this; + } + + /** + * @param target Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + * @return builder + * + */ + public Builder target(AuthzPolicyTargetArgs target) { + return target(Output.of(target)); + } + + public AuthzPolicyArgs build() { + if ($.action == null) { + throw new MissingRequiredPropertyException("AuthzPolicyArgs", "action"); + } + if ($.location == null) { + throw new MissingRequiredPropertyException("AuthzPolicyArgs", "location"); + } + if ($.target == null) { + throw new MissingRequiredPropertyException("AuthzPolicyArgs", "target"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeployment.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeployment.java new file mode 100644 index 0000000000..c3fe99a471 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeployment.java @@ -0,0 +1,427 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.networksecurity.InterceptDeploymentArgs; +import com.pulumi.gcp.networksecurity.inputs.InterceptDeploymentState; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * + * ### Network Security Intercept Deployment Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.compute.Network;
+ * import com.pulumi.gcp.compute.NetworkArgs;
+ * import com.pulumi.gcp.compute.Subnetwork;
+ * import com.pulumi.gcp.compute.SubnetworkArgs;
+ * import com.pulumi.gcp.compute.RegionHealthCheck;
+ * import com.pulumi.gcp.compute.RegionHealthCheckArgs;
+ * import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
+ * import com.pulumi.gcp.compute.RegionBackendService;
+ * import com.pulumi.gcp.compute.RegionBackendServiceArgs;
+ * import com.pulumi.gcp.compute.ForwardingRule;
+ * import com.pulumi.gcp.compute.ForwardingRuleArgs;
+ * import com.pulumi.gcp.networksecurity.InterceptDeploymentGroup;
+ * import com.pulumi.gcp.networksecurity.InterceptDeploymentGroupArgs;
+ * import com.pulumi.gcp.networksecurity.InterceptDeployment;
+ * import com.pulumi.gcp.networksecurity.InterceptDeploymentArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var network = new Network("network", NetworkArgs.builder()
+ *             .name("example-network")
+ *             .autoCreateSubnetworks(false)
+ *             .build());
+ * 
+ *         var subnetwork = new Subnetwork("subnetwork", SubnetworkArgs.builder()
+ *             .name("example-subnet")
+ *             .region("us-central1")
+ *             .ipCidrRange("10.1.0.0/16")
+ *             .network(network.name())
+ *             .build());
+ * 
+ *         var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()
+ *             .name("example-hc")
+ *             .region("us-central1")
+ *             .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
+ *                 .port(80)
+ *                 .build())
+ *             .build());
+ * 
+ *         var backendService = new RegionBackendService("backendService", RegionBackendServiceArgs.builder()
+ *             .name("example-bs")
+ *             .region("us-central1")
+ *             .healthChecks(healthCheck.id())
+ *             .protocol("UDP")
+ *             .loadBalancingScheme("INTERNAL")
+ *             .build());
+ * 
+ *         var forwardingRule = new ForwardingRule("forwardingRule", ForwardingRuleArgs.builder()
+ *             .name("example-fwr")
+ *             .region("us-central1")
+ *             .network(network.name())
+ *             .subnetwork(subnetwork.name())
+ *             .backendService(backendService.id())
+ *             .loadBalancingScheme("INTERNAL")
+ *             .ports(6081)
+ *             .ipProtocol("UDP")
+ *             .build());
+ * 
+ *         var deploymentGroup = new InterceptDeploymentGroup("deploymentGroup", InterceptDeploymentGroupArgs.builder()
+ *             .interceptDeploymentGroupId("example-dg")
+ *             .location("global")
+ *             .network(network.id())
+ *             .build());
+ * 
+ *         var default_ = new InterceptDeployment("default", InterceptDeploymentArgs.builder()
+ *             .interceptDeploymentId("example-deployment")
+ *             .location("us-central1-a")
+ *             .forwardingRule(forwardingRule.id())
+ *             .interceptDeploymentGroup(deploymentGroup.id())
+ *             .labels(Map.of("foo", "bar"))
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * InterceptDeployment can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` + * + * * `{{project}}/{{location}}/{{intercept_deployment_id}}` + * + * * `{{location}}/{{intercept_deployment_id}}` + * + * When using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}} + * ``` + * + */ +@ResourceType(type="gcp:networksecurity/interceptDeployment:InterceptDeployment") +public class InterceptDeployment extends com.pulumi.resources.CustomResource { + /** + * Create time stamp + * + */ + @Export(name="createTime", refs={String.class}, tree="[0]") + private Output createTime; + + /** + * @return Create time stamp + * + */ + public Output createTime() { + return this.createTime; + } + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Export(name="effectiveLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Output> effectiveLabels() { + return this.effectiveLabels; + } + /** + * Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + */ + @Export(name="forwardingRule", refs={String.class}, tree="[0]") + private Output forwardingRule; + + /** + * @return Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + */ + public Output forwardingRule() { + return this.forwardingRule; + } + /** + * Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + */ + @Export(name="interceptDeploymentGroup", refs={String.class}, tree="[0]") + private Output interceptDeploymentGroup; + + /** + * @return Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + */ + public Output interceptDeploymentGroup() { + return this.interceptDeploymentGroup; + } + /** + * Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + */ + @Export(name="interceptDeploymentId", refs={String.class}, tree="[0]") + private Output interceptDeploymentId; + + /** + * @return Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + */ + public Output interceptDeploymentId() { + return this.interceptDeploymentId; + } + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Export(name="labels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> labels; + + /** + * @return Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Output>> labels() { + return Codegen.optional(this.labels); + } + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + */ + public Output location() { + return this.location; + } + /** + * Identifier. The name of the InterceptDeployment. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Identifier. The name of the InterceptDeployment. + * + */ + public Output name() { + return this.name; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Output project() { + return this.project; + } + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Export(name="pulumiLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Output> pulumiLabels() { + return this.pulumiLabels; + } + /** + * Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + @Export(name="reconciling", refs={Boolean.class}, tree="[0]") + private Output reconciling; + + /** + * @return Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + public Output reconciling() { + return this.reconciling; + } + /** + * Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + * + */ + @Export(name="state", refs={String.class}, tree="[0]") + private Output state; + + /** + * @return Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + * + */ + public Output state() { + return this.state; + } + /** + * Update time stamp + * + */ + @Export(name="updateTime", refs={String.class}, tree="[0]") + private Output updateTime; + + /** + * @return Update time stamp + * + */ + public Output updateTime() { + return this.updateTime; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public InterceptDeployment(java.lang.String name) { + this(name, InterceptDeploymentArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public InterceptDeployment(java.lang.String name, InterceptDeploymentArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public InterceptDeployment(java.lang.String name, InterceptDeploymentArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networksecurity/interceptDeployment:InterceptDeployment", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private InterceptDeployment(java.lang.String name, Output id, @Nullable InterceptDeploymentState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networksecurity/interceptDeployment:InterceptDeployment", name, state, makeResourceOptions(options, id), false); + } + + private static InterceptDeploymentArgs makeArgs(InterceptDeploymentArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? InterceptDeploymentArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "effectiveLabels", + "pulumiLabels" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static InterceptDeployment get(java.lang.String name, Output id, @Nullable InterceptDeploymentState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new InterceptDeployment(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentArgs.java new file mode 100644 index 0000000000..c7e7f39e61 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentArgs.java @@ -0,0 +1,322 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class InterceptDeploymentArgs extends com.pulumi.resources.ResourceArgs { + + public static final InterceptDeploymentArgs Empty = new InterceptDeploymentArgs(); + + /** + * Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + */ + @Import(name="forwardingRule", required=true) + private Output forwardingRule; + + /** + * @return Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + */ + public Output forwardingRule() { + return this.forwardingRule; + } + + /** + * Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + */ + @Import(name="interceptDeploymentGroup", required=true) + private Output interceptDeploymentGroup; + + /** + * @return Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + */ + public Output interceptDeploymentGroup() { + return this.interceptDeploymentGroup; + } + + /** + * Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + */ + @Import(name="interceptDeploymentId", required=true) + private Output interceptDeploymentId; + + /** + * @return Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + */ + public Output interceptDeploymentId() { + return this.interceptDeploymentId; + } + + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + */ + @Import(name="location", required=true) + private Output location; + + /** + * @return Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + */ + public Output location() { + return this.location; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + private InterceptDeploymentArgs() {} + + private InterceptDeploymentArgs(InterceptDeploymentArgs $) { + this.forwardingRule = $.forwardingRule; + this.interceptDeploymentGroup = $.interceptDeploymentGroup; + this.interceptDeploymentId = $.interceptDeploymentId; + this.labels = $.labels; + this.location = $.location; + this.project = $.project; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(InterceptDeploymentArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private InterceptDeploymentArgs $; + + public Builder() { + $ = new InterceptDeploymentArgs(); + } + + public Builder(InterceptDeploymentArgs defaults) { + $ = new InterceptDeploymentArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param forwardingRule Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + * @return builder + * + */ + public Builder forwardingRule(Output forwardingRule) { + $.forwardingRule = forwardingRule; + return this; + } + + /** + * @param forwardingRule Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + * @return builder + * + */ + public Builder forwardingRule(String forwardingRule) { + return forwardingRule(Output.of(forwardingRule)); + } + + /** + * @param interceptDeploymentGroup Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + * @return builder + * + */ + public Builder interceptDeploymentGroup(Output interceptDeploymentGroup) { + $.interceptDeploymentGroup = interceptDeploymentGroup; + return this; + } + + /** + * @param interceptDeploymentGroup Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + * @return builder + * + */ + public Builder interceptDeploymentGroup(String interceptDeploymentGroup) { + return interceptDeploymentGroup(Output.of(interceptDeploymentGroup)); + } + + /** + * @param interceptDeploymentId Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentId(Output interceptDeploymentId) { + $.interceptDeploymentId = interceptDeploymentId; + return this; + } + + /** + * @param interceptDeploymentId Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentId(String interceptDeploymentId) { + return interceptDeploymentId(Output.of(interceptDeploymentId)); + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + * @return builder + * + */ + public Builder location(Output location) { + $.location = location; + return this; + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + public InterceptDeploymentArgs build() { + if ($.forwardingRule == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentArgs", "forwardingRule"); + } + if ($.interceptDeploymentGroup == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentArgs", "interceptDeploymentGroup"); + } + if ($.interceptDeploymentId == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentArgs", "interceptDeploymentId"); + } + if ($.location == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentArgs", "location"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentGroup.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentGroup.java new file mode 100644 index 0000000000..127aed70bf --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentGroup.java @@ -0,0 +1,372 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.networksecurity.InterceptDeploymentGroupArgs; +import com.pulumi.gcp.networksecurity.inputs.InterceptDeploymentGroupState; +import com.pulumi.gcp.networksecurity.outputs.InterceptDeploymentGroupConnectedEndpointGroup; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * ## Example Usage + * + * ### Network Security Intercept Deployment Group Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.compute.Network;
+ * import com.pulumi.gcp.compute.NetworkArgs;
+ * import com.pulumi.gcp.networksecurity.InterceptDeploymentGroup;
+ * import com.pulumi.gcp.networksecurity.InterceptDeploymentGroupArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var network = new Network("network", NetworkArgs.builder()
+ *             .name("example-network")
+ *             .autoCreateSubnetworks(false)
+ *             .build());
+ * 
+ *         var default_ = new InterceptDeploymentGroup("default", InterceptDeploymentGroupArgs.builder()
+ *             .interceptDeploymentGroupId("example-dg")
+ *             .location("global")
+ *             .network(network.id())
+ *             .labels(Map.of("foo", "bar"))
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * InterceptDeploymentGroup can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}` + * + * * `{{project}}/{{location}}/{{intercept_deployment_group_id}}` + * + * * `{{location}}/{{intercept_deployment_group_id}}` + * + * When using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}} + * ``` + * + */ +@ResourceType(type="gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup") +public class InterceptDeploymentGroup extends com.pulumi.resources.CustomResource { + /** + * Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + */ + @Export(name="connectedEndpointGroups", refs={List.class,InterceptDeploymentGroupConnectedEndpointGroup.class}, tree="[0,1]") + private Output> connectedEndpointGroups; + + /** + * @return Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + */ + public Output> connectedEndpointGroups() { + return this.connectedEndpointGroups; + } + /** + * Output only. [Output only] Create time stamp + * + */ + @Export(name="createTime", refs={String.class}, tree="[0]") + private Output createTime; + + /** + * @return Output only. [Output only] Create time stamp + * + */ + public Output createTime() { + return this.createTime; + } + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Export(name="effectiveLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Output> effectiveLabels() { + return this.effectiveLabels; + } + /** + * Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + */ + @Export(name="interceptDeploymentGroupId", refs={String.class}, tree="[0]") + private Output interceptDeploymentGroupId; + + /** + * @return Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + */ + public Output interceptDeploymentGroupId() { + return this.interceptDeploymentGroupId; + } + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Export(name="labels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> labels; + + /** + * @return Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Output>> labels() { + return Codegen.optional(this.labels); + } + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + */ + public Output location() { + return this.location; + } + /** + * (Output) + * Output only. A connected intercept endpoint group. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return (Output) + * Output only. A connected intercept endpoint group. + * + */ + public Output name() { + return this.name; + } + /** + * Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + */ + @Export(name="network", refs={String.class}, tree="[0]") + private Output network; + + /** + * @return Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + */ + public Output network() { + return this.network; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Output project() { + return this.project; + } + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Export(name="pulumiLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Output> pulumiLabels() { + return this.pulumiLabels; + } + /** + * Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + @Export(name="reconciling", refs={Boolean.class}, tree="[0]") + private Output reconciling; + + /** + * @return Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + public Output reconciling() { + return this.reconciling; + } + /** + * Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * + */ + @Export(name="state", refs={String.class}, tree="[0]") + private Output state; + + /** + * @return Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * + */ + public Output state() { + return this.state; + } + /** + * Output only. [Output only] Update time stamp + * + */ + @Export(name="updateTime", refs={String.class}, tree="[0]") + private Output updateTime; + + /** + * @return Output only. [Output only] Update time stamp + * + */ + public Output updateTime() { + return this.updateTime; + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public InterceptDeploymentGroup(java.lang.String name) { + this(name, InterceptDeploymentGroupArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public InterceptDeploymentGroup(java.lang.String name, InterceptDeploymentGroupArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public InterceptDeploymentGroup(java.lang.String name, InterceptDeploymentGroupArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private InterceptDeploymentGroup(java.lang.String name, Output id, @Nullable InterceptDeploymentGroupState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup", name, state, makeResourceOptions(options, id), false); + } + + private static InterceptDeploymentGroupArgs makeArgs(InterceptDeploymentGroupArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? InterceptDeploymentGroupArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "effectiveLabels", + "pulumiLabels" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static InterceptDeploymentGroup get(java.lang.String name, Output id, @Nullable InterceptDeploymentGroupState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new InterceptDeploymentGroup(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentGroupArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentGroupArgs.java new file mode 100644 index 0000000000..f4745e4d87 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/InterceptDeploymentGroupArgs.java @@ -0,0 +1,274 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class InterceptDeploymentGroupArgs extends com.pulumi.resources.ResourceArgs { + + public static final InterceptDeploymentGroupArgs Empty = new InterceptDeploymentGroupArgs(); + + /** + * Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + */ + @Import(name="interceptDeploymentGroupId", required=true) + private Output interceptDeploymentGroupId; + + /** + * @return Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + */ + public Output interceptDeploymentGroupId() { + return this.interceptDeploymentGroupId; + } + + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + */ + @Import(name="location", required=true) + private Output location; + + /** + * @return Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + */ + public Output location() { + return this.location; + } + + /** + * Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + */ + @Import(name="network", required=true) + private Output network; + + /** + * @return Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + */ + public Output network() { + return this.network; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + private InterceptDeploymentGroupArgs() {} + + private InterceptDeploymentGroupArgs(InterceptDeploymentGroupArgs $) { + this.interceptDeploymentGroupId = $.interceptDeploymentGroupId; + this.labels = $.labels; + this.location = $.location; + this.network = $.network; + this.project = $.project; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(InterceptDeploymentGroupArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private InterceptDeploymentGroupArgs $; + + public Builder() { + $ = new InterceptDeploymentGroupArgs(); + } + + public Builder(InterceptDeploymentGroupArgs defaults) { + $ = new InterceptDeploymentGroupArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param interceptDeploymentGroupId Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentGroupId(Output interceptDeploymentGroupId) { + $.interceptDeploymentGroupId = interceptDeploymentGroupId; + return this; + } + + /** + * @param interceptDeploymentGroupId Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentGroupId(String interceptDeploymentGroupId) { + return interceptDeploymentGroupId(Output.of(interceptDeploymentGroupId)); + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + * @return builder + * + */ + public Builder location(Output location) { + $.location = location; + return this; + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param network Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + * @return builder + * + */ + public Builder network(Output network) { + $.network = network; + return this; + } + + /** + * @param network Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + * @return builder + * + */ + public Builder network(String network) { + return network(Output.of(network)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + public InterceptDeploymentGroupArgs build() { + if ($.interceptDeploymentGroupId == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentGroupArgs", "interceptDeploymentGroupId"); + } + if ($.location == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentGroupArgs", "location"); + } + if ($.network == null) { + throw new MissingRequiredPropertyException("InterceptDeploymentGroupArgs", "network"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderArgs.java new file mode 100644 index 0000000000..157f781d96 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderArgs.java @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderAuthzExtensionArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderCloudIapArgs; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyCustomProviderArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyCustomProviderArgs Empty = new AuthzPolicyCustomProviderArgs(); + + /** + * Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + * + */ + @Import(name="authzExtension") + private @Nullable Output authzExtension; + + /** + * @return Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + * + */ + public Optional> authzExtension() { + return Optional.ofNullable(this.authzExtension); + } + + /** + * Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + * + */ + @Import(name="cloudIap") + private @Nullable Output cloudIap; + + /** + * @return Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + * + */ + public Optional> cloudIap() { + return Optional.ofNullable(this.cloudIap); + } + + private AuthzPolicyCustomProviderArgs() {} + + private AuthzPolicyCustomProviderArgs(AuthzPolicyCustomProviderArgs $) { + this.authzExtension = $.authzExtension; + this.cloudIap = $.cloudIap; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyCustomProviderArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyCustomProviderArgs $; + + public Builder() { + $ = new AuthzPolicyCustomProviderArgs(); + } + + public Builder(AuthzPolicyCustomProviderArgs defaults) { + $ = new AuthzPolicyCustomProviderArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param authzExtension Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + * + * @return builder + * + */ + public Builder authzExtension(@Nullable Output authzExtension) { + $.authzExtension = authzExtension; + return this; + } + + /** + * @param authzExtension Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + * + * @return builder + * + */ + public Builder authzExtension(AuthzPolicyCustomProviderAuthzExtensionArgs authzExtension) { + return authzExtension(Output.of(authzExtension)); + } + + /** + * @param cloudIap Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + * + * @return builder + * + */ + public Builder cloudIap(@Nullable Output cloudIap) { + $.cloudIap = cloudIap; + return this; + } + + /** + * @param cloudIap Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + * + * @return builder + * + */ + public Builder cloudIap(AuthzPolicyCustomProviderCloudIapArgs cloudIap) { + return cloudIap(Output.of(cloudIap)); + } + + public AuthzPolicyCustomProviderArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderAuthzExtensionArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderAuthzExtensionArgs.java new file mode 100644 index 0000000000..01bc51c344 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderAuthzExtensionArgs.java @@ -0,0 +1,96 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; + + +public final class AuthzPolicyCustomProviderAuthzExtensionArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyCustomProviderAuthzExtensionArgs Empty = new AuthzPolicyCustomProviderAuthzExtensionArgs(); + + /** + * A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + */ + @Import(name="resources", required=true) + private Output> resources; + + /** + * @return A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + */ + public Output> resources() { + return this.resources; + } + + private AuthzPolicyCustomProviderAuthzExtensionArgs() {} + + private AuthzPolicyCustomProviderAuthzExtensionArgs(AuthzPolicyCustomProviderAuthzExtensionArgs $) { + this.resources = $.resources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyCustomProviderAuthzExtensionArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyCustomProviderAuthzExtensionArgs $; + + public Builder() { + $ = new AuthzPolicyCustomProviderAuthzExtensionArgs(); + } + + public Builder(AuthzPolicyCustomProviderAuthzExtensionArgs defaults) { + $ = new AuthzPolicyCustomProviderAuthzExtensionArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param resources A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + * @return builder + * + */ + public Builder resources(Output> resources) { + $.resources = resources; + return this; + } + + /** + * @param resources A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + * @return builder + * + */ + public Builder resources(List resources) { + return resources(Output.of(resources)); + } + + /** + * @param resources A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + * @return builder + * + */ + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + + public AuthzPolicyCustomProviderAuthzExtensionArgs build() { + if ($.resources == null) { + throw new MissingRequiredPropertyException("AuthzPolicyCustomProviderAuthzExtensionArgs", "resources"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderCloudIapArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderCloudIapArgs.java new file mode 100644 index 0000000000..ad29f17e25 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyCustomProviderCloudIapArgs.java @@ -0,0 +1,85 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.util.Objects; + + +public final class AuthzPolicyCustomProviderCloudIapArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyCustomProviderCloudIapArgs Empty = new AuthzPolicyCustomProviderCloudIapArgs(); + + /** + * Enable Cloud IAP at the AuthzPolicy level. + * + */ + @Import(name="enabled", required=true) + private Output enabled; + + /** + * @return Enable Cloud IAP at the AuthzPolicy level. + * + */ + public Output enabled() { + return this.enabled; + } + + private AuthzPolicyCustomProviderCloudIapArgs() {} + + private AuthzPolicyCustomProviderCloudIapArgs(AuthzPolicyCustomProviderCloudIapArgs $) { + this.enabled = $.enabled; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyCustomProviderCloudIapArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyCustomProviderCloudIapArgs $; + + public Builder() { + $ = new AuthzPolicyCustomProviderCloudIapArgs(); + } + + public Builder(AuthzPolicyCustomProviderCloudIapArgs defaults) { + $ = new AuthzPolicyCustomProviderCloudIapArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param enabled Enable Cloud IAP at the AuthzPolicy level. + * + * @return builder + * + */ + public Builder enabled(Output enabled) { + $.enabled = enabled; + return this; + } + + /** + * @param enabled Enable Cloud IAP at the AuthzPolicy level. + * + * @return builder + * + */ + public Builder enabled(Boolean enabled) { + return enabled(Output.of(enabled)); + } + + public AuthzPolicyCustomProviderCloudIapArgs build() { + if ($.enabled == null) { + throw new MissingRequiredPropertyException("AuthzPolicyCustomProviderCloudIapArgs", "enabled"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleArgs.java new file mode 100644 index 0000000000..18102a67ab --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleArgs.java @@ -0,0 +1,167 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleArgs Empty = new AuthzPolicyHttpRuleArgs(); + + /** + * Describes properties of one or more sources of a request. + * Structure is documented below. + * + */ + @Import(name="from") + private @Nullable Output from; + + /** + * @return Describes properties of one or more sources of a request. + * Structure is documented below. + * + */ + public Optional> from() { + return Optional.ofNullable(this.from); + } + + /** + * Describes properties of one or more targets of a request + * Structure is documented below. + * + */ + @Import(name="to") + private @Nullable Output to; + + /** + * @return Describes properties of one or more targets of a request + * Structure is documented below. + * + */ + public Optional> to() { + return Optional.ofNullable(this.to); + } + + /** + * CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + * + */ + @Import(name="when") + private @Nullable Output when; + + /** + * @return CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + * + */ + public Optional> when() { + return Optional.ofNullable(this.when); + } + + private AuthzPolicyHttpRuleArgs() {} + + private AuthzPolicyHttpRuleArgs(AuthzPolicyHttpRuleArgs $) { + this.from = $.from; + this.to = $.to; + this.when = $.when; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleArgs(); + } + + public Builder(AuthzPolicyHttpRuleArgs defaults) { + $ = new AuthzPolicyHttpRuleArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param from Describes properties of one or more sources of a request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder from(@Nullable Output from) { + $.from = from; + return this; + } + + /** + * @param from Describes properties of one or more sources of a request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder from(AuthzPolicyHttpRuleFromArgs from) { + return from(Output.of(from)); + } + + /** + * @param to Describes properties of one or more targets of a request + * Structure is documented below. + * + * @return builder + * + */ + public Builder to(@Nullable Output to) { + $.to = to; + return this; + } + + /** + * @param to Describes properties of one or more targets of a request + * Structure is documented below. + * + * @return builder + * + */ + public Builder to(AuthzPolicyHttpRuleToArgs to) { + return to(Output.of(to)); + } + + /** + * @param when CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + * + * @return builder + * + */ + public Builder when(@Nullable Output when) { + $.when = when; + return this; + } + + /** + * @param when CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + * + * @return builder + * + */ + public Builder when(String when) { + return when(Output.of(when)); + } + + public AuthzPolicyHttpRuleArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromArgs.java new file mode 100644 index 0000000000..762810688b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromArgs.java @@ -0,0 +1,152 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromNotSourceArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromSourceArgs; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromArgs Empty = new AuthzPolicyHttpRuleFromArgs(); + + /** + * Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + @Import(name="notSources") + private @Nullable Output> notSources; + + /** + * @return Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + public Optional>> notSources() { + return Optional.ofNullable(this.notSources); + } + + /** + * Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + @Import(name="sources") + private @Nullable Output> sources; + + /** + * @return Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + public Optional>> sources() { + return Optional.ofNullable(this.sources); + } + + private AuthzPolicyHttpRuleFromArgs() {} + + private AuthzPolicyHttpRuleFromArgs(AuthzPolicyHttpRuleFromArgs $) { + this.notSources = $.notSources; + this.sources = $.sources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromArgs defaults) { + $ = new AuthzPolicyHttpRuleFromArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param notSources Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + * @return builder + * + */ + public Builder notSources(@Nullable Output> notSources) { + $.notSources = notSources; + return this; + } + + /** + * @param notSources Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + * @return builder + * + */ + public Builder notSources(List notSources) { + return notSources(Output.of(notSources)); + } + + /** + * @param notSources Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + * @return builder + * + */ + public Builder notSources(AuthzPolicyHttpRuleFromNotSourceArgs... notSources) { + return notSources(List.of(notSources)); + } + + /** + * @param sources Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(@Nullable Output> sources) { + $.sources = sources; + return this; + } + + /** + * @param sources Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(List sources) { + return sources(Output.of(sources)); + } + + /** + * @param sources Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + * @return builder + * + */ + public Builder sources(AuthzPolicyHttpRuleFromSourceArgs... sources) { + return sources(List.of(sources)); + } + + public AuthzPolicyHttpRuleFromArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceArgs.java new file mode 100644 index 0000000000..f07b9fc39a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceArgs.java @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromNotSourcePrincipalArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromNotSourceResourceArgs; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromNotSourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromNotSourceArgs Empty = new AuthzPolicyHttpRuleFromNotSourceArgs(); + + /** + * A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + @Import(name="principals") + private @Nullable Output> principals; + + /** + * @return A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + public Optional>> principals() { + return Optional.ofNullable(this.principals); + } + + /** + * A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + @Import(name="resources") + private @Nullable Output> resources; + + /** + * @return A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + public Optional>> resources() { + return Optional.ofNullable(this.resources); + } + + private AuthzPolicyHttpRuleFromNotSourceArgs() {} + + private AuthzPolicyHttpRuleFromNotSourceArgs(AuthzPolicyHttpRuleFromNotSourceArgs $) { + this.principals = $.principals; + this.resources = $.resources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromNotSourceArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromNotSourceArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromNotSourceArgs defaults) { + $ = new AuthzPolicyHttpRuleFromNotSourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param principals A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + * @return builder + * + */ + public Builder principals(@Nullable Output> principals) { + $.principals = principals; + return this; + } + + /** + * @param principals A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + * @return builder + * + */ + public Builder principals(List principals) { + return principals(Output.of(principals)); + } + + /** + * @param principals A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + * @return builder + * + */ + public Builder principals(AuthzPolicyHttpRuleFromNotSourcePrincipalArgs... principals) { + return principals(List.of(principals)); + } + + /** + * @param resources A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + * @return builder + * + */ + public Builder resources(@Nullable Output> resources) { + $.resources = resources; + return this; + } + + /** + * @param resources A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + * @return builder + * + */ + public Builder resources(List resources) { + return resources(Output.of(resources)); + } + + /** + * @param resources A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + * @return builder + * + */ + public Builder resources(AuthzPolicyHttpRuleFromNotSourceResourceArgs... resources) { + return resources(List.of(resources)); + } + + public AuthzPolicyHttpRuleFromNotSourceArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.java new file mode 100644 index 0000000000..99d0853320 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourcePrincipalArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromNotSourcePrincipalArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromNotSourcePrincipalArgs Empty = new AuthzPolicyHttpRuleFromNotSourcePrincipalArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleFromNotSourcePrincipalArgs() {} + + private AuthzPolicyHttpRuleFromNotSourcePrincipalArgs(AuthzPolicyHttpRuleFromNotSourcePrincipalArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromNotSourcePrincipalArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromNotSourcePrincipalArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromNotSourcePrincipalArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromNotSourcePrincipalArgs defaults) { + $ = new AuthzPolicyHttpRuleFromNotSourcePrincipalArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleFromNotSourcePrincipalArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceArgs.java new file mode 100644 index 0000000000..964bbed593 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceArgs.java @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromNotSourceResourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromNotSourceResourceArgs Empty = new AuthzPolicyHttpRuleFromNotSourceResourceArgs(); + + /** + * An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + @Import(name="iamServiceAccount") + private @Nullable Output iamServiceAccount; + + /** + * @return An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + public Optional> iamServiceAccount() { + return Optional.ofNullable(this.iamServiceAccount); + } + + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + @Import(name="tagValueIdSet") + private @Nullable Output tagValueIdSet; + + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + public Optional> tagValueIdSet() { + return Optional.ofNullable(this.tagValueIdSet); + } + + private AuthzPolicyHttpRuleFromNotSourceResourceArgs() {} + + private AuthzPolicyHttpRuleFromNotSourceResourceArgs(AuthzPolicyHttpRuleFromNotSourceResourceArgs $) { + this.iamServiceAccount = $.iamServiceAccount; + this.tagValueIdSet = $.tagValueIdSet; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceResourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromNotSourceResourceArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromNotSourceResourceArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromNotSourceResourceArgs defaults) { + $ = new AuthzPolicyHttpRuleFromNotSourceResourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param iamServiceAccount An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder iamServiceAccount(@Nullable Output iamServiceAccount) { + $.iamServiceAccount = iamServiceAccount; + return this; + } + + /** + * @param iamServiceAccount An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder iamServiceAccount(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs iamServiceAccount) { + return iamServiceAccount(Output.of(iamServiceAccount)); + } + + /** + * @param tagValueIdSet A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder tagValueIdSet(@Nullable Output tagValueIdSet) { + $.tagValueIdSet = tagValueIdSet; + return this; + } + + /** + * @param tagValueIdSet A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder tagValueIdSet(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs tagValueIdSet) { + return tagValueIdSet(Output.of(tagValueIdSet)); + } + + public AuthzPolicyHttpRuleFromNotSourceResourceArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.java new file mode 100644 index 0000000000..6820f7cdf3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs Empty = new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs() {} + + private AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs defaults) { + $ = new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.java new file mode 100644 index 0000000000..02dd363ebd --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs.java @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs Empty = new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs(); + + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + @Import(name="ids") + private @Nullable Output> ids; + + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + public Optional>> ids() { + return Optional.ofNullable(this.ids); + } + + private AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs() {} + + private AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs $) { + this.ids = $.ids; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs defaults) { + $ = new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param ids A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + * @return builder + * + */ + public Builder ids(@Nullable Output> ids) { + $.ids = ids; + return this; + } + + /** + * @param ids A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + * @return builder + * + */ + public Builder ids(List ids) { + return ids(Output.of(ids)); + } + + /** + * @param ids A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + * @return builder + * + */ + public Builder ids(String... ids) { + return ids(List.of(ids)); + } + + public AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceArgs.java new file mode 100644 index 0000000000..8a15810c86 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceArgs.java @@ -0,0 +1,162 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromSourcePrincipalArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromSourceResourceArgs; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromSourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromSourceArgs Empty = new AuthzPolicyHttpRuleFromSourceArgs(); + + /** + * A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + @Import(name="principals") + private @Nullable Output> principals; + + /** + * @return A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + public Optional>> principals() { + return Optional.ofNullable(this.principals); + } + + /** + * A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + @Import(name="resources") + private @Nullable Output> resources; + + /** + * @return A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + public Optional>> resources() { + return Optional.ofNullable(this.resources); + } + + private AuthzPolicyHttpRuleFromSourceArgs() {} + + private AuthzPolicyHttpRuleFromSourceArgs(AuthzPolicyHttpRuleFromSourceArgs $) { + this.principals = $.principals; + this.resources = $.resources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromSourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromSourceArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromSourceArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromSourceArgs defaults) { + $ = new AuthzPolicyHttpRuleFromSourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param principals A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + * @return builder + * + */ + public Builder principals(@Nullable Output> principals) { + $.principals = principals; + return this; + } + + /** + * @param principals A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + * @return builder + * + */ + public Builder principals(List principals) { + return principals(Output.of(principals)); + } + + /** + * @param principals A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + * @return builder + * + */ + public Builder principals(AuthzPolicyHttpRuleFromSourcePrincipalArgs... principals) { + return principals(List.of(principals)); + } + + /** + * @param resources A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + * @return builder + * + */ + public Builder resources(@Nullable Output> resources) { + $.resources = resources; + return this; + } + + /** + * @param resources A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + * @return builder + * + */ + public Builder resources(List resources) { + return resources(Output.of(resources)); + } + + /** + * @param resources A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + * @return builder + * + */ + public Builder resources(AuthzPolicyHttpRuleFromSourceResourceArgs... resources) { + return resources(List.of(resources)); + } + + public AuthzPolicyHttpRuleFromSourceArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourcePrincipalArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourcePrincipalArgs.java new file mode 100644 index 0000000000..34b82633f1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourcePrincipalArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromSourcePrincipalArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromSourcePrincipalArgs Empty = new AuthzPolicyHttpRuleFromSourcePrincipalArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleFromSourcePrincipalArgs() {} + + private AuthzPolicyHttpRuleFromSourcePrincipalArgs(AuthzPolicyHttpRuleFromSourcePrincipalArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromSourcePrincipalArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromSourcePrincipalArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromSourcePrincipalArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromSourcePrincipalArgs defaults) { + $ = new AuthzPolicyHttpRuleFromSourcePrincipalArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleFromSourcePrincipalArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceArgs.java new file mode 100644 index 0000000000..d3899c8f0c --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceArgs.java @@ -0,0 +1,129 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromSourceResourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromSourceResourceArgs Empty = new AuthzPolicyHttpRuleFromSourceResourceArgs(); + + /** + * An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + @Import(name="iamServiceAccount") + private @Nullable Output iamServiceAccount; + + /** + * @return An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + public Optional> iamServiceAccount() { + return Optional.ofNullable(this.iamServiceAccount); + } + + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + @Import(name="tagValueIdSet") + private @Nullable Output tagValueIdSet; + + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + public Optional> tagValueIdSet() { + return Optional.ofNullable(this.tagValueIdSet); + } + + private AuthzPolicyHttpRuleFromSourceResourceArgs() {} + + private AuthzPolicyHttpRuleFromSourceResourceArgs(AuthzPolicyHttpRuleFromSourceResourceArgs $) { + this.iamServiceAccount = $.iamServiceAccount; + this.tagValueIdSet = $.tagValueIdSet; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromSourceResourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromSourceResourceArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromSourceResourceArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromSourceResourceArgs defaults) { + $ = new AuthzPolicyHttpRuleFromSourceResourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param iamServiceAccount An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder iamServiceAccount(@Nullable Output iamServiceAccount) { + $.iamServiceAccount = iamServiceAccount; + return this; + } + + /** + * @param iamServiceAccount An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder iamServiceAccount(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs iamServiceAccount) { + return iamServiceAccount(Output.of(iamServiceAccount)); + } + + /** + * @param tagValueIdSet A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder tagValueIdSet(@Nullable Output tagValueIdSet) { + $.tagValueIdSet = tagValueIdSet; + return this; + } + + /** + * @param tagValueIdSet A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + * @return builder + * + */ + public Builder tagValueIdSet(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs tagValueIdSet) { + return tagValueIdSet(Output.of(tagValueIdSet)); + } + + public AuthzPolicyHttpRuleFromSourceResourceArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.java new file mode 100644 index 0000000000..68220917c1 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs Empty = new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs() {} + + private AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs defaults) { + $ = new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.java new file mode 100644 index 0000000000..e4edf78c19 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs.java @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs Empty = new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs(); + + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + @Import(name="ids") + private @Nullable Output> ids; + + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + public Optional>> ids() { + return Optional.ofNullable(this.ids); + } + + private AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs() {} + + private AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs $) { + this.ids = $.ids; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs(); + } + + public Builder(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs defaults) { + $ = new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param ids A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + * @return builder + * + */ + public Builder ids(@Nullable Output> ids) { + $.ids = ids; + return this; + } + + /** + * @param ids A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + * @return builder + * + */ + public Builder ids(List ids) { + return ids(Output.of(ids)); + } + + /** + * @param ids A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + * @return builder + * + */ + public Builder ids(String... ids) { + return ids(List.of(ids)); + } + + public AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToArgs.java new file mode 100644 index 0000000000..e3e00c7bb6 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToArgs.java @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToOperationArgs; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToArgs Empty = new AuthzPolicyHttpRuleToArgs(); + + /** + * Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + */ + @Import(name="operations") + private @Nullable Output> operations; + + /** + * @return Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + */ + public Optional>> operations() { + return Optional.ofNullable(this.operations); + } + + private AuthzPolicyHttpRuleToArgs() {} + + private AuthzPolicyHttpRuleToArgs(AuthzPolicyHttpRuleToArgs $) { + this.operations = $.operations; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToArgs(); + } + + public Builder(AuthzPolicyHttpRuleToArgs defaults) { + $ = new AuthzPolicyHttpRuleToArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param operations Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(@Nullable Output> operations) { + $.operations = operations; + return this; + } + + /** + * @param operations Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(List operations) { + return operations(Output.of(operations)); + } + + /** + * @param operations Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder operations(AuthzPolicyHttpRuleToOperationArgs... operations) { + return operations(List.of(operations)); + } + + public AuthzPolicyHttpRuleToArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationArgs.java new file mode 100644 index 0000000000..509b144d4c --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationArgs.java @@ -0,0 +1,257 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToOperationHeaderSetArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToOperationHostArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToOperationPathArgs; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToOperationArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToOperationArgs Empty = new AuthzPolicyHttpRuleToOperationArgs(); + + /** + * A list of headers to match against in http header. + * Structure is documented below. + * + */ + @Import(name="headerSet") + private @Nullable Output headerSet; + + /** + * @return A list of headers to match against in http header. + * Structure is documented below. + * + */ + public Optional> headerSet() { + return Optional.ofNullable(this.headerSet); + } + + /** + * A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + */ + @Import(name="hosts") + private @Nullable Output> hosts; + + /** + * @return A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + */ + public Optional>> hosts() { + return Optional.ofNullable(this.hosts); + } + + /** + * A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + */ + @Import(name="methods") + private @Nullable Output> methods; + + /** + * @return A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + */ + public Optional>> methods() { + return Optional.ofNullable(this.methods); + } + + /** + * A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + */ + @Import(name="paths") + private @Nullable Output> paths; + + /** + * @return A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + */ + public Optional>> paths() { + return Optional.ofNullable(this.paths); + } + + private AuthzPolicyHttpRuleToOperationArgs() {} + + private AuthzPolicyHttpRuleToOperationArgs(AuthzPolicyHttpRuleToOperationArgs $) { + this.headerSet = $.headerSet; + this.hosts = $.hosts; + this.methods = $.methods; + this.paths = $.paths; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToOperationArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToOperationArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToOperationArgs(); + } + + public Builder(AuthzPolicyHttpRuleToOperationArgs defaults) { + $ = new AuthzPolicyHttpRuleToOperationArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param headerSet A list of headers to match against in http header. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headerSet(@Nullable Output headerSet) { + $.headerSet = headerSet; + return this; + } + + /** + * @param headerSet A list of headers to match against in http header. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headerSet(AuthzPolicyHttpRuleToOperationHeaderSetArgs headerSet) { + return headerSet(Output.of(headerSet)); + } + + /** + * @param hosts A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder hosts(@Nullable Output> hosts) { + $.hosts = hosts; + return this; + } + + /** + * @param hosts A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder hosts(List hosts) { + return hosts(Output.of(hosts)); + } + + /** + * @param hosts A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder hosts(AuthzPolicyHttpRuleToOperationHostArgs... hosts) { + return hosts(List.of(hosts)); + } + + /** + * @param methods A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + * @return builder + * + */ + public Builder methods(@Nullable Output> methods) { + $.methods = methods; + return this; + } + + /** + * @param methods A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + * @return builder + * + */ + public Builder methods(List methods) { + return methods(Output.of(methods)); + } + + /** + * @param methods A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + * @return builder + * + */ + public Builder methods(String... methods) { + return methods(List.of(methods)); + } + + /** + * @param paths A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + * @return builder + * + */ + public Builder paths(@Nullable Output> paths) { + $.paths = paths; + return this; + } + + /** + * @param paths A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + * @return builder + * + */ + public Builder paths(List paths) { + return paths(Output.of(paths)); + } + + /** + * @param paths A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + * @return builder + * + */ + public Builder paths(AuthzPolicyHttpRuleToOperationPathArgs... paths) { + return paths(List.of(paths)); + } + + public AuthzPolicyHttpRuleToOperationArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetArgs.java new file mode 100644 index 0000000000..c859f9c301 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetArgs.java @@ -0,0 +1,99 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToOperationHeaderSetArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToOperationHeaderSetArgs Empty = new AuthzPolicyHttpRuleToOperationHeaderSetArgs(); + + /** + * A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + */ + @Import(name="headers") + private @Nullable Output> headers; + + /** + * @return A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + */ + public Optional>> headers() { + return Optional.ofNullable(this.headers); + } + + private AuthzPolicyHttpRuleToOperationHeaderSetArgs() {} + + private AuthzPolicyHttpRuleToOperationHeaderSetArgs(AuthzPolicyHttpRuleToOperationHeaderSetArgs $) { + this.headers = $.headers; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToOperationHeaderSetArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToOperationHeaderSetArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToOperationHeaderSetArgs(); + } + + public Builder(AuthzPolicyHttpRuleToOperationHeaderSetArgs defaults) { + $ = new AuthzPolicyHttpRuleToOperationHeaderSetArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param headers A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headers(@Nullable Output> headers) { + $.headers = headers; + return this; + } + + /** + * @param headers A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headers(List headers) { + return headers(Output.of(headers)); + } + + /** + * @param headers A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + * @return builder + * + */ + public Builder headers(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs... headers) { + return headers(List.of(headers)); + } + + public AuthzPolicyHttpRuleToOperationHeaderSetArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.java new file mode 100644 index 0000000000..848806d223 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs.java @@ -0,0 +1,125 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs Empty = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs(); + + /** + * Specifies the name of the header in the request. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Specifies the name of the header in the request. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * Specifies how the header match will be performed. + * Structure is documented below. + * + */ + @Import(name="value") + private @Nullable Output value; + + /** + * @return Specifies how the header match will be performed. + * Structure is documented below. + * + */ + public Optional> value() { + return Optional.ofNullable(this.value); + } + + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs() {} + + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs $) { + this.name = $.name; + this.value = $.value; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs(); + } + + public Builder(AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs defaults) { + $ = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param name Specifies the name of the header in the request. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Specifies the name of the header in the request. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param value Specifies how the header match will be performed. + * Structure is documented below. + * + * @return builder + * + */ + public Builder value(@Nullable Output value) { + $.value = value; + return this; + } + + /** + * @param value Specifies how the header match will be performed. + * Structure is documented below. + * + * @return builder + * + */ + public Builder value(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs value) { + return value(Output.of(value)); + } + + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.java new file mode 100644 index 0000000000..9bdf613956 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs Empty = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs() {} + + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs(); + } + + public Builder(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs defaults) { + $ = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHostArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHostArgs.java new file mode 100644 index 0000000000..3fbf6cb929 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationHostArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToOperationHostArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToOperationHostArgs Empty = new AuthzPolicyHttpRuleToOperationHostArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleToOperationHostArgs() {} + + private AuthzPolicyHttpRuleToOperationHostArgs(AuthzPolicyHttpRuleToOperationHostArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToOperationHostArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToOperationHostArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToOperationHostArgs(); + } + + public Builder(AuthzPolicyHttpRuleToOperationHostArgs defaults) { + $ = new AuthzPolicyHttpRuleToOperationHostArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleToOperationHostArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationPathArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationPathArgs.java new file mode 100644 index 0000000000..027fe31277 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyHttpRuleToOperationPathArgs.java @@ -0,0 +1,264 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyHttpRuleToOperationPathArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyHttpRuleToOperationPathArgs Empty = new AuthzPolicyHttpRuleToOperationPathArgs(); + + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + @Import(name="contains") + private @Nullable Output contains; + + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional> contains() { + return Optional.ofNullable(this.contains); + } + + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + @Import(name="exact") + private @Nullable Output exact; + + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional> exact() { + return Optional.ofNullable(this.exact); + } + + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + @Import(name="ignoreCase") + private @Nullable Output ignoreCase; + + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional> ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + @Import(name="prefix") + private @Nullable Output prefix; + + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional> prefix() { + return Optional.ofNullable(this.prefix); + } + + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + @Import(name="suffix") + private @Nullable Output suffix; + + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional> suffix() { + return Optional.ofNullable(this.suffix); + } + + private AuthzPolicyHttpRuleToOperationPathArgs() {} + + private AuthzPolicyHttpRuleToOperationPathArgs(AuthzPolicyHttpRuleToOperationPathArgs $) { + this.contains = $.contains; + this.exact = $.exact; + this.ignoreCase = $.ignoreCase; + this.prefix = $.prefix; + this.suffix = $.suffix; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyHttpRuleToOperationPathArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyHttpRuleToOperationPathArgs $; + + public Builder() { + $ = new AuthzPolicyHttpRuleToOperationPathArgs(); + } + + public Builder(AuthzPolicyHttpRuleToOperationPathArgs defaults) { + $ = new AuthzPolicyHttpRuleToOperationPathArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(@Nullable Output contains) { + $.contains = contains; + return this; + } + + /** + * @param contains The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + * @return builder + * + */ + public Builder contains(String contains) { + return contains(Output.of(contains)); + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(@Nullable Output exact) { + $.exact = exact; + return this; + } + + /** + * @param exact The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + * @return builder + * + */ + public Builder exact(String exact) { + return exact(Output.of(exact)); + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(@Nullable Output ignoreCase) { + $.ignoreCase = ignoreCase; + return this; + } + + /** + * @param ignoreCase If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + * @return builder + * + */ + public Builder ignoreCase(Boolean ignoreCase) { + return ignoreCase(Output.of(ignoreCase)); + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(@Nullable Output prefix) { + $.prefix = prefix; + return this; + } + + /** + * @param prefix The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + * @return builder + * + */ + public Builder prefix(String prefix) { + return prefix(Output.of(prefix)); + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(@Nullable Output suffix) { + $.suffix = suffix; + return this; + } + + /** + * @param suffix The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + * @return builder + * + */ + public Builder suffix(String suffix) { + return suffix(Output.of(suffix)); + } + + public AuthzPolicyHttpRuleToOperationPathArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyState.java new file mode 100644 index 0000000000..f277ec14bc --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyState.java @@ -0,0 +1,584 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyCustomProviderArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyHttpRuleArgs; +import com.pulumi.gcp.networksecurity.inputs.AuthzPolicyTargetArgs; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyState extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyState Empty = new AuthzPolicyState(); + + /** + * When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + */ + @Import(name="action") + private @Nullable Output action; + + /** + * @return When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + */ + public Optional> action() { + return Optional.ofNullable(this.action); + } + + /** + * The timestamp when the resource was created. + * + */ + @Import(name="createTime") + private @Nullable Output createTime; + + /** + * @return The timestamp when the resource was created. + * + */ + public Optional> createTime() { + return Optional.ofNullable(this.createTime); + } + + /** + * Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + */ + @Import(name="customProvider") + private @Nullable Output customProvider; + + /** + * @return Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + */ + public Optional> customProvider() { + return Optional.ofNullable(this.customProvider); + } + + /** + * A human-readable description of the resource. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A human-readable description of the resource. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Import(name="effectiveLabels") + private @Nullable Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Optional>> effectiveLabels() { + return Optional.ofNullable(this.effectiveLabels); + } + + /** + * A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + */ + @Import(name="httpRules") + private @Nullable Output> httpRules; + + /** + * @return A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + */ + public Optional>> httpRules() { + return Optional.ofNullable(this.httpRules); + } + + /** + * Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * The location of the resource. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return The location of the resource. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * Identifier. Name of the AuthzPolicy resource. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Identifier. Name of the AuthzPolicy resource. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + @Import(name="project") + private @Nullable Output project; + + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Import(name="pulumiLabels") + private @Nullable Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Optional>> pulumiLabels() { + return Optional.ofNullable(this.pulumiLabels); + } + + /** + * Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + */ + @Import(name="target") + private @Nullable Output target; + + /** + * @return Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + */ + public Optional> target() { + return Optional.ofNullable(this.target); + } + + /** + * The timestamp when the resource was updated. + * + */ + @Import(name="updateTime") + private @Nullable Output updateTime; + + /** + * @return The timestamp when the resource was updated. + * + */ + public Optional> updateTime() { + return Optional.ofNullable(this.updateTime); + } + + private AuthzPolicyState() {} + + private AuthzPolicyState(AuthzPolicyState $) { + this.action = $.action; + this.createTime = $.createTime; + this.customProvider = $.customProvider; + this.description = $.description; + this.effectiveLabels = $.effectiveLabels; + this.httpRules = $.httpRules; + this.labels = $.labels; + this.location = $.location; + this.name = $.name; + this.project = $.project; + this.pulumiLabels = $.pulumiLabels; + this.target = $.target; + this.updateTime = $.updateTime; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyState $; + + public Builder() { + $ = new AuthzPolicyState(); + } + + public Builder(AuthzPolicyState defaults) { + $ = new AuthzPolicyState(Objects.requireNonNull(defaults)); + } + + /** + * @param action When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + * @return builder + * + */ + public Builder action(@Nullable Output action) { + $.action = action; + return this; + } + + /** + * @param action When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + * + * @return builder + * + */ + public Builder action(String action) { + return action(Output.of(action)); + } + + /** + * @param createTime The timestamp when the resource was created. + * + * @return builder + * + */ + public Builder createTime(@Nullable Output createTime) { + $.createTime = createTime; + return this; + } + + /** + * @param createTime The timestamp when the resource was created. + * + * @return builder + * + */ + public Builder createTime(String createTime) { + return createTime(Output.of(createTime)); + } + + /** + * @param customProvider Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + * @return builder + * + */ + public Builder customProvider(@Nullable Output customProvider) { + $.customProvider = customProvider; + return this; + } + + /** + * @param customProvider Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + * + * @return builder + * + */ + public Builder customProvider(AuthzPolicyCustomProviderArgs customProvider) { + return customProvider(Output.of(customProvider)); + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(@Nullable Output> effectiveLabels) { + $.effectiveLabels = effectiveLabels; + return this; + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(Map effectiveLabels) { + return effectiveLabels(Output.of(effectiveLabels)); + } + + /** + * @param httpRules A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + * @return builder + * + */ + public Builder httpRules(@Nullable Output> httpRules) { + $.httpRules = httpRules; + return this; + } + + /** + * @param httpRules A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + * @return builder + * + */ + public Builder httpRules(List httpRules) { + return httpRules(Output.of(httpRules)); + } + + /** + * @param httpRules A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + * + * @return builder + * + */ + public Builder httpRules(AuthzPolicyHttpRuleArgs... httpRules) { + return httpRules(List.of(httpRules)); + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param location The location of the resource. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location The location of the resource. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param name Identifier. Name of the AuthzPolicy resource. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Identifier. Name of the AuthzPolicy resource. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(@Nullable Output> pulumiLabels) { + $.pulumiLabels = pulumiLabels; + return this; + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(Map pulumiLabels) { + return pulumiLabels(Output.of(pulumiLabels)); + } + + /** + * @param target Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + * @return builder + * + */ + public Builder target(@Nullable Output target) { + $.target = target; + return this; + } + + /** + * @param target Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + * + * @return builder + * + */ + public Builder target(AuthzPolicyTargetArgs target) { + return target(Output.of(target)); + } + + /** + * @param updateTime The timestamp when the resource was updated. + * + * @return builder + * + */ + public Builder updateTime(@Nullable Output updateTime) { + $.updateTime = updateTime; + return this; + } + + /** + * @param updateTime The timestamp when the resource was updated. + * + * @return builder + * + */ + public Builder updateTime(String updateTime) { + return updateTime(Output.of(updateTime)); + } + + public AuthzPolicyState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyTargetArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyTargetArgs.java new file mode 100644 index 0000000000..49551fc0e2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AuthzPolicyTargetArgs.java @@ -0,0 +1,153 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzPolicyTargetArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzPolicyTargetArgs Empty = new AuthzPolicyTargetArgs(); + + /** + * All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + * + */ + @Import(name="loadBalancingScheme", required=true) + private Output loadBalancingScheme; + + /** + * @return All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + * + */ + public Output loadBalancingScheme() { + return this.loadBalancingScheme; + } + + /** + * A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + */ + @Import(name="resources") + private @Nullable Output> resources; + + /** + * @return A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + */ + public Optional>> resources() { + return Optional.ofNullable(this.resources); + } + + private AuthzPolicyTargetArgs() {} + + private AuthzPolicyTargetArgs(AuthzPolicyTargetArgs $) { + this.loadBalancingScheme = $.loadBalancingScheme; + this.resources = $.resources; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzPolicyTargetArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzPolicyTargetArgs $; + + public Builder() { + $ = new AuthzPolicyTargetArgs(); + } + + public Builder(AuthzPolicyTargetArgs defaults) { + $ = new AuthzPolicyTargetArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param loadBalancingScheme All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + * + * @return builder + * + */ + public Builder loadBalancingScheme(Output loadBalancingScheme) { + $.loadBalancingScheme = loadBalancingScheme; + return this; + } + + /** + * @param loadBalancingScheme All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + * + * @return builder + * + */ + public Builder loadBalancingScheme(String loadBalancingScheme) { + return loadBalancingScheme(Output.of(loadBalancingScheme)); + } + + /** + * @param resources A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + * @return builder + * + */ + public Builder resources(@Nullable Output> resources) { + $.resources = resources; + return this; + } + + /** + * @param resources A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + * @return builder + * + */ + public Builder resources(List resources) { + return resources(Output.of(resources)); + } + + /** + * @param resources A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + * @return builder + * + */ + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + + public AuthzPolicyTargetArgs build() { + if ($.loadBalancingScheme == null) { + throw new MissingRequiredPropertyException("AuthzPolicyTargetArgs", "loadBalancingScheme"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentGroupConnectedEndpointGroupArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentGroupConnectedEndpointGroupArgs.java new file mode 100644 index 0000000000..76e36005c6 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentGroupConnectedEndpointGroupArgs.java @@ -0,0 +1,87 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class InterceptDeploymentGroupConnectedEndpointGroupArgs extends com.pulumi.resources.ResourceArgs { + + public static final InterceptDeploymentGroupConnectedEndpointGroupArgs Empty = new InterceptDeploymentGroupConnectedEndpointGroupArgs(); + + /** + * (Output) + * Output only. A connected intercept endpoint group. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return (Output) + * Output only. A connected intercept endpoint group. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + private InterceptDeploymentGroupConnectedEndpointGroupArgs() {} + + private InterceptDeploymentGroupConnectedEndpointGroupArgs(InterceptDeploymentGroupConnectedEndpointGroupArgs $) { + this.name = $.name; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(InterceptDeploymentGroupConnectedEndpointGroupArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private InterceptDeploymentGroupConnectedEndpointGroupArgs $; + + public Builder() { + $ = new InterceptDeploymentGroupConnectedEndpointGroupArgs(); + } + + public Builder(InterceptDeploymentGroupConnectedEndpointGroupArgs defaults) { + $ = new InterceptDeploymentGroupConnectedEndpointGroupArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param name (Output) + * Output only. A connected intercept endpoint group. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name (Output) + * Output only. A connected intercept endpoint group. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + public InterceptDeploymentGroupConnectedEndpointGroupArgs build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentGroupState.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentGroupState.java new file mode 100644 index 0000000000..39272d0b28 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentGroupState.java @@ -0,0 +1,610 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.gcp.networksecurity.inputs.InterceptDeploymentGroupConnectedEndpointGroupArgs; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class InterceptDeploymentGroupState extends com.pulumi.resources.ResourceArgs { + + public static final InterceptDeploymentGroupState Empty = new InterceptDeploymentGroupState(); + + /** + * Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + */ + @Import(name="connectedEndpointGroups") + private @Nullable Output> connectedEndpointGroups; + + /** + * @return Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + */ + public Optional>> connectedEndpointGroups() { + return Optional.ofNullable(this.connectedEndpointGroups); + } + + /** + * Output only. [Output only] Create time stamp + * + */ + @Import(name="createTime") + private @Nullable Output createTime; + + /** + * @return Output only. [Output only] Create time stamp + * + */ + public Optional> createTime() { + return Optional.ofNullable(this.createTime); + } + + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Import(name="effectiveLabels") + private @Nullable Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Optional>> effectiveLabels() { + return Optional.ofNullable(this.effectiveLabels); + } + + /** + * Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + */ + @Import(name="interceptDeploymentGroupId") + private @Nullable Output interceptDeploymentGroupId; + + /** + * @return Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + */ + public Optional> interceptDeploymentGroupId() { + return Optional.ofNullable(this.interceptDeploymentGroupId); + } + + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * (Output) + * Output only. A connected intercept endpoint group. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return (Output) + * Output only. A connected intercept endpoint group. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + */ + @Import(name="network") + private @Nullable Output network; + + /** + * @return Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + */ + public Optional> network() { + return Optional.ofNullable(this.network); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Import(name="pulumiLabels") + private @Nullable Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Optional>> pulumiLabels() { + return Optional.ofNullable(this.pulumiLabels); + } + + /** + * Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + @Import(name="reconciling") + private @Nullable Output reconciling; + + /** + * @return Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + public Optional> reconciling() { + return Optional.ofNullable(this.reconciling); + } + + /** + * Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * + */ + @Import(name="state") + private @Nullable Output state; + + /** + * @return Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * + */ + public Optional> state() { + return Optional.ofNullable(this.state); + } + + /** + * Output only. [Output only] Update time stamp + * + */ + @Import(name="updateTime") + private @Nullable Output updateTime; + + /** + * @return Output only. [Output only] Update time stamp + * + */ + public Optional> updateTime() { + return Optional.ofNullable(this.updateTime); + } + + private InterceptDeploymentGroupState() {} + + private InterceptDeploymentGroupState(InterceptDeploymentGroupState $) { + this.connectedEndpointGroups = $.connectedEndpointGroups; + this.createTime = $.createTime; + this.effectiveLabels = $.effectiveLabels; + this.interceptDeploymentGroupId = $.interceptDeploymentGroupId; + this.labels = $.labels; + this.location = $.location; + this.name = $.name; + this.network = $.network; + this.project = $.project; + this.pulumiLabels = $.pulumiLabels; + this.reconciling = $.reconciling; + this.state = $.state; + this.updateTime = $.updateTime; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(InterceptDeploymentGroupState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private InterceptDeploymentGroupState $; + + public Builder() { + $ = new InterceptDeploymentGroupState(); + } + + public Builder(InterceptDeploymentGroupState defaults) { + $ = new InterceptDeploymentGroupState(Objects.requireNonNull(defaults)); + } + + /** + * @param connectedEndpointGroups Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + * @return builder + * + */ + public Builder connectedEndpointGroups(@Nullable Output> connectedEndpointGroups) { + $.connectedEndpointGroups = connectedEndpointGroups; + return this; + } + + /** + * @param connectedEndpointGroups Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + * @return builder + * + */ + public Builder connectedEndpointGroups(List connectedEndpointGroups) { + return connectedEndpointGroups(Output.of(connectedEndpointGroups)); + } + + /** + * @param connectedEndpointGroups Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + * + * @return builder + * + */ + public Builder connectedEndpointGroups(InterceptDeploymentGroupConnectedEndpointGroupArgs... connectedEndpointGroups) { + return connectedEndpointGroups(List.of(connectedEndpointGroups)); + } + + /** + * @param createTime Output only. [Output only] Create time stamp + * + * @return builder + * + */ + public Builder createTime(@Nullable Output createTime) { + $.createTime = createTime; + return this; + } + + /** + * @param createTime Output only. [Output only] Create time stamp + * + * @return builder + * + */ + public Builder createTime(String createTime) { + return createTime(Output.of(createTime)); + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(@Nullable Output> effectiveLabels) { + $.effectiveLabels = effectiveLabels; + return this; + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(Map effectiveLabels) { + return effectiveLabels(Output.of(effectiveLabels)); + } + + /** + * @param interceptDeploymentGroupId Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentGroupId(@Nullable Output interceptDeploymentGroupId) { + $.interceptDeploymentGroupId = interceptDeploymentGroupId; + return this; + } + + /** + * @param interceptDeploymentGroupId Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_group_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentGroupId(String interceptDeploymentGroupId) { + return interceptDeploymentGroupId(Output.of(interceptDeploymentGroupId)); + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param name (Output) + * Output only. A connected intercept endpoint group. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name (Output) + * Output only. A connected intercept endpoint group. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param network Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + * @return builder + * + */ + public Builder network(@Nullable Output network) { + $.network = network; + return this; + } + + /** + * @param network Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + * + * @return builder + * + */ + public Builder network(String network) { + return network(Output.of(network)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(@Nullable Output> pulumiLabels) { + $.pulumiLabels = pulumiLabels; + return this; + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(Map pulumiLabels) { + return pulumiLabels(Output.of(pulumiLabels)); + } + + /** + * @param reconciling Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + * @return builder + * + */ + public Builder reconciling(@Nullable Output reconciling) { + $.reconciling = reconciling; + return this; + } + + /** + * @param reconciling Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + * @return builder + * + */ + public Builder reconciling(Boolean reconciling) { + return reconciling(Output.of(reconciling)); + } + + /** + * @param state Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * + * @return builder + * + */ + public Builder state(@Nullable Output state) { + $.state = state; + return this; + } + + /** + * @param state Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * + * @return builder + * + */ + public Builder state(String state) { + return state(Output.of(state)); + } + + /** + * @param updateTime Output only. [Output only] Update time stamp + * + * @return builder + * + */ + public Builder updateTime(@Nullable Output updateTime) { + $.updateTime = updateTime; + return this; + } + + /** + * @param updateTime Output only. [Output only] Update time stamp + * + * @return builder + * + */ + public Builder updateTime(String updateTime) { + return updateTime(Output.of(updateTime)); + } + + public InterceptDeploymentGroupState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentState.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentState.java new file mode 100644 index 0000000000..a93cee5cdb --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/InterceptDeploymentState.java @@ -0,0 +1,605 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class InterceptDeploymentState extends com.pulumi.resources.ResourceArgs { + + public static final InterceptDeploymentState Empty = new InterceptDeploymentState(); + + /** + * Create time stamp + * + */ + @Import(name="createTime") + private @Nullable Output createTime; + + /** + * @return Create time stamp + * + */ + public Optional> createTime() { + return Optional.ofNullable(this.createTime); + } + + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Import(name="effectiveLabels") + private @Nullable Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Optional>> effectiveLabels() { + return Optional.ofNullable(this.effectiveLabels); + } + + /** + * Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + */ + @Import(name="forwardingRule") + private @Nullable Output forwardingRule; + + /** + * @return Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + */ + public Optional> forwardingRule() { + return Optional.ofNullable(this.forwardingRule); + } + + /** + * Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + */ + @Import(name="interceptDeploymentGroup") + private @Nullable Output interceptDeploymentGroup; + + /** + * @return Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + */ + public Optional> interceptDeploymentGroup() { + return Optional.ofNullable(this.interceptDeploymentGroup); + } + + /** + * Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + */ + @Import(name="interceptDeploymentId") + private @Nullable Output interceptDeploymentId; + + /** + * @return Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + */ + public Optional> interceptDeploymentId() { + return Optional.ofNullable(this.interceptDeploymentId); + } + + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * Identifier. The name of the InterceptDeployment. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Identifier. The name of the InterceptDeployment. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Import(name="pulumiLabels") + private @Nullable Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Optional>> pulumiLabels() { + return Optional.ofNullable(this.pulumiLabels); + } + + /** + * Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + @Import(name="reconciling") + private @Nullable Output reconciling; + + /** + * @return Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + */ + public Optional> reconciling() { + return Optional.ofNullable(this.reconciling); + } + + /** + * Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + * + */ + @Import(name="state") + private @Nullable Output state; + + /** + * @return Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + * + */ + public Optional> state() { + return Optional.ofNullable(this.state); + } + + /** + * Update time stamp + * + */ + @Import(name="updateTime") + private @Nullable Output updateTime; + + /** + * @return Update time stamp + * + */ + public Optional> updateTime() { + return Optional.ofNullable(this.updateTime); + } + + private InterceptDeploymentState() {} + + private InterceptDeploymentState(InterceptDeploymentState $) { + this.createTime = $.createTime; + this.effectiveLabels = $.effectiveLabels; + this.forwardingRule = $.forwardingRule; + this.interceptDeploymentGroup = $.interceptDeploymentGroup; + this.interceptDeploymentId = $.interceptDeploymentId; + this.labels = $.labels; + this.location = $.location; + this.name = $.name; + this.project = $.project; + this.pulumiLabels = $.pulumiLabels; + this.reconciling = $.reconciling; + this.state = $.state; + this.updateTime = $.updateTime; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(InterceptDeploymentState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private InterceptDeploymentState $; + + public Builder() { + $ = new InterceptDeploymentState(); + } + + public Builder(InterceptDeploymentState defaults) { + $ = new InterceptDeploymentState(Objects.requireNonNull(defaults)); + } + + /** + * @param createTime Create time stamp + * + * @return builder + * + */ + public Builder createTime(@Nullable Output createTime) { + $.createTime = createTime; + return this; + } + + /** + * @param createTime Create time stamp + * + * @return builder + * + */ + public Builder createTime(String createTime) { + return createTime(Output.of(createTime)); + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(@Nullable Output> effectiveLabels) { + $.effectiveLabels = effectiveLabels; + return this; + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(Map effectiveLabels) { + return effectiveLabels(Output.of(effectiveLabels)); + } + + /** + * @param forwardingRule Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + * @return builder + * + */ + public Builder forwardingRule(@Nullable Output forwardingRule) { + $.forwardingRule = forwardingRule; + return this; + } + + /** + * @param forwardingRule Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + * + * @return builder + * + */ + public Builder forwardingRule(String forwardingRule) { + return forwardingRule(Output.of(forwardingRule)); + } + + /** + * @param interceptDeploymentGroup Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + * @return builder + * + */ + public Builder interceptDeploymentGroup(@Nullable Output interceptDeploymentGroup) { + $.interceptDeploymentGroup = interceptDeploymentGroup; + return this; + } + + /** + * @param interceptDeploymentGroup Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + * + * @return builder + * + */ + public Builder interceptDeploymentGroup(String interceptDeploymentGroup) { + return interceptDeploymentGroup(Output.of(interceptDeploymentGroup)); + } + + /** + * @param interceptDeploymentId Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentId(@Nullable Output interceptDeploymentId) { + $.interceptDeploymentId = interceptDeploymentId; + return this; + } + + /** + * @param interceptDeploymentId Id of the requesting object + * If auto-generating Id server-side, remove this field and + * intercept_deployment_id from the method_signature of Create RPC + * + * *** + * + * @return builder + * + */ + public Builder interceptDeploymentId(String interceptDeploymentId) { + return interceptDeploymentId(Output.of(interceptDeploymentId)); + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param name Identifier. The name of the InterceptDeployment. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Identifier. The name of the InterceptDeployment. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(@Nullable Output> pulumiLabels) { + $.pulumiLabels = pulumiLabels; + return this; + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(Map pulumiLabels) { + return pulumiLabels(Output.of(pulumiLabels)); + } + + /** + * @param reconciling Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + * @return builder + * + */ + public Builder reconciling(@Nullable Output reconciling) { + $.reconciling = reconciling; + return this; + } + + /** + * @param reconciling Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + * + * @return builder + * + */ + public Builder reconciling(Boolean reconciling) { + return reconciling(Output.of(reconciling)); + } + + /** + * @param state Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + * + * @return builder + * + */ + public Builder state(@Nullable Output state) { + $.state = state; + return this; + } + + /** + * @param state Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + * + * @return builder + * + */ + public Builder state(String state) { + return state(Output.of(state)); + } + + /** + * @param updateTime Update time stamp + * + * @return builder + * + */ + public Builder updateTime(@Nullable Output updateTime) { + $.updateTime = updateTime; + return this; + } + + /** + * @param updateTime Update time stamp + * + * @return builder + * + */ + public Builder updateTime(String updateTime) { + return updateTime(Output.of(updateTime)); + } + + public InterceptDeploymentState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProvider.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProvider.java new file mode 100644 index 0000000000..5379f51dac --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProvider.java @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyCustomProviderAuthzExtension; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyCustomProviderCloudIap; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyCustomProvider { + /** + * @return Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyCustomProviderAuthzExtension authzExtension; + /** + * @return Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyCustomProviderCloudIap cloudIap; + + private AuthzPolicyCustomProvider() {} + /** + * @return Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + * + */ + public Optional authzExtension() { + return Optional.ofNullable(this.authzExtension); + } + /** + * @return Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + * + */ + public Optional cloudIap() { + return Optional.ofNullable(this.cloudIap); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyCustomProvider defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable AuthzPolicyCustomProviderAuthzExtension authzExtension; + private @Nullable AuthzPolicyCustomProviderCloudIap cloudIap; + public Builder() {} + public Builder(AuthzPolicyCustomProvider defaults) { + Objects.requireNonNull(defaults); + this.authzExtension = defaults.authzExtension; + this.cloudIap = defaults.cloudIap; + } + + @CustomType.Setter + public Builder authzExtension(@Nullable AuthzPolicyCustomProviderAuthzExtension authzExtension) { + + this.authzExtension = authzExtension; + return this; + } + @CustomType.Setter + public Builder cloudIap(@Nullable AuthzPolicyCustomProviderCloudIap cloudIap) { + + this.cloudIap = cloudIap; + return this; + } + public AuthzPolicyCustomProvider build() { + final var _resultValue = new AuthzPolicyCustomProvider(); + _resultValue.authzExtension = authzExtension; + _resultValue.cloudIap = cloudIap; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProviderAuthzExtension.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProviderAuthzExtension.java new file mode 100644 index 0000000000..8e5ce4eb9a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProviderAuthzExtension.java @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; + +@CustomType +public final class AuthzPolicyCustomProviderAuthzExtension { + /** + * @return A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + */ + private List resources; + + private AuthzPolicyCustomProviderAuthzExtension() {} + /** + * @return A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + * + */ + public List resources() { + return this.resources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyCustomProviderAuthzExtension defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private List resources; + public Builder() {} + public Builder(AuthzPolicyCustomProviderAuthzExtension defaults) { + Objects.requireNonNull(defaults); + this.resources = defaults.resources; + } + + @CustomType.Setter + public Builder resources(List resources) { + if (resources == null) { + throw new MissingRequiredPropertyException("AuthzPolicyCustomProviderAuthzExtension", "resources"); + } + this.resources = resources; + return this; + } + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + public AuthzPolicyCustomProviderAuthzExtension build() { + final var _resultValue = new AuthzPolicyCustomProviderAuthzExtension(); + _resultValue.resources = resources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProviderCloudIap.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProviderCloudIap.java new file mode 100644 index 0000000000..330dd25b9b --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyCustomProviderCloudIap.java @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.util.Objects; + +@CustomType +public final class AuthzPolicyCustomProviderCloudIap { + /** + * @return Enable Cloud IAP at the AuthzPolicy level. + * + */ + private Boolean enabled; + + private AuthzPolicyCustomProviderCloudIap() {} + /** + * @return Enable Cloud IAP at the AuthzPolicy level. + * + */ + public Boolean enabled() { + return this.enabled; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyCustomProviderCloudIap defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private Boolean enabled; + public Builder() {} + public Builder(AuthzPolicyCustomProviderCloudIap defaults) { + Objects.requireNonNull(defaults); + this.enabled = defaults.enabled; + } + + @CustomType.Setter + public Builder enabled(Boolean enabled) { + if (enabled == null) { + throw new MissingRequiredPropertyException("AuthzPolicyCustomProviderCloudIap", "enabled"); + } + this.enabled = enabled; + return this; + } + public AuthzPolicyCustomProviderCloudIap build() { + final var _resultValue = new AuthzPolicyCustomProviderCloudIap(); + _resultValue.enabled = enabled; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRule.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRule.java new file mode 100644 index 0000000000..4bb662bba7 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRule.java @@ -0,0 +1,105 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFrom; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleTo; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRule { + /** + * @return Describes properties of one or more sources of a request. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleFrom from; + /** + * @return Describes properties of one or more targets of a request + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleTo to; + /** + * @return CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + * + */ + private @Nullable String when; + + private AuthzPolicyHttpRule() {} + /** + * @return Describes properties of one or more sources of a request. + * Structure is documented below. + * + */ + public Optional from() { + return Optional.ofNullable(this.from); + } + /** + * @return Describes properties of one or more targets of a request + * Structure is documented below. + * + */ + public Optional to() { + return Optional.ofNullable(this.to); + } + /** + * @return CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + * + */ + public Optional when() { + return Optional.ofNullable(this.when); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRule defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable AuthzPolicyHttpRuleFrom from; + private @Nullable AuthzPolicyHttpRuleTo to; + private @Nullable String when; + public Builder() {} + public Builder(AuthzPolicyHttpRule defaults) { + Objects.requireNonNull(defaults); + this.from = defaults.from; + this.to = defaults.to; + this.when = defaults.when; + } + + @CustomType.Setter + public Builder from(@Nullable AuthzPolicyHttpRuleFrom from) { + + this.from = from; + return this; + } + @CustomType.Setter + public Builder to(@Nullable AuthzPolicyHttpRuleTo to) { + + this.to = to; + return this; + } + @CustomType.Setter + public Builder when(@Nullable String when) { + + this.when = when; + return this; + } + public AuthzPolicyHttpRule build() { + final var _resultValue = new AuthzPolicyHttpRule(); + _resultValue.from = from; + _resultValue.to = to; + _resultValue.when = when; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFrom.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFrom.java new file mode 100644 index 0000000000..eec5526e53 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFrom.java @@ -0,0 +1,89 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromNotSource; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromSource; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFrom { + /** + * @return Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + private @Nullable List notSources; + /** + * @return Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + private @Nullable List sources; + + private AuthzPolicyHttpRuleFrom() {} + /** + * @return Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + public List notSources() { + return this.notSources == null ? List.of() : this.notSources; + } + /** + * @return Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + * + */ + public List sources() { + return this.sources == null ? List.of() : this.sources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFrom defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List notSources; + private @Nullable List sources; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFrom defaults) { + Objects.requireNonNull(defaults); + this.notSources = defaults.notSources; + this.sources = defaults.sources; + } + + @CustomType.Setter + public Builder notSources(@Nullable List notSources) { + + this.notSources = notSources; + return this; + } + public Builder notSources(AuthzPolicyHttpRuleFromNotSource... notSources) { + return notSources(List.of(notSources)); + } + @CustomType.Setter + public Builder sources(@Nullable List sources) { + + this.sources = sources; + return this; + } + public Builder sources(AuthzPolicyHttpRuleFromSource... sources) { + return sources(List.of(sources)); + } + public AuthzPolicyHttpRuleFrom build() { + final var _resultValue = new AuthzPolicyHttpRuleFrom(); + _resultValue.notSources = notSources; + _resultValue.sources = sources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSource.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSource.java new file mode 100644 index 0000000000..b4be11c2d5 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSource.java @@ -0,0 +1,93 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromNotSourcePrincipal; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromNotSourceResource; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromNotSource { + /** + * @return A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + private @Nullable List principals; + /** + * @return A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + private @Nullable List resources; + + private AuthzPolicyHttpRuleFromNotSource() {} + /** + * @return A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + public List principals() { + return this.principals == null ? List.of() : this.principals; + } + /** + * @return A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + public List resources() { + return this.resources == null ? List.of() : this.resources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromNotSource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List principals; + private @Nullable List resources; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromNotSource defaults) { + Objects.requireNonNull(defaults); + this.principals = defaults.principals; + this.resources = defaults.resources; + } + + @CustomType.Setter + public Builder principals(@Nullable List principals) { + + this.principals = principals; + return this; + } + public Builder principals(AuthzPolicyHttpRuleFromNotSourcePrincipal... principals) { + return principals(List.of(principals)); + } + @CustomType.Setter + public Builder resources(@Nullable List resources) { + + this.resources = resources; + return this; + } + public Builder resources(AuthzPolicyHttpRuleFromNotSourceResource... resources) { + return resources(List.of(resources)); + } + public AuthzPolicyHttpRuleFromNotSource build() { + final var _resultValue = new AuthzPolicyHttpRuleFromNotSource(); + _resultValue.principals = principals; + _resultValue.resources = resources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourcePrincipal.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourcePrincipal.java new file mode 100644 index 0000000000..3609e624c2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourcePrincipal.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromNotSourcePrincipal { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleFromNotSourcePrincipal() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromNotSourcePrincipal defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromNotSourcePrincipal defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleFromNotSourcePrincipal build() { + final var _resultValue = new AuthzPolicyHttpRuleFromNotSourcePrincipal(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResource.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResource.java new file mode 100644 index 0000000000..29732998b9 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResource.java @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromNotSourceResource { + /** + * @return An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount iamServiceAccount; + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet tagValueIdSet; + + private AuthzPolicyHttpRuleFromNotSourceResource() {} + /** + * @return An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + public Optional iamServiceAccount() { + return Optional.ofNullable(this.iamServiceAccount); + } + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + public Optional tagValueIdSet() { + return Optional.ofNullable(this.tagValueIdSet); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceResource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount iamServiceAccount; + private @Nullable AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet tagValueIdSet; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromNotSourceResource defaults) { + Objects.requireNonNull(defaults); + this.iamServiceAccount = defaults.iamServiceAccount; + this.tagValueIdSet = defaults.tagValueIdSet; + } + + @CustomType.Setter + public Builder iamServiceAccount(@Nullable AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount iamServiceAccount) { + + this.iamServiceAccount = iamServiceAccount; + return this; + } + @CustomType.Setter + public Builder tagValueIdSet(@Nullable AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet tagValueIdSet) { + + this.tagValueIdSet = tagValueIdSet; + return this; + } + public AuthzPolicyHttpRuleFromNotSourceResource build() { + final var _resultValue = new AuthzPolicyHttpRuleFromNotSourceResource(); + _resultValue.iamServiceAccount = iamServiceAccount; + _resultValue.tagValueIdSet = tagValueIdSet; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.java new file mode 100644 index 0000000000..f6c21cc61e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount build() { + final var _resultValue = new AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet.java new file mode 100644 index 0000000000..9ea5ce576e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet.java @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet { + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + private @Nullable List ids; + + private AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet() {} + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + public List ids() { + return this.ids == null ? List.of() : this.ids; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List ids; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet defaults) { + Objects.requireNonNull(defaults); + this.ids = defaults.ids; + } + + @CustomType.Setter + public Builder ids(@Nullable List ids) { + + this.ids = ids; + return this; + } + public Builder ids(String... ids) { + return ids(List.of(ids)); + } + public AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet build() { + final var _resultValue = new AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet(); + _resultValue.ids = ids; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSource.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSource.java new file mode 100644 index 0000000000..d73276e6c3 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSource.java @@ -0,0 +1,93 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromSourcePrincipal; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromSourceResource; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromSource { + /** + * @return A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + private @Nullable List principals; + /** + * @return A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + private @Nullable List resources; + + private AuthzPolicyHttpRuleFromSource() {} + /** + * @return A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + * + */ + public List principals() { + return this.principals == null ? List.of() : this.principals; + } + /** + * @return A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + * + */ + public List resources() { + return this.resources == null ? List.of() : this.resources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromSource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List principals; + private @Nullable List resources; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromSource defaults) { + Objects.requireNonNull(defaults); + this.principals = defaults.principals; + this.resources = defaults.resources; + } + + @CustomType.Setter + public Builder principals(@Nullable List principals) { + + this.principals = principals; + return this; + } + public Builder principals(AuthzPolicyHttpRuleFromSourcePrincipal... principals) { + return principals(List.of(principals)); + } + @CustomType.Setter + public Builder resources(@Nullable List resources) { + + this.resources = resources; + return this; + } + public Builder resources(AuthzPolicyHttpRuleFromSourceResource... resources) { + return resources(List.of(resources)); + } + public AuthzPolicyHttpRuleFromSource build() { + final var _resultValue = new AuthzPolicyHttpRuleFromSource(); + _resultValue.principals = principals; + _resultValue.resources = resources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourcePrincipal.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourcePrincipal.java new file mode 100644 index 0000000000..3e3b4b558f --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourcePrincipal.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromSourcePrincipal { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleFromSourcePrincipal() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromSourcePrincipal defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromSourcePrincipal defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleFromSourcePrincipal build() { + final var _resultValue = new AuthzPolicyHttpRuleFromSourcePrincipal(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResource.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResource.java new file mode 100644 index 0000000000..8f22e07586 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResource.java @@ -0,0 +1,83 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromSourceResource { + /** + * @return An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount iamServiceAccount; + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet tagValueIdSet; + + private AuthzPolicyHttpRuleFromSourceResource() {} + /** + * @return An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + * + */ + public Optional iamServiceAccount() { + return Optional.ofNullable(this.iamServiceAccount); + } + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + * + */ + public Optional tagValueIdSet() { + return Optional.ofNullable(this.tagValueIdSet); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromSourceResource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount iamServiceAccount; + private @Nullable AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet tagValueIdSet; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromSourceResource defaults) { + Objects.requireNonNull(defaults); + this.iamServiceAccount = defaults.iamServiceAccount; + this.tagValueIdSet = defaults.tagValueIdSet; + } + + @CustomType.Setter + public Builder iamServiceAccount(@Nullable AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount iamServiceAccount) { + + this.iamServiceAccount = iamServiceAccount; + return this; + } + @CustomType.Setter + public Builder tagValueIdSet(@Nullable AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet tagValueIdSet) { + + this.tagValueIdSet = tagValueIdSet; + return this; + } + public AuthzPolicyHttpRuleFromSourceResource build() { + final var _resultValue = new AuthzPolicyHttpRuleFromSourceResource(); + _resultValue.iamServiceAccount = iamServiceAccount; + _resultValue.tagValueIdSet = tagValueIdSet; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.java new file mode 100644 index 0000000000..36061ecef4 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount build() { + final var _resultValue = new AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet.java new file mode 100644 index 0000000000..64fba0e11e --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet.java @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet { + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + private @Nullable List ids; + + private AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet() {} + /** + * @return A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + * + */ + public List ids() { + return this.ids == null ? List.of() : this.ids; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List ids; + public Builder() {} + public Builder(AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet defaults) { + Objects.requireNonNull(defaults); + this.ids = defaults.ids; + } + + @CustomType.Setter + public Builder ids(@Nullable List ids) { + + this.ids = ids; + return this; + } + public Builder ids(String... ids) { + return ids(List.of(ids)); + } + public AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet build() { + final var _resultValue = new AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet(); + _resultValue.ids = ids; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleTo.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleTo.java new file mode 100644 index 0000000000..d40ee17901 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleTo.java @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleToOperation; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleTo { + /** + * @return Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + */ + private @Nullable List operations; + + private AuthzPolicyHttpRuleTo() {} + /** + * @return Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + * + */ + public List operations() { + return this.operations == null ? List.of() : this.operations; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleTo defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List operations; + public Builder() {} + public Builder(AuthzPolicyHttpRuleTo defaults) { + Objects.requireNonNull(defaults); + this.operations = defaults.operations; + } + + @CustomType.Setter + public Builder operations(@Nullable List operations) { + + this.operations = operations; + return this; + } + public Builder operations(AuthzPolicyHttpRuleToOperation... operations) { + return operations(List.of(operations)); + } + public AuthzPolicyHttpRuleTo build() { + final var _resultValue = new AuthzPolicyHttpRuleTo(); + _resultValue.operations = operations; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperation.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperation.java new file mode 100644 index 0000000000..a5120834bc --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperation.java @@ -0,0 +1,145 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleToOperationHeaderSet; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleToOperationHost; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleToOperationPath; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleToOperation { + /** + * @return A list of headers to match against in http header. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleToOperationHeaderSet headerSet; + /** + * @return A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + */ + private @Nullable List hosts; + /** + * @return A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + */ + private @Nullable List methods; + /** + * @return A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + */ + private @Nullable List paths; + + private AuthzPolicyHttpRuleToOperation() {} + /** + * @return A list of headers to match against in http header. + * Structure is documented below. + * + */ + public Optional headerSet() { + return Optional.ofNullable(this.headerSet); + } + /** + * @return A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + * + */ + public List hosts() { + return this.hosts == null ? List.of() : this.hosts; + } + /** + * @return A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + * + */ + public List methods() { + return this.methods == null ? List.of() : this.methods; + } + /** + * @return A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + * + */ + public List paths() { + return this.paths == null ? List.of() : this.paths; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleToOperation defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable AuthzPolicyHttpRuleToOperationHeaderSet headerSet; + private @Nullable List hosts; + private @Nullable List methods; + private @Nullable List paths; + public Builder() {} + public Builder(AuthzPolicyHttpRuleToOperation defaults) { + Objects.requireNonNull(defaults); + this.headerSet = defaults.headerSet; + this.hosts = defaults.hosts; + this.methods = defaults.methods; + this.paths = defaults.paths; + } + + @CustomType.Setter + public Builder headerSet(@Nullable AuthzPolicyHttpRuleToOperationHeaderSet headerSet) { + + this.headerSet = headerSet; + return this; + } + @CustomType.Setter + public Builder hosts(@Nullable List hosts) { + + this.hosts = hosts; + return this; + } + public Builder hosts(AuthzPolicyHttpRuleToOperationHost... hosts) { + return hosts(List.of(hosts)); + } + @CustomType.Setter + public Builder methods(@Nullable List methods) { + + this.methods = methods; + return this; + } + public Builder methods(String... methods) { + return methods(List.of(methods)); + } + @CustomType.Setter + public Builder paths(@Nullable List paths) { + + this.paths = paths; + return this; + } + public Builder paths(AuthzPolicyHttpRuleToOperationPath... paths) { + return paths(List.of(paths)); + } + public AuthzPolicyHttpRuleToOperation build() { + final var _resultValue = new AuthzPolicyHttpRuleToOperation(); + _resultValue.headerSet = headerSet; + _resultValue.hosts = hosts; + _resultValue.methods = methods; + _resultValue.paths = paths; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSet.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSet.java new file mode 100644 index 0000000000..f1ce57447a --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSet.java @@ -0,0 +1,62 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeader; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleToOperationHeaderSet { + /** + * @return A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + */ + private @Nullable List headers; + + private AuthzPolicyHttpRuleToOperationHeaderSet() {} + /** + * @return A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + * + */ + public List headers() { + return this.headers == null ? List.of() : this.headers; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleToOperationHeaderSet defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable List headers; + public Builder() {} + public Builder(AuthzPolicyHttpRuleToOperationHeaderSet defaults) { + Objects.requireNonNull(defaults); + this.headers = defaults.headers; + } + + @CustomType.Setter + public Builder headers(@Nullable List headers) { + + this.headers = headers; + return this; + } + public Builder headers(AuthzPolicyHttpRuleToOperationHeaderSetHeader... headers) { + return headers(List.of(headers)); + } + public AuthzPolicyHttpRuleToOperationHeaderSet build() { + final var _resultValue = new AuthzPolicyHttpRuleToOperationHeaderSet(); + _resultValue.headers = headers; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeader.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeader.java new file mode 100644 index 0000000000..4636770a51 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeader.java @@ -0,0 +1,81 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.gcp.networksecurity.outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleToOperationHeaderSetHeader { + /** + * @return Specifies the name of the header in the request. + * + */ + private @Nullable String name; + /** + * @return Specifies how the header match will be performed. + * Structure is documented below. + * + */ + private @Nullable AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue value; + + private AuthzPolicyHttpRuleToOperationHeaderSetHeader() {} + /** + * @return Specifies the name of the header in the request. + * + */ + public Optional name() { + return Optional.ofNullable(this.name); + } + /** + * @return Specifies how the header match will be performed. + * Structure is documented below. + * + */ + public Optional value() { + return Optional.ofNullable(this.value); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleToOperationHeaderSetHeader defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String name; + private @Nullable AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue value; + public Builder() {} + public Builder(AuthzPolicyHttpRuleToOperationHeaderSetHeader defaults) { + Objects.requireNonNull(defaults); + this.name = defaults.name; + this.value = defaults.value; + } + + @CustomType.Setter + public Builder name(@Nullable String name) { + + this.name = name; + return this; + } + @CustomType.Setter + public Builder value(@Nullable AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue value) { + + this.value = value; + return this; + } + public AuthzPolicyHttpRuleToOperationHeaderSetHeader build() { + final var _resultValue = new AuthzPolicyHttpRuleToOperationHeaderSetHeader(); + _resultValue.name = name; + _resultValue.value = value; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.java new file mode 100644 index 0000000000..05ae3ad3b8 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue build() { + final var _resultValue = new AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHost.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHost.java new file mode 100644 index 0000000000..e3226ed6ab --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationHost.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleToOperationHost { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleToOperationHost() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleToOperationHost defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleToOperationHost defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleToOperationHost build() { + final var _resultValue = new AuthzPolicyHttpRuleToOperationHost(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationPath.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationPath.java new file mode 100644 index 0000000000..0d52deac9d --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyHttpRuleToOperationPath.java @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.Boolean; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyHttpRuleToOperationPath { + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + private @Nullable String contains; + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + private @Nullable String exact; + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + private @Nullable Boolean ignoreCase; + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + private @Nullable String prefix; + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + private @Nullable String suffix; + + private AuthzPolicyHttpRuleToOperationPath() {} + /** + * @return The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + * + */ + public Optional contains() { + return Optional.ofNullable(this.contains); + } + /** + * @return The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + * + */ + public Optional exact() { + return Optional.ofNullable(this.exact); + } + /** + * @return If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + * + */ + public Optional ignoreCase() { + return Optional.ofNullable(this.ignoreCase); + } + /** + * @return The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + * + */ + public Optional prefix() { + return Optional.ofNullable(this.prefix); + } + /** + * @return The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + * + */ + public Optional suffix() { + return Optional.ofNullable(this.suffix); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyHttpRuleToOperationPath defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String contains; + private @Nullable String exact; + private @Nullable Boolean ignoreCase; + private @Nullable String prefix; + private @Nullable String suffix; + public Builder() {} + public Builder(AuthzPolicyHttpRuleToOperationPath defaults) { + Objects.requireNonNull(defaults); + this.contains = defaults.contains; + this.exact = defaults.exact; + this.ignoreCase = defaults.ignoreCase; + this.prefix = defaults.prefix; + this.suffix = defaults.suffix; + } + + @CustomType.Setter + public Builder contains(@Nullable String contains) { + + this.contains = contains; + return this; + } + @CustomType.Setter + public Builder exact(@Nullable String exact) { + + this.exact = exact; + return this; + } + @CustomType.Setter + public Builder ignoreCase(@Nullable Boolean ignoreCase) { + + this.ignoreCase = ignoreCase; + return this; + } + @CustomType.Setter + public Builder prefix(@Nullable String prefix) { + + this.prefix = prefix; + return this; + } + @CustomType.Setter + public Builder suffix(@Nullable String suffix) { + + this.suffix = suffix; + return this; + } + public AuthzPolicyHttpRuleToOperationPath build() { + final var _resultValue = new AuthzPolicyHttpRuleToOperationPath(); + _resultValue.contains = contains; + _resultValue.exact = exact; + _resultValue.ignoreCase = ignoreCase; + _resultValue.prefix = prefix; + _resultValue.suffix = suffix; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyTarget.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyTarget.java new file mode 100644 index 0000000000..1ea158d937 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/AuthzPolicyTarget.java @@ -0,0 +1,92 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.List; +import java.util.Objects; +import javax.annotation.Nullable; + +@CustomType +public final class AuthzPolicyTarget { + /** + * @return All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + * + */ + private String loadBalancingScheme; + /** + * @return A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + */ + private @Nullable List resources; + + private AuthzPolicyTarget() {} + /** + * @return All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + * + */ + public String loadBalancingScheme() { + return this.loadBalancingScheme; + } + /** + * @return A list of references to the Forwarding Rules on which this policy will be applied. + * + * *** + * + */ + public List resources() { + return this.resources == null ? List.of() : this.resources; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(AuthzPolicyTarget defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String loadBalancingScheme; + private @Nullable List resources; + public Builder() {} + public Builder(AuthzPolicyTarget defaults) { + Objects.requireNonNull(defaults); + this.loadBalancingScheme = defaults.loadBalancingScheme; + this.resources = defaults.resources; + } + + @CustomType.Setter + public Builder loadBalancingScheme(String loadBalancingScheme) { + if (loadBalancingScheme == null) { + throw new MissingRequiredPropertyException("AuthzPolicyTarget", "loadBalancingScheme"); + } + this.loadBalancingScheme = loadBalancingScheme; + return this; + } + @CustomType.Setter + public Builder resources(@Nullable List resources) { + + this.resources = resources; + return this; + } + public Builder resources(String... resources) { + return resources(List.of(resources)); + } + public AuthzPolicyTarget build() { + final var _resultValue = new AuthzPolicyTarget(); + _resultValue.loadBalancingScheme = loadBalancingScheme; + _resultValue.resources = resources; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/InterceptDeploymentGroupConnectedEndpointGroup.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/InterceptDeploymentGroupConnectedEndpointGroup.java new file mode 100644 index 0000000000..82215f8d90 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/outputs/InterceptDeploymentGroupConnectedEndpointGroup.java @@ -0,0 +1,59 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networksecurity.outputs; + +import com.pulumi.core.annotations.CustomType; +import java.lang.String; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + +@CustomType +public final class InterceptDeploymentGroupConnectedEndpointGroup { + /** + * @return (Output) + * Output only. A connected intercept endpoint group. + * + */ + private @Nullable String name; + + private InterceptDeploymentGroupConnectedEndpointGroup() {} + /** + * @return (Output) + * Output only. A connected intercept endpoint group. + * + */ + public Optional name() { + return Optional.ofNullable(this.name); + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(InterceptDeploymentGroupConnectedEndpointGroup defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private @Nullable String name; + public Builder() {} + public Builder(InterceptDeploymentGroupConnectedEndpointGroup defaults) { + Objects.requireNonNull(defaults); + this.name = defaults.name; + } + + @CustomType.Setter + public Builder name(@Nullable String name) { + + this.name = name; + return this; + } + public InterceptDeploymentGroupConnectedEndpointGroup build() { + final var _resultValue = new InterceptDeploymentGroupConnectedEndpointGroup(); + _resultValue.name = name; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networkservices/AuthzExtension.java b/sdk/java/src/main/java/com/pulumi/gcp/networkservices/AuthzExtension.java new file mode 100644 index 0000000000..a22b78b6a4 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networkservices/AuthzExtension.java @@ -0,0 +1,449 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networkservices; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Export; +import com.pulumi.core.annotations.ResourceType; +import com.pulumi.core.internal.Codegen; +import com.pulumi.gcp.Utilities; +import com.pulumi.gcp.networkservices.AuthzExtensionArgs; +import com.pulumi.gcp.networkservices.inputs.AuthzExtensionState; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import javax.annotation.Nullable; + +/** + * AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. + * + * To get more information about AuthzExtension, see: + * + * * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions) + * + * ## Example Usage + * + * ### Network Services Authz Extension Basic + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.compute.RegionBackendService;
+ * import com.pulumi.gcp.compute.RegionBackendServiceArgs;
+ * import com.pulumi.gcp.networkservices.AuthzExtension;
+ * import com.pulumi.gcp.networkservices.AuthzExtensionArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var default_ = new RegionBackendService("default", RegionBackendServiceArgs.builder()
+ *             .name("authz-service")
+ *             .project("my-project-name")
+ *             .region("us-west1")
+ *             .protocol("HTTP2")
+ *             .loadBalancingScheme("INTERNAL_MANAGED")
+ *             .portName("grpc")
+ *             .build());
+ * 
+ *         var defaultAuthzExtension = new AuthzExtension("defaultAuthzExtension", AuthzExtensionArgs.builder()
+ *             .name("my-authz-ext")
+ *             .project("my-project-name")
+ *             .location("us-west1")
+ *             .description("my description")
+ *             .loadBalancingScheme("INTERNAL_MANAGED")
+ *             .authority("ext11.com")
+ *             .service(default_.selfLink())
+ *             .timeout("0.1s")
+ *             .failOpen(false)
+ *             .forwardHeaders("Authorization")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * + * ## Import + * + * AuthzExtension can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}` + * + * * `{{project}}/{{location}}/{{name}}` + * + * * `{{location}}/{{name}}` + * + * * `{{name}}` + * + * When using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}} + * ``` + * + */ +@ResourceType(type="gcp:networkservices/authzExtension:AuthzExtension") +public class AuthzExtension extends com.pulumi.resources.CustomResource { + /** + * The :authority header in the gRPC request sent from Envoy to the extension service. + * + */ + @Export(name="authority", refs={String.class}, tree="[0]") + private Output authority; + + /** + * @return The :authority header in the gRPC request sent from Envoy to the extension service. + * + */ + public Output authority() { + return this.authority; + } + /** + * The timestamp when the resource was created. + * + */ + @Export(name="createTime", refs={String.class}, tree="[0]") + private Output createTime; + + /** + * @return The timestamp when the resource was created. + * + */ + public Output createTime() { + return this.createTime; + } + /** + * A human-readable description of the resource. + * + */ + @Export(name="description", refs={String.class}, tree="[0]") + private Output description; + + /** + * @return A human-readable description of the resource. + * + */ + public Output> description() { + return Codegen.optional(this.description); + } + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Export(name="effectiveLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Output> effectiveLabels() { + return this.effectiveLabels; + } + /** + * Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + */ + @Export(name="failOpen", refs={Boolean.class}, tree="[0]") + private Output failOpen; + + /** + * @return Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + */ + public Output failOpen() { + return this.failOpen; + } + /** + * List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + */ + @Export(name="forwardHeaders", refs={List.class,String.class}, tree="[0,1]") + private Output> forwardHeaders; + + /** + * @return List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + */ + public Output>> forwardHeaders() { + return Codegen.optional(this.forwardHeaders); + } + /** + * Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Export(name="labels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> labels; + + /** + * @return Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Output>> labels() { + return Codegen.optional(this.labels); + } + /** + * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + */ + @Export(name="loadBalancingScheme", refs={String.class}, tree="[0]") + private Output loadBalancingScheme; + + /** + * @return All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + */ + public Output loadBalancingScheme() { + return this.loadBalancingScheme; + } + /** + * The location of the resource. + * + * *** + * + */ + @Export(name="location", refs={String.class}, tree="[0]") + private Output location; + + /** + * @return The location of the resource. + * + * *** + * + */ + public Output location() { + return this.location; + } + /** + * The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + */ + @Export(name="metadata", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> metadata; + + /** + * @return The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + */ + public Output>> metadata() { + return Codegen.optional(this.metadata); + } + /** + * Identifier. Name of the AuthzExtension resource. + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Identifier. Name of the AuthzExtension resource. + * + */ + public Output name() { + return this.name; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Output project() { + return this.project; + } + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Export(name="pulumiLabels", refs={Map.class,String.class}, tree="[0,1,1]") + private Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Output> pulumiLabels() { + return this.pulumiLabels; + } + /** + * The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + */ + @Export(name="service", refs={String.class}, tree="[0]") + private Output service; + + /** + * @return The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + */ + public Output service() { + return this.service; + } + /** + * Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + */ + @Export(name="timeout", refs={String.class}, tree="[0]") + private Output timeout; + + /** + * @return Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + */ + public Output timeout() { + return this.timeout; + } + /** + * The timestamp when the resource was updated. + * + */ + @Export(name="updateTime", refs={String.class}, tree="[0]") + private Output updateTime; + + /** + * @return The timestamp when the resource was updated. + * + */ + public Output updateTime() { + return this.updateTime; + } + /** + * The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + */ + @Export(name="wireFormat", refs={String.class}, tree="[0]") + private Output wireFormat; + + /** + * @return The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + */ + public Output> wireFormat() { + return Codegen.optional(this.wireFormat); + } + + /** + * + * @param name The _unique_ name of the resulting resource. + */ + public AuthzExtension(java.lang.String name) { + this(name, AuthzExtensionArgs.Empty); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + */ + public AuthzExtension(java.lang.String name, AuthzExtensionArgs args) { + this(name, args, null); + } + /** + * + * @param name The _unique_ name of the resulting resource. + * @param args The arguments to use to populate this resource's properties. + * @param options A bag of options that control this resource's behavior. + */ + public AuthzExtension(java.lang.String name, AuthzExtensionArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networkservices/authzExtension:AuthzExtension", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); + } + + private AuthzExtension(java.lang.String name, Output id, @Nullable AuthzExtensionState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + super("gcp:networkservices/authzExtension:AuthzExtension", name, state, makeResourceOptions(options, id), false); + } + + private static AuthzExtensionArgs makeArgs(AuthzExtensionArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { + if (options != null && options.getUrn().isPresent()) { + return null; + } + return args == null ? AuthzExtensionArgs.Empty : args; + } + + private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { + var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() + .version(Utilities.getVersion()) + .additionalSecretOutputs(List.of( + "effectiveLabels", + "pulumiLabels" + )) + .build(); + return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); + } + + /** + * Get an existing Host resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state + * @param options Optional settings to control the behavior of the CustomResource. + */ + public static AuthzExtension get(java.lang.String name, Output id, @Nullable AuthzExtensionState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { + return new AuthzExtension(name, id, state, options); + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networkservices/AuthzExtensionArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networkservices/AuthzExtensionArgs.java new file mode 100644 index 0000000000..00acd25ab2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networkservices/AuthzExtensionArgs.java @@ -0,0 +1,620 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networkservices; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzExtensionArgs extends com.pulumi.resources.ResourceArgs { + + public static final AuthzExtensionArgs Empty = new AuthzExtensionArgs(); + + /** + * The :authority header in the gRPC request sent from Envoy to the extension service. + * + */ + @Import(name="authority", required=true) + private Output authority; + + /** + * @return The :authority header in the gRPC request sent from Envoy to the extension service. + * + */ + public Output authority() { + return this.authority; + } + + /** + * A human-readable description of the resource. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A human-readable description of the resource. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + */ + @Import(name="failOpen") + private @Nullable Output failOpen; + + /** + * @return Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + */ + public Optional> failOpen() { + return Optional.ofNullable(this.failOpen); + } + + /** + * List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + */ + @Import(name="forwardHeaders") + private @Nullable Output> forwardHeaders; + + /** + * @return List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + */ + public Optional>> forwardHeaders() { + return Optional.ofNullable(this.forwardHeaders); + } + + /** + * Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + */ + @Import(name="loadBalancingScheme", required=true) + private Output loadBalancingScheme; + + /** + * @return All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + */ + public Output loadBalancingScheme() { + return this.loadBalancingScheme; + } + + /** + * The location of the resource. + * + * *** + * + */ + @Import(name="location", required=true) + private Output location; + + /** + * @return The location of the resource. + * + * *** + * + */ + public Output location() { + return this.location; + } + + /** + * The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + */ + @Import(name="metadata") + private @Nullable Output> metadata; + + /** + * @return The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + */ + public Optional>> metadata() { + return Optional.ofNullable(this.metadata); + } + + /** + * Identifier. Name of the AuthzExtension resource. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Identifier. Name of the AuthzExtension resource. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + */ + @Import(name="service", required=true) + private Output service; + + /** + * @return The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + */ + public Output service() { + return this.service; + } + + /** + * Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + */ + @Import(name="timeout", required=true) + private Output timeout; + + /** + * @return Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + */ + public Output timeout() { + return this.timeout; + } + + /** + * The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + */ + @Import(name="wireFormat") + private @Nullable Output wireFormat; + + /** + * @return The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + */ + public Optional> wireFormat() { + return Optional.ofNullable(this.wireFormat); + } + + private AuthzExtensionArgs() {} + + private AuthzExtensionArgs(AuthzExtensionArgs $) { + this.authority = $.authority; + this.description = $.description; + this.failOpen = $.failOpen; + this.forwardHeaders = $.forwardHeaders; + this.labels = $.labels; + this.loadBalancingScheme = $.loadBalancingScheme; + this.location = $.location; + this.metadata = $.metadata; + this.name = $.name; + this.project = $.project; + this.service = $.service; + this.timeout = $.timeout; + this.wireFormat = $.wireFormat; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzExtensionArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzExtensionArgs $; + + public Builder() { + $ = new AuthzExtensionArgs(); + } + + public Builder(AuthzExtensionArgs defaults) { + $ = new AuthzExtensionArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param authority The :authority header in the gRPC request sent from Envoy to the extension service. + * + * @return builder + * + */ + public Builder authority(Output authority) { + $.authority = authority; + return this; + } + + /** + * @param authority The :authority header in the gRPC request sent from Envoy to the extension service. + * + * @return builder + * + */ + public Builder authority(String authority) { + return authority(Output.of(authority)); + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param failOpen Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + * @return builder + * + */ + public Builder failOpen(@Nullable Output failOpen) { + $.failOpen = failOpen; + return this; + } + + /** + * @param failOpen Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + * @return builder + * + */ + public Builder failOpen(Boolean failOpen) { + return failOpen(Output.of(failOpen)); + } + + /** + * @param forwardHeaders List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + * @return builder + * + */ + public Builder forwardHeaders(@Nullable Output> forwardHeaders) { + $.forwardHeaders = forwardHeaders; + return this; + } + + /** + * @param forwardHeaders List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + * @return builder + * + */ + public Builder forwardHeaders(List forwardHeaders) { + return forwardHeaders(Output.of(forwardHeaders)); + } + + /** + * @param forwardHeaders List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + * @return builder + * + */ + public Builder forwardHeaders(String... forwardHeaders) { + return forwardHeaders(List.of(forwardHeaders)); + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param loadBalancingScheme All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + * @return builder + * + */ + public Builder loadBalancingScheme(Output loadBalancingScheme) { + $.loadBalancingScheme = loadBalancingScheme; + return this; + } + + /** + * @param loadBalancingScheme All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + * @return builder + * + */ + public Builder loadBalancingScheme(String loadBalancingScheme) { + return loadBalancingScheme(Output.of(loadBalancingScheme)); + } + + /** + * @param location The location of the resource. + * + * *** + * + * @return builder + * + */ + public Builder location(Output location) { + $.location = location; + return this; + } + + /** + * @param location The location of the resource. + * + * *** + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param metadata The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + * @return builder + * + */ + public Builder metadata(@Nullable Output> metadata) { + $.metadata = metadata; + return this; + } + + /** + * @param metadata The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + * @return builder + * + */ + public Builder metadata(Map metadata) { + return metadata(Output.of(metadata)); + } + + /** + * @param name Identifier. Name of the AuthzExtension resource. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Identifier. Name of the AuthzExtension resource. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param service The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + * @return builder + * + */ + public Builder service(Output service) { + $.service = service; + return this; + } + + /** + * @param service The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + * @return builder + * + */ + public Builder service(String service) { + return service(Output.of(service)); + } + + /** + * @param timeout Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + * @return builder + * + */ + public Builder timeout(Output timeout) { + $.timeout = timeout; + return this; + } + + /** + * @param timeout Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + * @return builder + * + */ + public Builder timeout(String timeout) { + return timeout(Output.of(timeout)); + } + + /** + * @param wireFormat The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + * @return builder + * + */ + public Builder wireFormat(@Nullable Output wireFormat) { + $.wireFormat = wireFormat; + return this; + } + + /** + * @param wireFormat The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + * @return builder + * + */ + public Builder wireFormat(String wireFormat) { + return wireFormat(Output.of(wireFormat)); + } + + public AuthzExtensionArgs build() { + if ($.authority == null) { + throw new MissingRequiredPropertyException("AuthzExtensionArgs", "authority"); + } + if ($.loadBalancingScheme == null) { + throw new MissingRequiredPropertyException("AuthzExtensionArgs", "loadBalancingScheme"); + } + if ($.location == null) { + throw new MissingRequiredPropertyException("AuthzExtensionArgs", "location"); + } + if ($.service == null) { + throw new MissingRequiredPropertyException("AuthzExtensionArgs", "service"); + } + if ($.timeout == null) { + throw new MissingRequiredPropertyException("AuthzExtensionArgs", "timeout"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networkservices/inputs/AuthzExtensionState.java b/sdk/java/src/main/java/com/pulumi/gcp/networkservices/inputs/AuthzExtensionState.java new file mode 100644 index 0000000000..49f9e16876 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/networkservices/inputs/AuthzExtensionState.java @@ -0,0 +1,756 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.networkservices.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import java.lang.Boolean; +import java.lang.String; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Optional; +import javax.annotation.Nullable; + + +public final class AuthzExtensionState extends com.pulumi.resources.ResourceArgs { + + public static final AuthzExtensionState Empty = new AuthzExtensionState(); + + /** + * The :authority header in the gRPC request sent from Envoy to the extension service. + * + */ + @Import(name="authority") + private @Nullable Output authority; + + /** + * @return The :authority header in the gRPC request sent from Envoy to the extension service. + * + */ + public Optional> authority() { + return Optional.ofNullable(this.authority); + } + + /** + * The timestamp when the resource was created. + * + */ + @Import(name="createTime") + private @Nullable Output createTime; + + /** + * @return The timestamp when the resource was created. + * + */ + public Optional> createTime() { + return Optional.ofNullable(this.createTime); + } + + /** + * A human-readable description of the resource. + * + */ + @Import(name="description") + private @Nullable Output description; + + /** + * @return A human-readable description of the resource. + * + */ + public Optional> description() { + return Optional.ofNullable(this.description); + } + + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + @Import(name="effectiveLabels") + private @Nullable Output> effectiveLabels; + + /** + * @return All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + */ + public Optional>> effectiveLabels() { + return Optional.ofNullable(this.effectiveLabels); + } + + /** + * Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + */ + @Import(name="failOpen") + private @Nullable Output failOpen; + + /** + * @return Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + */ + public Optional> failOpen() { + return Optional.ofNullable(this.failOpen); + } + + /** + * List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + */ + @Import(name="forwardHeaders") + private @Nullable Output> forwardHeaders; + + /** + * @return List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + */ + public Optional>> forwardHeaders() { + return Optional.ofNullable(this.forwardHeaders); + } + + /** + * Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + @Import(name="labels") + private @Nullable Output> labels; + + /** + * @return Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + */ + public Optional>> labels() { + return Optional.ofNullable(this.labels); + } + + /** + * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + */ + @Import(name="loadBalancingScheme") + private @Nullable Output loadBalancingScheme; + + /** + * @return All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + */ + public Optional> loadBalancingScheme() { + return Optional.ofNullable(this.loadBalancingScheme); + } + + /** + * The location of the resource. + * + * *** + * + */ + @Import(name="location") + private @Nullable Output location; + + /** + * @return The location of the resource. + * + * *** + * + */ + public Optional> location() { + return Optional.ofNullable(this.location); + } + + /** + * The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + */ + @Import(name="metadata") + private @Nullable Output> metadata; + + /** + * @return The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + */ + public Optional>> metadata() { + return Optional.ofNullable(this.metadata); + } + + /** + * Identifier. Name of the AuthzExtension resource. + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Identifier. Name of the AuthzExtension resource. + * + */ + public Optional> name() { + return Optional.ofNullable(this.name); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + */ + public Optional> project() { + return Optional.ofNullable(this.project); + } + + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + @Import(name="pulumiLabels") + private @Nullable Output> pulumiLabels; + + /** + * @return The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + */ + public Optional>> pulumiLabels() { + return Optional.ofNullable(this.pulumiLabels); + } + + /** + * The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + */ + @Import(name="service") + private @Nullable Output service; + + /** + * @return The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + */ + public Optional> service() { + return Optional.ofNullable(this.service); + } + + /** + * Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + */ + @Import(name="timeout") + private @Nullable Output timeout; + + /** + * @return Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + */ + public Optional> timeout() { + return Optional.ofNullable(this.timeout); + } + + /** + * The timestamp when the resource was updated. + * + */ + @Import(name="updateTime") + private @Nullable Output updateTime; + + /** + * @return The timestamp when the resource was updated. + * + */ + public Optional> updateTime() { + return Optional.ofNullable(this.updateTime); + } + + /** + * The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + */ + @Import(name="wireFormat") + private @Nullable Output wireFormat; + + /** + * @return The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + */ + public Optional> wireFormat() { + return Optional.ofNullable(this.wireFormat); + } + + private AuthzExtensionState() {} + + private AuthzExtensionState(AuthzExtensionState $) { + this.authority = $.authority; + this.createTime = $.createTime; + this.description = $.description; + this.effectiveLabels = $.effectiveLabels; + this.failOpen = $.failOpen; + this.forwardHeaders = $.forwardHeaders; + this.labels = $.labels; + this.loadBalancingScheme = $.loadBalancingScheme; + this.location = $.location; + this.metadata = $.metadata; + this.name = $.name; + this.project = $.project; + this.pulumiLabels = $.pulumiLabels; + this.service = $.service; + this.timeout = $.timeout; + this.updateTime = $.updateTime; + this.wireFormat = $.wireFormat; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(AuthzExtensionState defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private AuthzExtensionState $; + + public Builder() { + $ = new AuthzExtensionState(); + } + + public Builder(AuthzExtensionState defaults) { + $ = new AuthzExtensionState(Objects.requireNonNull(defaults)); + } + + /** + * @param authority The :authority header in the gRPC request sent from Envoy to the extension service. + * + * @return builder + * + */ + public Builder authority(@Nullable Output authority) { + $.authority = authority; + return this; + } + + /** + * @param authority The :authority header in the gRPC request sent from Envoy to the extension service. + * + * @return builder + * + */ + public Builder authority(String authority) { + return authority(Output.of(authority)); + } + + /** + * @param createTime The timestamp when the resource was created. + * + * @return builder + * + */ + public Builder createTime(@Nullable Output createTime) { + $.createTime = createTime; + return this; + } + + /** + * @param createTime The timestamp when the resource was created. + * + * @return builder + * + */ + public Builder createTime(String createTime) { + return createTime(Output.of(createTime)); + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(@Nullable Output description) { + $.description = description; + return this; + } + + /** + * @param description A human-readable description of the resource. + * + * @return builder + * + */ + public Builder description(String description) { + return description(Output.of(description)); + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(@Nullable Output> effectiveLabels) { + $.effectiveLabels = effectiveLabels; + return this; + } + + /** + * @param effectiveLabels All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + * + * @return builder + * + */ + public Builder effectiveLabels(Map effectiveLabels) { + return effectiveLabels(Output.of(effectiveLabels)); + } + + /** + * @param failOpen Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + * @return builder + * + */ + public Builder failOpen(@Nullable Output failOpen) { + $.failOpen = failOpen; + return this; + } + + /** + * @param failOpen Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + * + * @return builder + * + */ + public Builder failOpen(Boolean failOpen) { + return failOpen(Output.of(failOpen)); + } + + /** + * @param forwardHeaders List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + * @return builder + * + */ + public Builder forwardHeaders(@Nullable Output> forwardHeaders) { + $.forwardHeaders = forwardHeaders; + return this; + } + + /** + * @param forwardHeaders List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + * @return builder + * + */ + public Builder forwardHeaders(List forwardHeaders) { + return forwardHeaders(Output.of(forwardHeaders)); + } + + /** + * @param forwardHeaders List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + * + * @return builder + * + */ + public Builder forwardHeaders(String... forwardHeaders) { + return forwardHeaders(List.of(forwardHeaders)); + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(@Nullable Output> labels) { + $.labels = labels; + return this; + } + + /** + * @param labels Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effective_labels` for all of the labels present on the resource. + * + * @return builder + * + */ + public Builder labels(Map labels) { + return labels(Output.of(labels)); + } + + /** + * @param loadBalancingScheme All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + * @return builder + * + */ + public Builder loadBalancingScheme(@Nullable Output loadBalancingScheme) { + $.loadBalancingScheme = loadBalancingScheme; + return this; + } + + /** + * @param loadBalancingScheme All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + * + * @return builder + * + */ + public Builder loadBalancingScheme(String loadBalancingScheme) { + return loadBalancingScheme(Output.of(loadBalancingScheme)); + } + + /** + * @param location The location of the resource. + * + * *** + * + * @return builder + * + */ + public Builder location(@Nullable Output location) { + $.location = location; + return this; + } + + /** + * @param location The location of the resource. + * + * *** + * + * @return builder + * + */ + public Builder location(String location) { + return location(Output.of(location)); + } + + /** + * @param metadata The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + * @return builder + * + */ + public Builder metadata(@Nullable Output> metadata) { + $.metadata = metadata; + return this; + } + + /** + * @param metadata The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.<resourceName>. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + * + * @return builder + * + */ + public Builder metadata(Map metadata) { + return metadata(Output.of(metadata)); + } + + /** + * @param name Identifier. Name of the AuthzExtension resource. + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Identifier. Name of the AuthzExtension resource. + * + * @return builder + * + */ + public Builder name(String name) { + return name(Output.of(name)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + * + * @return builder + * + */ + public Builder project(String project) { + return project(Output.of(project)); + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(@Nullable Output> pulumiLabels) { + $.pulumiLabels = pulumiLabels; + return this; + } + + /** + * @param pulumiLabels The combination of labels configured directly on the resource + * and default labels configured on the provider. + * + * @return builder + * + */ + public Builder pulumiLabels(Map pulumiLabels) { + return pulumiLabels(Output.of(pulumiLabels)); + } + + /** + * @param service The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + * @return builder + * + */ + public Builder service(@Nullable Output service) { + $.service = service; + return this; + } + + /** + * @param service The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + * + * @return builder + * + */ + public Builder service(String service) { + return service(Output.of(service)); + } + + /** + * @param timeout Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + * @return builder + * + */ + public Builder timeout(@Nullable Output timeout) { + $.timeout = timeout; + return this; + } + + /** + * @param timeout Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + * + * @return builder + * + */ + public Builder timeout(String timeout) { + return timeout(Output.of(timeout)); + } + + /** + * @param updateTime The timestamp when the resource was updated. + * + * @return builder + * + */ + public Builder updateTime(@Nullable Output updateTime) { + $.updateTime = updateTime; + return this; + } + + /** + * @param updateTime The timestamp when the resource was updated. + * + * @return builder + * + */ + public Builder updateTime(String updateTime) { + return updateTime(Output.of(updateTime)); + } + + /** + * @param wireFormat The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + * @return builder + * + */ + public Builder wireFormat(@Nullable Output wireFormat) { + $.wireFormat = wireFormat; + return this; + } + + /** + * @param wireFormat The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + * + * @return builder + * + */ + public Builder wireFormat(String wireFormat) { + return wireFormat(Output.of(wireFormat)); + } + + public AuthzExtensionState build() { + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/oracledatabase/AutonomousDatabase.java b/sdk/java/src/main/java/com/pulumi/gcp/oracledatabase/AutonomousDatabase.java index cbbe4e78e1..185aed73b4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/oracledatabase/AutonomousDatabase.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/oracledatabase/AutonomousDatabase.java @@ -66,7 +66,7 @@ * .autonomousDatabaseId("my-instance") * .location("us-east4") * .project("my-project") - * .database("testdb") + * .database("mydatabase") * .adminPassword("123Abpassword") * .network(default_.id()) * .cidr("10.5.0.0/24") @@ -123,7 +123,7 @@ * .location("us-east4") * .project("my-project") * .displayName("autonomousDatabase displayname") - * .database("testdatabase") + * .database("mydatabase") * .adminPassword("123Abpassword") * .network(default_.id()) * .cidr("10.5.0.0/24") diff --git a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/Policy.java b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/Policy.java index bc362a46e8..31ea37181e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/Policy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/Policy.java @@ -64,8 +64,8 @@ * .build()); * * var primary = new Policy("primary", PolicyArgs.builder() - * .name(basic.name().applyValue(name -> String.format("projects/%s/policies/iam.disableServiceAccountKeyUpload", name))) - * .parent(basic.name().applyValue(name -> String.format("projects/%s", name))) + * .name(basic.projectId().applyValue(projectId -> String.format("projects/%s/policies/iam.disableServiceAccountKeyUpload", projectId))) + * .parent(basic.projectId().applyValue(projectId -> String.format("projects/%s", projectId))) * .spec(PolicySpecArgs.builder() * .rules(PolicySpecRuleArgs.builder() * .enforce("FALSE") @@ -203,8 +203,8 @@ * .build()); * * var primary = new Policy("primary", PolicyArgs.builder() - * .name(basic.name().applyValue(name -> String.format("projects/%s/policies/gcp.resourceLocations", name))) - * .parent(basic.name().applyValue(name -> String.format("projects/%s", name))) + * .name(basic.projectId().applyValue(projectId -> String.format("projects/%s/policies/gcp.resourceLocations", projectId))) + * .parent(basic.projectId().applyValue(projectId -> String.format("projects/%s", projectId))) * .spec(PolicySpecArgs.builder() * .rules( * PolicySpecRuleArgs.builder() @@ -292,6 +292,65 @@ * } * * <!--End PulumiCodeChooser --> + * ### Org Policy Policy Parameters Enforce + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.gcp.organizations.Project;
+ * import com.pulumi.gcp.organizations.ProjectArgs;
+ * import com.pulumi.gcp.orgpolicy.Policy;
+ * import com.pulumi.gcp.orgpolicy.PolicyArgs;
+ * import com.pulumi.gcp.orgpolicy.inputs.PolicySpecArgs;
+ * import static com.pulumi.codegen.internal.Serialization.*;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var basic = new Project("basic", ProjectArgs.builder()
+ *             .projectId("id")
+ *             .name("id")
+ *             .orgId("123456789")
+ *             .deletionPolicy("DELETE")
+ *             .build());
+ * 
+ *         var primary = new Policy("primary", PolicyArgs.builder()
+ *             .name(basic.name().applyValue(name -> String.format("projects/%s/policies/compute.managed.restrictDiskCreation", name)))
+ *             .parent(basic.name().applyValue(name -> String.format("projects/%s", name)))
+ *             .spec(PolicySpecArgs.builder()
+ *                 .rules(PolicySpecRuleArgs.builder()
+ *                     .enforce("TRUE")
+ *                     .parameters(serializeJson(
+ *                         jsonObject(
+ *                             jsonProperty("isSizeLimitCheck", true),
+ *                             jsonProperty("allowedDiskTypes", jsonArray(
+ *                                 "pd-ssd", 
+ *                                 "pd-standard"
+ *                             ))
+ *                         )))
+ *                     .build())
+ *                 .build())
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> * * ## Import * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicyDryRunSpecRuleArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicyDryRunSpecRuleArgs.java index 4dc89d8873..199dd3f2df 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicyDryRunSpecRuleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicyDryRunSpecRuleArgs.java @@ -79,6 +79,21 @@ public Optional> enforce() { return Optional.ofNullable(this.enforce); } + /** + * Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + @Import(name="parameters") + private @Nullable Output parameters; + + /** + * @return Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + public Optional> parameters() { + return Optional.ofNullable(this.parameters); + } + /** * List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -103,6 +118,7 @@ private PolicyDryRunSpecRuleArgs(PolicyDryRunSpecRuleArgs $) { this.condition = $.condition; this.denyAll = $.denyAll; this.enforce = $.enforce; + this.parameters = $.parameters; this.values = $.values; } @@ -210,6 +226,27 @@ public Builder enforce(String enforce) { return enforce(Output.of(enforce)); } + /** + * @param parameters Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + * @return builder + * + */ + public Builder parameters(@Nullable Output parameters) { + $.parameters = parameters; + return this; + } + + /** + * @param parameters Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + * @return builder + * + */ + public Builder parameters(String parameters) { + return parameters(Output.of(parameters)); + } + /** * @param values List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicySpecRuleArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicySpecRuleArgs.java index 7ef51f103c..33262f9ff7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicySpecRuleArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/inputs/PolicySpecRuleArgs.java @@ -79,6 +79,21 @@ public Optional> enforce() { return Optional.ofNullable(this.enforce); } + /** + * Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + @Import(name="parameters") + private @Nullable Output parameters; + + /** + * @return Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + public Optional> parameters() { + return Optional.ofNullable(this.parameters); + } + /** * List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -103,6 +118,7 @@ private PolicySpecRuleArgs(PolicySpecRuleArgs $) { this.condition = $.condition; this.denyAll = $.denyAll; this.enforce = $.enforce; + this.parameters = $.parameters; this.values = $.values; } @@ -210,6 +226,27 @@ public Builder enforce(String enforce) { return enforce(Output.of(enforce)); } + /** + * @param parameters Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + * @return builder + * + */ + public Builder parameters(@Nullable Output parameters) { + $.parameters = parameters; + return this; + } + + /** + * @param parameters Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + * @return builder + * + */ + public Builder parameters(String parameters) { + return parameters(Output.of(parameters)); + } + /** * @param values List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicyDryRunSpecRule.java b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicyDryRunSpecRule.java index 17917a25aa..f23c9e4c82 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicyDryRunSpecRule.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicyDryRunSpecRule.java @@ -34,6 +34,11 @@ public final class PolicyDryRunSpecRule { * */ private @Nullable String enforce; + /** + * @return Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + private @Nullable String parameters; /** * @return List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -71,6 +76,13 @@ public Optional denyAll() { public Optional enforce() { return Optional.ofNullable(this.enforce); } + /** + * @return Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + public Optional parameters() { + return Optional.ofNullable(this.parameters); + } /** * @return List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -93,6 +105,7 @@ public static final class Builder { private @Nullable PolicyDryRunSpecRuleCondition condition; private @Nullable String denyAll; private @Nullable String enforce; + private @Nullable String parameters; private @Nullable PolicyDryRunSpecRuleValues values; public Builder() {} public Builder(PolicyDryRunSpecRule defaults) { @@ -101,6 +114,7 @@ public Builder(PolicyDryRunSpecRule defaults) { this.condition = defaults.condition; this.denyAll = defaults.denyAll; this.enforce = defaults.enforce; + this.parameters = defaults.parameters; this.values = defaults.values; } @@ -129,6 +143,12 @@ public Builder enforce(@Nullable String enforce) { return this; } @CustomType.Setter + public Builder parameters(@Nullable String parameters) { + + this.parameters = parameters; + return this; + } + @CustomType.Setter public Builder values(@Nullable PolicyDryRunSpecRuleValues values) { this.values = values; @@ -140,6 +160,7 @@ public PolicyDryRunSpecRule build() { _resultValue.condition = condition; _resultValue.denyAll = denyAll; _resultValue.enforce = enforce; + _resultValue.parameters = parameters; _resultValue.values = values; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicySpecRule.java b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicySpecRule.java index 48d77d62a3..dc76258de5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicySpecRule.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/orgpolicy/outputs/PolicySpecRule.java @@ -34,6 +34,11 @@ public final class PolicySpecRule { * */ private @Nullable String enforce; + /** + * @return Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + private @Nullable String parameters; /** * @return List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -71,6 +76,13 @@ public Optional denyAll() { public Optional enforce() { return Optional.ofNullable(this.enforce); } + /** + * @return Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + * + */ + public Optional parameters() { + return Optional.ofNullable(this.parameters); + } /** * @return List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -93,6 +105,7 @@ public static final class Builder { private @Nullable PolicySpecRuleCondition condition; private @Nullable String denyAll; private @Nullable String enforce; + private @Nullable String parameters; private @Nullable PolicySpecRuleValues values; public Builder() {} public Builder(PolicySpecRule defaults) { @@ -101,6 +114,7 @@ public Builder(PolicySpecRule defaults) { this.condition = defaults.condition; this.denyAll = defaults.denyAll; this.enforce = defaults.enforce; + this.parameters = defaults.parameters; this.values = defaults.values; } @@ -129,6 +143,12 @@ public Builder enforce(@Nullable String enforce) { return this; } @CustomType.Setter + public Builder parameters(@Nullable String parameters) { + + this.parameters = parameters; + return this; + } + @CustomType.Setter public Builder values(@Nullable PolicySpecRuleValues values) { this.values = values; @@ -140,6 +160,7 @@ public PolicySpecRule build() { _resultValue.condition = condition; _resultValue.denyAll = denyAll; _resultValue.enforce = enforce; + _resultValue.parameters = parameters; _resultValue.values = values; return _resultValue; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstance.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstance.java index 9a67151ba5..acf1591a41 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstance.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstance.java @@ -434,8 +434,8 @@ public Output connectionName() { * The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -449,8 +449,8 @@ public Output connectionName() { * @return The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstanceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstanceArgs.java index e2365690c5..a2c287316d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstanceArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/DatabaseInstanceArgs.java @@ -45,8 +45,8 @@ public Optional> clone_() { * The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -60,8 +60,8 @@ public Optional> clone_() { * @return The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -378,8 +378,8 @@ public Builder clone_(DatabaseInstanceCloneArgs clone) { * @param databaseVersion The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -397,8 +397,8 @@ public Builder databaseVersion(Output databaseVersion) { * @param databaseVersion The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java index fd0d63b46d..762b108449 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceSettingsArgs.java @@ -111,14 +111,14 @@ public Optional> collation() { } /** - * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. * */ @Import(name="connectorEnforcement") private @Nullable Output connectorEnforcement; /** - * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * @return Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. * */ public Optional> connectorEnforcement() { @@ -568,7 +568,7 @@ public Builder collation(String collation) { } /** - * @param connectorEnforcement Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * @param connectorEnforcement Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. * * @return builder * @@ -579,7 +579,7 @@ public Builder connectorEnforcement(@Nullable Output connectorEnforcemen } /** - * @param connectorEnforcement Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * @param connectorEnforcement Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceState.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceState.java index 0afc57bde0..d8269c0331 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/inputs/DatabaseInstanceState.java @@ -78,8 +78,8 @@ public Optional> connectionName() { * The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -93,8 +93,8 @@ public Optional> connectionName() { * @return The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -597,8 +597,8 @@ public Builder connectionName(String connectionName) { * @param databaseVersion The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -616,8 +616,8 @@ public Builder databaseVersion(@Nullable Output databaseVersion) { * @param databaseVersion The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java index 5d71fb976c..d688762251 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sql/outputs/DatabaseInstanceSettings.java @@ -53,7 +53,7 @@ public final class DatabaseInstanceSettings { */ private @Nullable String collation; /** - * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * @return Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. * */ private @Nullable String connectorEnforcement; @@ -185,7 +185,7 @@ public Optional collation() { return Optional.ofNullable(this.collation); } /** - * @return Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * @return Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. * */ public Optional connectorEnforcement() { diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecArgs.java index 56c59dbf13..19cbce2fc7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecArgs.java @@ -9,6 +9,7 @@ import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecAzureBlobStorageDataSourceArgs; import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecGcsDataSinkArgs; import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecGcsDataSourceArgs; +import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecHdfsDataSourceArgs; import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecHttpDataSourceArgs; import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecObjectConditionsArgs; import com.pulumi.gcp.storage.inputs.TransferJobTransferSpecPosixDataSinkArgs; @@ -84,6 +85,21 @@ public Optional> gcsDataSource( return Optional.ofNullable(this.gcsDataSource); } + /** + * An HDFS data source. Structure documented below. + * + */ + @Import(name="hdfsDataSource") + private @Nullable Output hdfsDataSource; + + /** + * @return An HDFS data source. Structure documented below. + * + */ + public Optional> hdfsDataSource() { + return Optional.ofNullable(this.hdfsDataSource); + } + /** * A HTTP URL data source. Structure documented below. * @@ -196,6 +212,7 @@ private TransferJobTransferSpecArgs(TransferJobTransferSpecArgs $) { this.azureBlobStorageDataSource = $.azureBlobStorageDataSource; this.gcsDataSink = $.gcsDataSink; this.gcsDataSource = $.gcsDataSource; + this.hdfsDataSource = $.hdfsDataSource; this.httpDataSource = $.httpDataSource; this.objectConditions = $.objectConditions; this.posixDataSink = $.posixDataSink; @@ -307,6 +324,27 @@ public Builder gcsDataSource(TransferJobTransferSpecGcsDataSourceArgs gcsDataSou return gcsDataSource(Output.of(gcsDataSource)); } + /** + * @param hdfsDataSource An HDFS data source. Structure documented below. + * + * @return builder + * + */ + public Builder hdfsDataSource(@Nullable Output hdfsDataSource) { + $.hdfsDataSource = hdfsDataSource; + return this; + } + + /** + * @param hdfsDataSource An HDFS data source. Structure documented below. + * + * @return builder + * + */ + public Builder hdfsDataSource(TransferJobTransferSpecHdfsDataSourceArgs hdfsDataSource) { + return hdfsDataSource(Output.of(hdfsDataSource)); + } + /** * @param httpDataSource A HTTP URL data source. Structure documented below. * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecHdfsDataSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecHdfsDataSourceArgs.java new file mode 100644 index 0000000000..bd66c37668 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecHdfsDataSourceArgs.java @@ -0,0 +1,85 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.storage.inputs; + +import com.pulumi.core.Output; +import com.pulumi.core.annotations.Import; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + + +public final class TransferJobTransferSpecHdfsDataSourceArgs extends com.pulumi.resources.ResourceArgs { + + public static final TransferJobTransferSpecHdfsDataSourceArgs Empty = new TransferJobTransferSpecHdfsDataSourceArgs(); + + /** + * Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + * + */ + @Import(name="path", required=true) + private Output path; + + /** + * @return Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + * + */ + public Output path() { + return this.path; + } + + private TransferJobTransferSpecHdfsDataSourceArgs() {} + + private TransferJobTransferSpecHdfsDataSourceArgs(TransferJobTransferSpecHdfsDataSourceArgs $) { + this.path = $.path; + } + + public static Builder builder() { + return new Builder(); + } + public static Builder builder(TransferJobTransferSpecHdfsDataSourceArgs defaults) { + return new Builder(defaults); + } + + public static final class Builder { + private TransferJobTransferSpecHdfsDataSourceArgs $; + + public Builder() { + $ = new TransferJobTransferSpecHdfsDataSourceArgs(); + } + + public Builder(TransferJobTransferSpecHdfsDataSourceArgs defaults) { + $ = new TransferJobTransferSpecHdfsDataSourceArgs(Objects.requireNonNull(defaults)); + } + + /** + * @param path Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + * + * @return builder + * + */ + public Builder path(Output path) { + $.path = path; + return this; + } + + /** + * @param path Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + * + * @return builder + * + */ + public Builder path(String path) { + return path(Output.of(path)); + } + + public TransferJobTransferSpecHdfsDataSourceArgs build() { + if ($.path == null) { + throw new MissingRequiredPropertyException("TransferJobTransferSpecHdfsDataSourceArgs", "path"); + } + return $; + } + } + +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecPosixDataSourceArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecPosixDataSourceArgs.java index ad6d91d7b9..ec3027c8ac 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecPosixDataSourceArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/TransferJobTransferSpecPosixDataSourceArgs.java @@ -17,8 +17,6 @@ public final class TransferJobTransferSpecPosixDataSourceArgs extends com.pulumi /** * Root directory path to the filesystem. * - * <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: - * */ @Import(name="rootDirectory", required=true) private Output rootDirectory; @@ -26,8 +24,6 @@ public final class TransferJobTransferSpecPosixDataSourceArgs extends com.pulumi /** * @return Root directory path to the filesystem. * - * <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: - * */ public Output rootDirectory() { return this.rootDirectory; @@ -60,8 +56,6 @@ public Builder(TransferJobTransferSpecPosixDataSourceArgs defaults) { /** * @param rootDirectory Root directory path to the filesystem. * - * <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: - * * @return builder * */ @@ -73,8 +67,6 @@ public Builder rootDirectory(Output rootDirectory) { /** * @param rootDirectory Root directory path to the filesystem. * - * <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpec.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpec.java index 639eb13a05..cb4414575c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpec.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpec.java @@ -8,6 +8,7 @@ import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecAzureBlobStorageDataSource; import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecGcsDataSink; import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecGcsDataSource; +import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecHdfsDataSource; import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecHttpDataSource; import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecObjectConditions; import com.pulumi.gcp.storage.outputs.TransferJobTransferSpecPosixDataSink; @@ -40,6 +41,11 @@ public final class TransferJobTransferSpec { * */ private @Nullable TransferJobTransferSpecGcsDataSource gcsDataSource; + /** + * @return An HDFS data source. Structure documented below. + * + */ + private @Nullable TransferJobTransferSpecHdfsDataSource hdfsDataSource; /** * @return A HTTP URL data source. Structure documented below. * @@ -105,6 +111,13 @@ public Optional gcsDataSink() { public Optional gcsDataSource() { return Optional.ofNullable(this.gcsDataSource); } + /** + * @return An HDFS data source. Structure documented below. + * + */ + public Optional hdfsDataSource() { + return Optional.ofNullable(this.hdfsDataSource); + } /** * @return A HTTP URL data source. Structure documented below. * @@ -168,6 +181,7 @@ public static final class Builder { private @Nullable TransferJobTransferSpecAzureBlobStorageDataSource azureBlobStorageDataSource; private @Nullable TransferJobTransferSpecGcsDataSink gcsDataSink; private @Nullable TransferJobTransferSpecGcsDataSource gcsDataSource; + private @Nullable TransferJobTransferSpecHdfsDataSource hdfsDataSource; private @Nullable TransferJobTransferSpecHttpDataSource httpDataSource; private @Nullable TransferJobTransferSpecObjectConditions objectConditions; private @Nullable TransferJobTransferSpecPosixDataSink posixDataSink; @@ -182,6 +196,7 @@ public Builder(TransferJobTransferSpec defaults) { this.azureBlobStorageDataSource = defaults.azureBlobStorageDataSource; this.gcsDataSink = defaults.gcsDataSink; this.gcsDataSource = defaults.gcsDataSource; + this.hdfsDataSource = defaults.hdfsDataSource; this.httpDataSource = defaults.httpDataSource; this.objectConditions = defaults.objectConditions; this.posixDataSink = defaults.posixDataSink; @@ -216,6 +231,12 @@ public Builder gcsDataSource(@Nullable TransferJobTransferSpecGcsDataSource gcsD return this; } @CustomType.Setter + public Builder hdfsDataSource(@Nullable TransferJobTransferSpecHdfsDataSource hdfsDataSource) { + + this.hdfsDataSource = hdfsDataSource; + return this; + } + @CustomType.Setter public Builder httpDataSource(@Nullable TransferJobTransferSpecHttpDataSource httpDataSource) { this.httpDataSource = httpDataSource; @@ -263,6 +284,7 @@ public TransferJobTransferSpec build() { _resultValue.azureBlobStorageDataSource = azureBlobStorageDataSource; _resultValue.gcsDataSink = gcsDataSink; _resultValue.gcsDataSource = gcsDataSource; + _resultValue.hdfsDataSource = hdfsDataSource; _resultValue.httpDataSource = httpDataSource; _resultValue.objectConditions = objectConditions; _resultValue.posixDataSink = posixDataSink; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecHdfsDataSource.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecHdfsDataSource.java new file mode 100644 index 0000000000..d00b75b1b2 --- /dev/null +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecHdfsDataSource.java @@ -0,0 +1,58 @@ +// *** WARNING: this file was generated by pulumi-java-gen. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +package com.pulumi.gcp.storage.outputs; + +import com.pulumi.core.annotations.CustomType; +import com.pulumi.exceptions.MissingRequiredPropertyException; +import java.lang.String; +import java.util.Objects; + +@CustomType +public final class TransferJobTransferSpecHdfsDataSource { + /** + * @return Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + * + */ + private String path; + + private TransferJobTransferSpecHdfsDataSource() {} + /** + * @return Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + * + */ + public String path() { + return this.path; + } + + public static Builder builder() { + return new Builder(); + } + + public static Builder builder(TransferJobTransferSpecHdfsDataSource defaults) { + return new Builder(defaults); + } + @CustomType.Builder + public static final class Builder { + private String path; + public Builder() {} + public Builder(TransferJobTransferSpecHdfsDataSource defaults) { + Objects.requireNonNull(defaults); + this.path = defaults.path; + } + + @CustomType.Setter + public Builder path(String path) { + if (path == null) { + throw new MissingRequiredPropertyException("TransferJobTransferSpecHdfsDataSource", "path"); + } + this.path = path; + return this; + } + public TransferJobTransferSpecHdfsDataSource build() { + final var _resultValue = new TransferJobTransferSpecHdfsDataSource(); + _resultValue.path = path; + return _resultValue; + } + } +} diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecPosixDataSource.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecPosixDataSource.java index 1ee6401862..66585c107a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecPosixDataSource.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/outputs/TransferJobTransferSpecPosixDataSource.java @@ -13,8 +13,6 @@ public final class TransferJobTransferSpecPosixDataSource { /** * @return Root directory path to the filesystem. * - * <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: - * */ private String rootDirectory; @@ -22,8 +20,6 @@ private TransferJobTransferSpecPosixDataSource() {} /** * @return Root directory path to the filesystem. * - * <a name="nested_aws_s3_data_source"></a>The `aws_s3_data_source` block supports: - * */ public String rootDirectory() { return this.rootDirectory; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2Vm.java b/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2Vm.java index 7f24b2d618..ee1dd68f16 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2Vm.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2Vm.java @@ -164,6 +164,7 @@ * .enableExternalIps(true) * .network(network.id()) * .subnetwork(subnet.id()) + * .queueCount(32) * .build()) * .schedulingConfig(V2VmSchedulingConfigArgs.builder() * .preemptible(true) @@ -445,6 +446,24 @@ public Output name() { public Output networkConfig() { return this.networkConfig; } + /** + * Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + */ + @Export(name="networkConfigs", refs={List.class,V2VmNetworkConfig.class}, tree="[0,1]") + private Output> networkConfigs; + + /** + * @return Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + */ + public Output>> networkConfigs() { + return Codegen.optional(this.networkConfigs); + } /** * The network endpoints where TPU workers can be accessed and sent work. It is recommended that * runtime clients of the node reach out to the 0th entry in this map first. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2VmArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2VmArgs.java index 2f16078b4e..4dc587148d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2VmArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tpu/V2VmArgs.java @@ -183,6 +183,25 @@ public Optional> networkConfig() { return Optional.ofNullable(this.networkConfig); } + /** + * Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + */ + @Import(name="networkConfigs") + private @Nullable Output> networkConfigs; + + /** + * @return Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + */ + public Optional>> networkConfigs() { + return Optional.ofNullable(this.networkConfigs); + } + /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. @@ -314,6 +333,7 @@ private V2VmArgs(V2VmArgs $) { this.metadata = $.metadata; this.name = $.name; this.networkConfig = $.networkConfig; + this.networkConfigs = $.networkConfigs; this.project = $.project; this.runtimeVersion = $.runtimeVersion; this.schedulingConfig = $.schedulingConfig; @@ -565,6 +585,43 @@ public Builder networkConfig(V2VmNetworkConfigArgs networkConfig) { return networkConfig(Output.of(networkConfig)); } + /** + * @param networkConfigs Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + * @return builder + * + */ + public Builder networkConfigs(@Nullable Output> networkConfigs) { + $.networkConfigs = networkConfigs; + return this; + } + + /** + * @param networkConfigs Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + * @return builder + * + */ + public Builder networkConfigs(List networkConfigs) { + return networkConfigs(Output.of(networkConfigs)); + } + + /** + * @param networkConfigs Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + * @return builder + * + */ + public Builder networkConfigs(V2VmNetworkConfigArgs... networkConfigs) { + return networkConfigs(List.of(networkConfigs)); + } + /** * @param project The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmNetworkConfigArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmNetworkConfigArgs.java index ff6ea2523e..e55461abe7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmNetworkConfigArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmNetworkConfigArgs.java @@ -6,6 +6,7 @@ import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; import java.lang.Boolean; +import java.lang.Integer; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -52,9 +53,7 @@ public Optional> enableExternalIps() { /** * The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. * */ @Import(name="network") @@ -62,20 +61,31 @@ public Optional> enableExternalIps() { /** * @return The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. * */ public Optional> network() { return Optional.ofNullable(this.network); } + /** + * Specifies networking queue count for TPU VM instance's network interface. + * + */ + @Import(name="queueCount") + private @Nullable Output queueCount; + + /** + * @return Specifies networking queue count for TPU VM instance's network interface. + * + */ + public Optional> queueCount() { + return Optional.ofNullable(this.queueCount); + } + /** * The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. * */ @Import(name="subnetwork") @@ -83,9 +93,7 @@ public Optional> network() { /** * @return The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. * */ public Optional> subnetwork() { @@ -98,6 +106,7 @@ private V2VmNetworkConfigArgs(V2VmNetworkConfigArgs $) { this.canIpForward = $.canIpForward; this.enableExternalIps = $.enableExternalIps; this.network = $.network; + this.queueCount = $.queueCount; this.subnetwork = $.subnetwork; } @@ -167,9 +176,7 @@ public Builder enableExternalIps(Boolean enableExternalIps) { /** * @param network The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. * * @return builder * @@ -181,9 +188,7 @@ public Builder network(@Nullable Output network) { /** * @param network The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. * * @return builder * @@ -192,11 +197,30 @@ public Builder network(String network) { return network(Output.of(network)); } + /** + * @param queueCount Specifies networking queue count for TPU VM instance's network interface. + * + * @return builder + * + */ + public Builder queueCount(@Nullable Output queueCount) { + $.queueCount = queueCount; + return this; + } + + /** + * @param queueCount Specifies networking queue count for TPU VM instance's network interface. + * + * @return builder + * + */ + public Builder queueCount(Integer queueCount) { + return queueCount(Output.of(queueCount)); + } + /** * @param subnetwork The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. * * @return builder * @@ -208,9 +232,7 @@ public Builder subnetwork(@Nullable Output subnetwork) { /** * @param subnetwork The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. * * @return builder * diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmState.java b/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmState.java index 0d3456ef93..766842432f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tpu/inputs/V2VmState.java @@ -260,6 +260,25 @@ public Optional> networkConfig() { return Optional.ofNullable(this.networkConfig); } + /** + * Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + */ + @Import(name="networkConfigs") + private @Nullable Output> networkConfigs; + + /** + * @return Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + */ + public Optional>> networkConfigs() { + return Optional.ofNullable(this.networkConfigs); + } + /** * The network endpoints where TPU workers can be accessed and sent work. It is recommended that * runtime clients of the node reach out to the 0th entry in this map first. @@ -479,6 +498,7 @@ private V2VmState(V2VmState $) { this.multisliceNode = $.multisliceNode; this.name = $.name; this.networkConfig = $.networkConfig; + this.networkConfigs = $.networkConfigs; this.networkEndpoints = $.networkEndpoints; this.project = $.project; this.pulumiLabels = $.pulumiLabels; @@ -840,6 +860,43 @@ public Builder networkConfig(V2VmNetworkConfigArgs networkConfig) { return networkConfig(Output.of(networkConfig)); } + /** + * @param networkConfigs Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + * @return builder + * + */ + public Builder networkConfigs(@Nullable Output> networkConfigs) { + $.networkConfigs = networkConfigs; + return this; + } + + /** + * @param networkConfigs Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + * @return builder + * + */ + public Builder networkConfigs(List networkConfigs) { + return networkConfigs(Output.of(networkConfigs)); + } + + /** + * @param networkConfigs Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + * + * @return builder + * + */ + public Builder networkConfigs(V2VmNetworkConfigArgs... networkConfigs) { + return networkConfigs(List.of(networkConfigs)); + } + /** * @param networkEndpoints The network endpoints where TPU workers can be accessed and sent work. It is recommended that * runtime clients of the node reach out to the 0th entry in this map first. diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tpu/outputs/V2VmNetworkConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/tpu/outputs/V2VmNetworkConfig.java index 951a457985..5630380dc4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tpu/outputs/V2VmNetworkConfig.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tpu/outputs/V2VmNetworkConfig.java @@ -5,6 +5,7 @@ import com.pulumi.core.annotations.CustomType; import java.lang.Boolean; +import java.lang.Integer; import java.lang.String; import java.util.Objects; import java.util.Optional; @@ -26,17 +27,18 @@ public final class V2VmNetworkConfig { private @Nullable Boolean enableExternalIps; /** * @return The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. * */ private @Nullable String network; + /** + * @return Specifies networking queue count for TPU VM instance's network interface. + * + */ + private @Nullable Integer queueCount; /** * @return The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. * */ private @Nullable String subnetwork; @@ -60,19 +62,22 @@ public Optional enableExternalIps() { } /** * @return The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. * */ public Optional network() { return Optional.ofNullable(this.network); } + /** + * @return Specifies networking queue count for TPU VM instance's network interface. + * + */ + public Optional queueCount() { + return Optional.ofNullable(this.queueCount); + } /** * @return The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. * */ public Optional subnetwork() { @@ -91,6 +96,7 @@ public static final class Builder { private @Nullable Boolean canIpForward; private @Nullable Boolean enableExternalIps; private @Nullable String network; + private @Nullable Integer queueCount; private @Nullable String subnetwork; public Builder() {} public Builder(V2VmNetworkConfig defaults) { @@ -98,6 +104,7 @@ public Builder(V2VmNetworkConfig defaults) { this.canIpForward = defaults.canIpForward; this.enableExternalIps = defaults.enableExternalIps; this.network = defaults.network; + this.queueCount = defaults.queueCount; this.subnetwork = defaults.subnetwork; } @@ -120,6 +127,12 @@ public Builder network(@Nullable String network) { return this; } @CustomType.Setter + public Builder queueCount(@Nullable Integer queueCount) { + + this.queueCount = queueCount; + return this; + } + @CustomType.Setter public Builder subnetwork(@Nullable String subnetwork) { this.subnetwork = subnetwork; @@ -130,6 +143,7 @@ public V2VmNetworkConfig build() { _resultValue.canIpForward = canIpForward; _resultValue.enableExternalIps = enableExternalIps; _resultValue.network = network; + _resultValue.queueCount = queueCount; _resultValue.subnetwork = subnetwork; return _resultValue; } diff --git a/sdk/nodejs/accesscontextmanager/servicePerimeter.ts b/sdk/nodejs/accesscontextmanager/servicePerimeter.ts index 06de392fc8..6815b53adf 100644 --- a/sdk/nodejs/accesscontextmanager/servicePerimeter.ts +++ b/sdk/nodejs/accesscontextmanager/servicePerimeter.ts @@ -256,12 +256,6 @@ export class ServicePerimeter extends pulumi.CustomResource { * behavior. */ public readonly description!: pulumi.Output; - /** - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - */ - public /*out*/ readonly etag!: pulumi.Output; /** * Resource name for the ServicePerimeter. The shortName component must * begin with a letter and only include alphanumeric and '_'. @@ -346,7 +340,6 @@ export class ServicePerimeter extends pulumi.CustomResource { const state = argsOrState as ServicePerimeterState | undefined; resourceInputs["createTime"] = state ? state.createTime : undefined; resourceInputs["description"] = state ? state.description : undefined; - resourceInputs["etag"] = state ? state.etag : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["parent"] = state ? state.parent : undefined; resourceInputs["perimeterType"] = state ? state.perimeterType : undefined; @@ -372,7 +365,6 @@ export class ServicePerimeter extends pulumi.CustomResource { resourceInputs["title"] = args ? args.title : undefined; resourceInputs["useExplicitDryRunSpec"] = args ? args.useExplicitDryRunSpec : undefined; resourceInputs["createTime"] = undefined /*out*/; - resourceInputs["etag"] = undefined /*out*/; resourceInputs["updateTime"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); @@ -393,12 +385,6 @@ export interface ServicePerimeterState { * behavior. */ description?: pulumi.Input; - /** - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - */ - etag?: pulumi.Input; /** * Resource name for the ServicePerimeter. The shortName component must * begin with a letter and only include alphanumeric and '_'. diff --git a/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts b/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts index bab321a6a0..0ed89dbd81 100644 --- a/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts +++ b/sdk/nodejs/artifactregistry/getRepositoryIamPolicy.ts @@ -34,8 +34,12 @@ export function getRepositoryIamPolicy(args: GetRepositoryIamPolicyArgs, opts?: */ export interface GetRepositoryIamPolicyArgs { /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -102,8 +106,12 @@ export function getRepositoryIamPolicyOutput(args: GetRepositoryIamPolicyOutputA */ export interface GetRepositoryIamPolicyOutputArgs { /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ diff --git a/sdk/nodejs/artifactregistry/repository.ts b/sdk/nodejs/artifactregistry/repository.ts index 1c56a8ed1b..0b38df653a 100644 --- a/sdk/nodejs/artifactregistry/repository.ts +++ b/sdk/nodejs/artifactregistry/repository.ts @@ -30,6 +30,19 @@ import * as utilities from "../utilities"; * format: "DOCKER", * }); * ``` + * ### Artifact Registry Repository Multi Region + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const my_repo = new gcp.artifactregistry.Repository("my-repo", { + * repositoryId: "my-repository", + * description: "example docker repository", + * location: "us", + * format: "DOCKER", + * }); + * ``` * ### Artifact Registry Repository Docker * * ```typescript @@ -556,8 +569,6 @@ import * as utilities from "../utilities"; * * * `{{location}}/{{repository_id}}` * - * * `{{repository_id}}` - * * When using the `pulumi import` command, Repository can be imported using one of the formats above. For example: * * ```sh @@ -571,10 +582,6 @@ import * as utilities from "../utilities"; * ```sh * $ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}} * ``` - * - * ```sh - * $ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}} - * ``` */ export class Repository extends pulumi.CustomResource { /** @@ -639,9 +646,6 @@ export class Repository extends pulumi.CustomResource { * can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - * - * - * - - - */ public readonly format!: pulumi.Output; /** @@ -663,7 +667,12 @@ export class Repository extends pulumi.CustomResource { */ public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>; /** - * The name of the location this repository is located in. + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. */ public readonly location!: pulumi.Output; /** @@ -702,6 +711,9 @@ export class Repository extends pulumi.CustomResource { /** * The last part of the repository name, for example: * "repo1" + * + * + * - - - */ public readonly repositoryId!: pulumi.Output; /** @@ -820,9 +832,6 @@ export interface RepositoryState { * can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - * - * - * - - - */ format?: pulumi.Input; /** @@ -844,7 +853,12 @@ export interface RepositoryState { */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** - * The name of the location this repository is located in. + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. */ location?: pulumi.Input; /** @@ -883,6 +897,9 @@ export interface RepositoryState { /** * The last part of the repository name, for example: * "repo1" + * + * + * - - - */ repositoryId?: pulumi.Input; /** @@ -927,9 +944,6 @@ export interface RepositoryArgs { * can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). * You can only create alpha formats if you are a member of the * [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - * - * - * - - - */ format: pulumi.Input; /** @@ -951,7 +965,12 @@ export interface RepositoryArgs { */ labels?: pulumi.Input<{[key: string]: pulumi.Input}>; /** - * The name of the location this repository is located in. + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. */ location?: pulumi.Input; /** @@ -980,6 +999,9 @@ export interface RepositoryArgs { /** * The last part of the repository name, for example: * "repo1" + * + * + * - - - */ repositoryId: pulumi.Input; /** diff --git a/sdk/nodejs/artifactregistry/repositoryIamBinding.ts b/sdk/nodejs/artifactregistry/repositoryIamBinding.ts index 2100b7b0f2..2076fd0ad5 100644 --- a/sdk/nodejs/artifactregistry/repositoryIamBinding.ts +++ b/sdk/nodejs/artifactregistry/repositoryIamBinding.ts @@ -212,8 +212,12 @@ export class RepositoryIamBinding extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -302,8 +306,12 @@ export interface RepositoryIamBindingState { */ etag?: pulumi.Input; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -345,8 +353,12 @@ export interface RepositoryIamBindingState { export interface RepositoryIamBindingArgs { condition?: pulumi.Input; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ diff --git a/sdk/nodejs/artifactregistry/repositoryIamMember.ts b/sdk/nodejs/artifactregistry/repositoryIamMember.ts index 30b3ea2c26..abc50d875c 100644 --- a/sdk/nodejs/artifactregistry/repositoryIamMember.ts +++ b/sdk/nodejs/artifactregistry/repositoryIamMember.ts @@ -212,8 +212,12 @@ export class RepositoryIamMember extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -302,8 +306,12 @@ export interface RepositoryIamMemberState { */ etag?: pulumi.Input; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -345,8 +353,12 @@ export interface RepositoryIamMemberState { export interface RepositoryIamMemberArgs { condition?: pulumi.Input; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ diff --git a/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts b/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts index ce77bcfcb0..dd1eec5009 100644 --- a/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts +++ b/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts @@ -209,8 +209,12 @@ export class RepositoryIamPolicy extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -276,8 +280,12 @@ export interface RepositoryIamPolicyState { */ etag?: pulumi.Input; /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ @@ -303,8 +311,12 @@ export interface RepositoryIamPolicyState { */ export interface RepositoryIamPolicyArgs { /** - * The name of the location this repository is located in. - * Used to find the parent resource to bind the IAM policy to. If not specified, + * The name of the repository's location. In addition to specific regions, + * special values for multi-region locations are `asia`, `europe`, and `us`. + * See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + * or use the + * gcp.artifactregistry.getLocations + * data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, * the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no * location is specified, it is taken from the provider configuration. */ diff --git a/sdk/nodejs/compute/getGlobalForwardingRule.ts b/sdk/nodejs/compute/getGlobalForwardingRule.ts index 9ca9ea2487..5e1898645e 100644 --- a/sdk/nodejs/compute/getGlobalForwardingRule.ts +++ b/sdk/nodejs/compute/getGlobalForwardingRule.ts @@ -67,6 +67,7 @@ export interface GetGlobalForwardingRuleResult { readonly metadataFilters: outputs.compute.GetGlobalForwardingRuleMetadataFilter[]; readonly name: string; readonly network: string; + readonly networkTier: string; readonly noAutomateDnsZone: boolean; readonly portRange: string; readonly project?: string; diff --git a/sdk/nodejs/compute/globalForwardingRule.ts b/sdk/nodejs/compute/globalForwardingRule.ts index 055878b463..e0538f728a 100644 --- a/sdk/nodejs/compute/globalForwardingRule.ts +++ b/sdk/nodejs/compute/globalForwardingRule.ts @@ -194,6 +194,7 @@ import * as utilities from "../utilities"; * target: defaultTargetHttpProxy.id, * portRange: "80", * loadBalancingScheme: "EXTERNAL_MANAGED", + * networkTier: "PREMIUM", * }); * ``` * ### Global Forwarding Rule Hybrid @@ -578,6 +579,19 @@ export class GlobalForwardingRule extends pulumi.CustomResource { * APIs, a network must be provided. */ public readonly network!: pulumi.Output; + /** + * This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + */ + public readonly networkTier!: pulumi.Output; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ @@ -687,6 +701,7 @@ export class GlobalForwardingRule extends pulumi.CustomResource { resourceInputs["metadataFilters"] = state ? state.metadataFilters : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["network"] = state ? state.network : undefined; + resourceInputs["networkTier"] = state ? state.networkTier : undefined; resourceInputs["noAutomateDnsZone"] = state ? state.noAutomateDnsZone : undefined; resourceInputs["portRange"] = state ? state.portRange : undefined; resourceInputs["project"] = state ? state.project : undefined; @@ -713,6 +728,7 @@ export class GlobalForwardingRule extends pulumi.CustomResource { resourceInputs["metadataFilters"] = args ? args.metadataFilters : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["network"] = args ? args.network : undefined; + resourceInputs["networkTier"] = args ? args.networkTier : undefined; resourceInputs["noAutomateDnsZone"] = args ? args.noAutomateDnsZone : undefined; resourceInputs["portRange"] = args ? args.portRange : undefined; resourceInputs["project"] = args ? args.project : undefined; @@ -875,6 +891,19 @@ export interface GlobalForwardingRuleState { * APIs, a network must be provided. */ network?: pulumi.Input; + /** + * This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + */ + networkTier?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ @@ -1080,6 +1109,19 @@ export interface GlobalForwardingRuleArgs { * APIs, a network must be provided. */ network?: pulumi.Input; + /** + * This signifies the networking tier used for configuring + * this load balancer and can only take the following values: + * `PREMIUM`, `STANDARD`. + * For regional ForwardingRule, the valid values are `PREMIUM` and + * `STANDARD`. For GlobalForwardingRule, the valid value is + * `PREMIUM`. + * If this field is not specified, it is assumed to be `PREMIUM`. + * If `IPAddress` is specified, this value must be equal to the + * networkTier of the Address. + * Possible values are: `PREMIUM`, `STANDARD`. + */ + networkTier?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ diff --git a/sdk/nodejs/compute/projectCloudArmorTier.ts b/sdk/nodejs/compute/projectCloudArmorTier.ts index 607430c1ec..5fb576aaf0 100644 --- a/sdk/nodejs/compute/projectCloudArmorTier.ts +++ b/sdk/nodejs/compute/projectCloudArmorTier.ts @@ -96,7 +96,7 @@ export class ProjectCloudArmorTier extends pulumi.CustomResource { /** * Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * * - - - @@ -142,7 +142,7 @@ export class ProjectCloudArmorTier extends pulumi.CustomResource { export interface ProjectCloudArmorTierState { /** * Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * * - - - @@ -161,7 +161,7 @@ export interface ProjectCloudArmorTierState { export interface ProjectCloudArmorTierArgs { /** * Managed protection tier to be set. - * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + * Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. * * * - - - diff --git a/sdk/nodejs/firebase/databaseInstance.ts b/sdk/nodejs/firebase/databaseInstance.ts index cc08625440..b5f1c6f86b 100644 --- a/sdk/nodejs/firebase/databaseInstance.ts +++ b/sdk/nodejs/firebase/databaseInstance.ts @@ -38,6 +38,7 @@ import * as utilities from "../utilities"; * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; + * import * as time from "@pulumi/time"; * * const _default = new gcp.organizations.Project("default", { * projectId: "rtdb-project", @@ -48,10 +49,21 @@ import * as utilities from "../utilities"; * firebase: "enabled", * }, * }); - * const defaultProject = new gcp.firebase.Project("default", {project: _default.projectId}); + * const firebase = new gcp.projects.Service("firebase", { + * project: _default.projectId, + * service: "firebase.googleapis.com", + * disableOnDestroy: false, + * }); + * const defaultProject = new gcp.firebase.Project("default", {project: _default.projectId}, { + * dependsOn: [firebase], + * }); * const firebaseDatabase = new gcp.projects.Service("firebase_database", { * project: defaultProject.project, * service: "firebasedatabase.googleapis.com", + * disableOnDestroy: false, + * }); + * const wait60Seconds = new time.index.Sleep("wait_60_seconds", {createDuration: "60s"}, { + * dependsOn: [firebaseDatabase], * }); * const defaultDatabaseInstance = new gcp.firebase.DatabaseInstance("default", { * project: defaultProject.project, @@ -59,7 +71,7 @@ import * as utilities from "../utilities"; * instanceId: "rtdb-project-default-rtdb", * type: "DEFAULT_DATABASE", * }, { - * dependsOn: [firebaseDatabase], + * dependsOn: [wait60Seconds], * }); * ``` * diff --git a/sdk/nodejs/firebase/hostingVersion.ts b/sdk/nodejs/firebase/hostingVersion.ts index 7d0c0c01c4..a6fe2697dc 100644 --- a/sdk/nodejs/firebase/hostingVersion.ts +++ b/sdk/nodejs/firebase/hostingVersion.ts @@ -35,6 +35,60 @@ import * as utilities from "../utilities"; * message: "Redirect to Google", * }); * ``` + * ### Firebasehosting Version Headers + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const _default = new gcp.firebase.HostingSite("default", { + * project: "my-project-name", + * siteId: "site-id", + * }); + * const defaultHostingVersion = new gcp.firebase.HostingVersion("default", { + * siteId: _default.siteId, + * config: { + * headers: [{ + * glob: "/headers/**", + * headers: { + * "my-header": "my-value", + * }, + * }], + * }, + * }); + * const defaultHostingRelease = new gcp.firebase.HostingRelease("default", { + * siteId: _default.siteId, + * versionName: defaultHostingVersion.name, + * message: "With custom headers", + * }); + * ``` + * ### Firebasehosting Version Headers Regex + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const _default = new gcp.firebase.HostingSite("default", { + * project: "my-project-name", + * siteId: "site-id", + * }); + * const defaultHostingVersion = new gcp.firebase.HostingVersion("default", { + * siteId: _default.siteId, + * config: { + * headers: [{ + * regex: "^~/headers$", + * headers: { + * "my-header": "my-value", + * }, + * }], + * }, + * }); + * const defaultHostingRelease = new gcp.firebase.HostingRelease("default", { + * siteId: _default.siteId, + * versionName: defaultHostingVersion.name, + * message: "With custom headers", + * }); + * ``` * ### Firebasehosting Version Path * * ```typescript diff --git a/sdk/nodejs/firebase/project.ts b/sdk/nodejs/firebase/project.ts index c3a73e9a85..4c8cccad58 100644 --- a/sdk/nodejs/firebase/project.ts +++ b/sdk/nodejs/firebase/project.ts @@ -5,7 +5,7 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; /** - * A Google Cloud Firebase instance. This enables Firebase resources on a given google project. + * A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project. * Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP * identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. * Once Firebase has been added to a Google Project it cannot be removed. @@ -96,7 +96,7 @@ export class Project extends pulumi.CustomResource { */ public readonly project!: pulumi.Output; /** - * The number of the google project that firebase is enabled on. + * The number of the Google Project that Firebase is enabled on. */ public /*out*/ readonly projectNumber!: pulumi.Output; @@ -141,7 +141,7 @@ export interface ProjectState { */ project?: pulumi.Input; /** - * The number of the google project that firebase is enabled on. + * The number of the Google Project that Firebase is enabled on. */ projectNumber?: pulumi.Input; } diff --git a/sdk/nodejs/identityplatform/config.ts b/sdk/nodejs/identityplatform/config.ts index c80542165e..8d131b7059 100644 --- a/sdk/nodejs/identityplatform/config.ts +++ b/sdk/nodejs/identityplatform/config.ts @@ -84,7 +84,7 @@ import * as utilities from "../utilities"; * quota: { * signUpQuotaConfig: { * quota: 1000, - * startTime: "", + * startTime: "2014-10-02T15:01:23Z", * quotaDuration: "7200s", * }, * }, diff --git a/sdk/nodejs/looker/instance.ts b/sdk/nodejs/looker/instance.ts index 8bc02206de..d641286e4f 100644 --- a/sdk/nodejs/looker/instance.ts +++ b/sdk/nodejs/looker/instance.ts @@ -367,8 +367,11 @@ export class Instance extends pulumi.CustomResource { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] */ public readonly platformEdition!: pulumi.Output; /** @@ -567,8 +570,11 @@ export interface InstanceState { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] */ platformEdition?: pulumi.Input; /** @@ -667,8 +673,11 @@ export interface InstanceArgs { * these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard * instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - * LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - * Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - * "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + * - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + * nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + * value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + * "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + * "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] */ platformEdition?: pulumi.Input; /** diff --git a/sdk/nodejs/networksecurity/authzPolicy.ts b/sdk/nodejs/networksecurity/authzPolicy.ts new file mode 100644 index 0000000000..97f90b8f39 --- /dev/null +++ b/sdk/nodejs/networksecurity/authzPolicy.ts @@ -0,0 +1,434 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. + * + * To get more information about AuthzPolicy, see: + * + * * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies) + * + * ## Example Usage + * + * ### Network Services Authz Policy Advanced + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const _default = new gcp.compute.Network("default", { + * name: "lb-network", + * project: "my-project-name", + * autoCreateSubnetworks: false, + * }); + * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { + * name: "backend-subnet", + * project: "my-project-name", + * region: "us-west1", + * ipCidrRange: "10.1.2.0/24", + * network: _default.id, + * }); + * const proxyOnly = new gcp.compute.Subnetwork("proxy_only", { + * name: "proxy-only-subnet", + * project: "my-project-name", + * region: "us-west1", + * ipCidrRange: "10.129.0.0/23", + * purpose: "REGIONAL_MANAGED_PROXY", + * role: "ACTIVE", + * network: _default.id, + * }); + * const defaultAddress = new gcp.compute.Address("default", { + * name: "l7-ilb-ip-address", + * project: "my-project-name", + * region: "us-west1", + * subnetwork: defaultSubnetwork.id, + * addressType: "INTERNAL", + * purpose: "GCE_ENDPOINT", + * }); + * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { + * name: "l7-ilb-basic-check", + * project: "my-project-name", + * region: "us-west1", + * httpHealthCheck: { + * portSpecification: "USE_SERVING_PORT", + * }, + * }); + * const urlMap = new gcp.compute.RegionBackendService("url_map", { + * name: "l7-ilb-backend-service", + * project: "my-project-name", + * region: "us-west1", + * loadBalancingScheme: "INTERNAL_MANAGED", + * healthChecks: defaultRegionHealthCheck.id, + * }); + * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { + * name: "l7-ilb-map", + * project: "my-project-name", + * region: "us-west1", + * defaultService: urlMap.id, + * }); + * const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", { + * name: "l7-ilb-proxy", + * project: "my-project-name", + * region: "us-west1", + * urlMap: defaultRegionUrlMap.id, + * }); + * const defaultForwardingRule = new gcp.compute.ForwardingRule("default", { + * name: "l7-ilb-forwarding-rule", + * project: "my-project-name", + * region: "us-west1", + * loadBalancingScheme: "INTERNAL_MANAGED", + * network: _default.id, + * subnetwork: defaultSubnetwork.id, + * ipProtocol: "TCP", + * portRange: "80", + * target: defaultRegionTargetHttpProxy.id, + * ipAddress: defaultAddress.id, + * }, { + * dependsOn: [proxyOnly], + * }); + * const authzExtension = new gcp.compute.RegionBackendService("authz_extension", { + * name: "authz-service", + * project: "my-project-name", + * region: "us-west1", + * protocol: "HTTP2", + * loadBalancingScheme: "INTERNAL_MANAGED", + * portName: "grpc", + * }); + * const defaultAuthzExtension = new gcp.networkservices.AuthzExtension("default", { + * name: "my-authz-ext", + * project: "my-project-name", + * location: "us-west1", + * description: "my description", + * loadBalancingScheme: "INTERNAL_MANAGED", + * authority: "ext11.com", + * service: authzExtension.selfLink, + * timeout: "0.1s", + * failOpen: false, + * forwardHeaders: ["Authorization"], + * }); + * const defaultAuthzPolicy = new gcp.networksecurity.AuthzPolicy("default", { + * name: "my-authz-policy", + * project: "my-project-name", + * location: "us-west1", + * description: "my description", + * target: { + * loadBalancingScheme: "INTERNAL_MANAGED", + * resources: [defaultForwardingRule.selfLink], + * }, + * action: "CUSTOM", + * customProvider: { + * authzExtension: { + * resources: [defaultAuthzExtension.id], + * }, + * }, + * }); + * ``` + * + * ## Import + * + * AuthzPolicy can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}` + * + * * `{{project}}/{{location}}/{{name}}` + * + * * `{{location}}/{{name}}` + * + * * `{{name}}` + * + * When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}} + * ``` + */ +export class AuthzPolicy extends pulumi.CustomResource { + /** + * Get an existing AuthzPolicy resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: AuthzPolicyState, opts?: pulumi.CustomResourceOptions): AuthzPolicy { + return new AuthzPolicy(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:networksecurity/authzPolicy:AuthzPolicy'; + + /** + * Returns true if the given object is an instance of AuthzPolicy. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is AuthzPolicy { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === AuthzPolicy.__pulumiType; + } + + /** + * When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + */ + public readonly action!: pulumi.Output; + /** + * The timestamp when the resource was created. + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + */ + public readonly customProvider!: pulumi.Output; + /** + * A human-readable description of the resource. + */ + public readonly description!: pulumi.Output; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + public /*out*/ readonly effectiveLabels!: pulumi.Output<{[key: string]: string}>; + /** + * A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + */ + public readonly httpRules!: pulumi.Output; + /** + * Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + */ + public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * The location of the resource. + */ + public readonly location!: pulumi.Output; + /** + * Identifier. Name of the AuthzPolicy resource. + */ + public readonly name!: pulumi.Output; + public readonly project!: pulumi.Output; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + public /*out*/ readonly pulumiLabels!: pulumi.Output<{[key: string]: string}>; + /** + * Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + */ + public readonly target!: pulumi.Output; + /** + * The timestamp when the resource was updated. + */ + public /*out*/ readonly updateTime!: pulumi.Output; + + /** + * Create a AuthzPolicy resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: AuthzPolicyArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: AuthzPolicyArgs | AuthzPolicyState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as AuthzPolicyState | undefined; + resourceInputs["action"] = state ? state.action : undefined; + resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["customProvider"] = state ? state.customProvider : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; + resourceInputs["httpRules"] = state ? state.httpRules : undefined; + resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined; + resourceInputs["target"] = state ? state.target : undefined; + resourceInputs["updateTime"] = state ? state.updateTime : undefined; + } else { + const args = argsOrState as AuthzPolicyArgs | undefined; + if ((!args || args.action === undefined) && !opts.urn) { + throw new Error("Missing required property 'action'"); + } + if ((!args || args.location === undefined) && !opts.urn) { + throw new Error("Missing required property 'location'"); + } + if ((!args || args.target === undefined) && !opts.urn) { + throw new Error("Missing required property 'target'"); + } + resourceInputs["action"] = args ? args.action : undefined; + resourceInputs["customProvider"] = args ? args.customProvider : undefined; + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["httpRules"] = args ? args.httpRules : undefined; + resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["target"] = args ? args.target : undefined; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["effectiveLabels"] = undefined /*out*/; + resourceInputs["pulumiLabels"] = undefined /*out*/; + resourceInputs["updateTime"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(AuthzPolicy.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering AuthzPolicy resources. + */ +export interface AuthzPolicyState { + /** + * When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + */ + action?: pulumi.Input; + /** + * The timestamp when the resource was created. + */ + createTime?: pulumi.Input; + /** + * Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + */ + customProvider?: pulumi.Input; + /** + * A human-readable description of the resource. + */ + description?: pulumi.Input; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + effectiveLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + */ + httpRules?: pulumi.Input[]>; + /** + * Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * The location of the resource. + */ + location?: pulumi.Input; + /** + * Identifier. Name of the AuthzPolicy resource. + */ + name?: pulumi.Input; + project?: pulumi.Input; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + pulumiLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + */ + target?: pulumi.Input; + /** + * The timestamp when the resource was updated. + */ + updateTime?: pulumi.Input; +} + +/** + * The set of arguments for constructing a AuthzPolicy resource. + */ +export interface AuthzPolicyArgs { + /** + * When the action is CUSTOM, customProvider must be specified. + * When the action is ALLOW, only requests matching the policy will be allowed. + * When the action is DENY, only requests matching the policy will be denied. + * When a request arrives, the policies are evaluated in the following order: + * 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + * 2. If there are any DENY policies that match the request, the request is denied. + * 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + * 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + * Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + */ + action: pulumi.Input; + /** + * Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + * of cloudIap or authzExtension must be specified. + */ + customProvider?: pulumi.Input; + /** + * A human-readable description of the resource. + */ + description?: pulumi.Input; + /** + * A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + * rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + * or Deny Action. Limited to 5 rules. + */ + httpRules?: pulumi.Input[]>; + /** + * Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + * manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + * present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * The location of the resource. + */ + location: pulumi.Input; + /** + * Identifier. Name of the AuthzPolicy resource. + */ + name?: pulumi.Input; + project?: pulumi.Input; + /** + * Specifies the set of resources to which this policy should be applied to. + * Structure is documented below. + */ + target: pulumi.Input; +} diff --git a/sdk/nodejs/networksecurity/index.ts b/sdk/nodejs/networksecurity/index.ts index 452f78e52f..92843f5fe1 100644 --- a/sdk/nodejs/networksecurity/index.ts +++ b/sdk/nodejs/networksecurity/index.ts @@ -30,6 +30,11 @@ export type AuthorizationPolicy = import("./authorizationPolicy").AuthorizationP export const AuthorizationPolicy: typeof import("./authorizationPolicy").AuthorizationPolicy = null as any; utilities.lazyLoad(exports, ["AuthorizationPolicy"], () => require("./authorizationPolicy")); +export { AuthzPolicyArgs, AuthzPolicyState } from "./authzPolicy"; +export type AuthzPolicy = import("./authzPolicy").AuthzPolicy; +export const AuthzPolicy: typeof import("./authzPolicy").AuthzPolicy = null as any; +utilities.lazyLoad(exports, ["AuthzPolicy"], () => require("./authzPolicy")); + export { ClientTlsPolicyArgs, ClientTlsPolicyState } from "./clientTlsPolicy"; export type ClientTlsPolicy = import("./clientTlsPolicy").ClientTlsPolicy; export const ClientTlsPolicy: typeof import("./clientTlsPolicy").ClientTlsPolicy = null as any; @@ -60,6 +65,16 @@ export const getAddressGroupIamPolicy: typeof import("./getAddressGroupIamPolicy export const getAddressGroupIamPolicyOutput: typeof import("./getAddressGroupIamPolicy").getAddressGroupIamPolicyOutput = null as any; utilities.lazyLoad(exports, ["getAddressGroupIamPolicy","getAddressGroupIamPolicyOutput"], () => require("./getAddressGroupIamPolicy")); +export { InterceptDeploymentArgs, InterceptDeploymentState } from "./interceptDeployment"; +export type InterceptDeployment = import("./interceptDeployment").InterceptDeployment; +export const InterceptDeployment: typeof import("./interceptDeployment").InterceptDeployment = null as any; +utilities.lazyLoad(exports, ["InterceptDeployment"], () => require("./interceptDeployment")); + +export { InterceptDeploymentGroupArgs, InterceptDeploymentGroupState } from "./interceptDeploymentGroup"; +export type InterceptDeploymentGroup = import("./interceptDeploymentGroup").InterceptDeploymentGroup; +export const InterceptDeploymentGroup: typeof import("./interceptDeploymentGroup").InterceptDeploymentGroup = null as any; +utilities.lazyLoad(exports, ["InterceptDeploymentGroup"], () => require("./interceptDeploymentGroup")); + export { MirroringDeploymentArgs, MirroringDeploymentState } from "./mirroringDeployment"; export type MirroringDeployment = import("./mirroringDeployment").MirroringDeployment; export const MirroringDeployment: typeof import("./mirroringDeployment").MirroringDeployment = null as any; @@ -120,6 +135,8 @@ const _module = { return new AddressGroupIamPolicy(name, undefined, { urn }) case "gcp:networksecurity/authorizationPolicy:AuthorizationPolicy": return new AuthorizationPolicy(name, undefined, { urn }) + case "gcp:networksecurity/authzPolicy:AuthzPolicy": + return new AuthzPolicy(name, undefined, { urn }) case "gcp:networksecurity/clientTlsPolicy:ClientTlsPolicy": return new ClientTlsPolicy(name, undefined, { urn }) case "gcp:networksecurity/firewallEndpoint:FirewallEndpoint": @@ -130,6 +147,10 @@ const _module = { return new GatewaySecurityPolicy(name, undefined, { urn }) case "gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule": return new GatewaySecurityPolicyRule(name, undefined, { urn }) + case "gcp:networksecurity/interceptDeployment:InterceptDeployment": + return new InterceptDeployment(name, undefined, { urn }) + case "gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup": + return new InterceptDeploymentGroup(name, undefined, { urn }) case "gcp:networksecurity/mirroringDeployment:MirroringDeployment": return new MirroringDeployment(name, undefined, { urn }) case "gcp:networksecurity/mirroringDeploymentGroup:MirroringDeploymentGroup": @@ -158,11 +179,14 @@ pulumi.runtime.registerResourceModule("gcp", "networksecurity/addressGroupIamBin pulumi.runtime.registerResourceModule("gcp", "networksecurity/addressGroupIamMember", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/addressGroupIamPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/authorizationPolicy", _module) +pulumi.runtime.registerResourceModule("gcp", "networksecurity/authzPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/clientTlsPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/firewallEndpoint", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/firewallEndpointAssociation", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/gatewaySecurityPolicy", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/gatewaySecurityPolicyRule", _module) +pulumi.runtime.registerResourceModule("gcp", "networksecurity/interceptDeployment", _module) +pulumi.runtime.registerResourceModule("gcp", "networksecurity/interceptDeploymentGroup", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/mirroringDeployment", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/mirroringDeploymentGroup", _module) pulumi.runtime.registerResourceModule("gcp", "networksecurity/mirroringEndpointGroup", _module) diff --git a/sdk/nodejs/networksecurity/interceptDeployment.ts b/sdk/nodejs/networksecurity/interceptDeployment.ts new file mode 100644 index 0000000000..0a75bbe451 --- /dev/null +++ b/sdk/nodejs/networksecurity/interceptDeployment.ts @@ -0,0 +1,369 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ### Network Security Intercept Deployment Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const network = new gcp.compute.Network("network", { + * name: "example-network", + * autoCreateSubnetworks: false, + * }); + * const subnetwork = new gcp.compute.Subnetwork("subnetwork", { + * name: "example-subnet", + * region: "us-central1", + * ipCidrRange: "10.1.0.0/16", + * network: network.name, + * }); + * const healthCheck = new gcp.compute.RegionHealthCheck("health_check", { + * name: "example-hc", + * region: "us-central1", + * httpHealthCheck: { + * port: 80, + * }, + * }); + * const backendService = new gcp.compute.RegionBackendService("backend_service", { + * name: "example-bs", + * region: "us-central1", + * healthChecks: healthCheck.id, + * protocol: "UDP", + * loadBalancingScheme: "INTERNAL", + * }); + * const forwardingRule = new gcp.compute.ForwardingRule("forwarding_rule", { + * name: "example-fwr", + * region: "us-central1", + * network: network.name, + * subnetwork: subnetwork.name, + * backendService: backendService.id, + * loadBalancingScheme: "INTERNAL", + * ports: ["6081"], + * ipProtocol: "UDP", + * }); + * const deploymentGroup = new gcp.networksecurity.InterceptDeploymentGroup("deployment_group", { + * interceptDeploymentGroupId: "example-dg", + * location: "global", + * network: network.id, + * }); + * const _default = new gcp.networksecurity.InterceptDeployment("default", { + * interceptDeploymentId: "example-deployment", + * location: "us-central1-a", + * forwardingRule: forwardingRule.id, + * interceptDeploymentGroup: deploymentGroup.id, + * labels: { + * foo: "bar", + * }, + * }); + * ``` + * + * ## Import + * + * InterceptDeployment can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` + * + * * `{{project}}/{{location}}/{{intercept_deployment_id}}` + * + * * `{{location}}/{{intercept_deployment_id}}` + * + * When using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}} + * ``` + */ +export class InterceptDeployment extends pulumi.CustomResource { + /** + * Get an existing InterceptDeployment resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: InterceptDeploymentState, opts?: pulumi.CustomResourceOptions): InterceptDeployment { + return new InterceptDeployment(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:networksecurity/interceptDeployment:InterceptDeployment'; + + /** + * Returns true if the given object is an instance of InterceptDeployment. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is InterceptDeployment { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === InterceptDeployment.__pulumiType; + } + + /** + * Create time stamp + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + public /*out*/ readonly effectiveLabels!: pulumi.Output<{[key: string]: string}>; + /** + * Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + */ + public readonly forwardingRule!: pulumi.Output; + /** + * Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + */ + public readonly interceptDeploymentGroup!: pulumi.Output; + /** + * Id of the requesting object + * If auto-generating Id server-side, remove this field and + * interceptDeploymentId from the methodSignature of Create RPC + * + * + * - - - + */ + public readonly interceptDeploymentId!: pulumi.Output; + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + */ + public readonly location!: pulumi.Output; + /** + * Identifier. The name of the InterceptDeployment. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + public readonly project!: pulumi.Output; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + public /*out*/ readonly pulumiLabels!: pulumi.Output<{[key: string]: string}>; + /** + * Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + */ + public /*out*/ readonly reconciling!: pulumi.Output; + /** + * Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + */ + public /*out*/ readonly state!: pulumi.Output; + /** + * Update time stamp + */ + public /*out*/ readonly updateTime!: pulumi.Output; + + /** + * Create a InterceptDeployment resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: InterceptDeploymentArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: InterceptDeploymentArgs | InterceptDeploymentState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as InterceptDeploymentState | undefined; + resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; + resourceInputs["forwardingRule"] = state ? state.forwardingRule : undefined; + resourceInputs["interceptDeploymentGroup"] = state ? state.interceptDeploymentGroup : undefined; + resourceInputs["interceptDeploymentId"] = state ? state.interceptDeploymentId : undefined; + resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined; + resourceInputs["reconciling"] = state ? state.reconciling : undefined; + resourceInputs["state"] = state ? state.state : undefined; + resourceInputs["updateTime"] = state ? state.updateTime : undefined; + } else { + const args = argsOrState as InterceptDeploymentArgs | undefined; + if ((!args || args.forwardingRule === undefined) && !opts.urn) { + throw new Error("Missing required property 'forwardingRule'"); + } + if ((!args || args.interceptDeploymentGroup === undefined) && !opts.urn) { + throw new Error("Missing required property 'interceptDeploymentGroup'"); + } + if ((!args || args.interceptDeploymentId === undefined) && !opts.urn) { + throw new Error("Missing required property 'interceptDeploymentId'"); + } + if ((!args || args.location === undefined) && !opts.urn) { + throw new Error("Missing required property 'location'"); + } + resourceInputs["forwardingRule"] = args ? args.forwardingRule : undefined; + resourceInputs["interceptDeploymentGroup"] = args ? args.interceptDeploymentGroup : undefined; + resourceInputs["interceptDeploymentId"] = args ? args.interceptDeploymentId : undefined; + resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["effectiveLabels"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["pulumiLabels"] = undefined /*out*/; + resourceInputs["reconciling"] = undefined /*out*/; + resourceInputs["state"] = undefined /*out*/; + resourceInputs["updateTime"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(InterceptDeployment.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering InterceptDeployment resources. + */ +export interface InterceptDeploymentState { + /** + * Create time stamp + */ + createTime?: pulumi.Input; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + effectiveLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + */ + forwardingRule?: pulumi.Input; + /** + * Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + */ + interceptDeploymentGroup?: pulumi.Input; + /** + * Id of the requesting object + * If auto-generating Id server-side, remove this field and + * interceptDeploymentId from the methodSignature of Create RPC + * + * + * - - - + */ + interceptDeploymentId?: pulumi.Input; + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + */ + location?: pulumi.Input; + /** + * Identifier. The name of the InterceptDeployment. + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + pulumiLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + */ + reconciling?: pulumi.Input; + /** + * Current state of the deployment. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + * OUT_OF_SYNC + * DELETE_FAILED + */ + state?: pulumi.Input; + /** + * Update time stamp + */ + updateTime?: pulumi.Input; +} + +/** + * The set of arguments for constructing a InterceptDeployment resource. + */ +export interface InterceptDeploymentArgs { + /** + * Immutable. The regional load balancer which the intercepted traffic should be forwarded + * to. Format is: + * projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + */ + forwardingRule: pulumi.Input; + /** + * Immutable. The Intercept Deployment Group that this resource is part of. Format is: + * `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + */ + interceptDeploymentGroup: pulumi.Input; + /** + * Id of the requesting object + * If auto-generating Id server-side, remove this field and + * interceptDeploymentId from the methodSignature of Create RPC + * + * + * - - - + */ + interceptDeploymentId: pulumi.Input; + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + */ + location: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; +} diff --git a/sdk/nodejs/networksecurity/interceptDeploymentGroup.ts b/sdk/nodejs/networksecurity/interceptDeploymentGroup.ts new file mode 100644 index 0000000000..33392b83c0 --- /dev/null +++ b/sdk/nodejs/networksecurity/interceptDeploymentGroup.ts @@ -0,0 +1,322 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as utilities from "../utilities"; + +/** + * ## Example Usage + * + * ### Network Security Intercept Deployment Group Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const network = new gcp.compute.Network("network", { + * name: "example-network", + * autoCreateSubnetworks: false, + * }); + * const _default = new gcp.networksecurity.InterceptDeploymentGroup("default", { + * interceptDeploymentGroupId: "example-dg", + * location: "global", + * network: network.id, + * labels: { + * foo: "bar", + * }, + * }); + * ``` + * + * ## Import + * + * InterceptDeploymentGroup can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}` + * + * * `{{project}}/{{location}}/{{intercept_deployment_group_id}}` + * + * * `{{location}}/{{intercept_deployment_group_id}}` + * + * When using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}} + * ``` + * + * ```sh + * $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}} + * ``` + */ +export class InterceptDeploymentGroup extends pulumi.CustomResource { + /** + * Get an existing InterceptDeploymentGroup resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: InterceptDeploymentGroupState, opts?: pulumi.CustomResourceOptions): InterceptDeploymentGroup { + return new InterceptDeploymentGroup(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup'; + + /** + * Returns true if the given object is an instance of InterceptDeploymentGroup. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is InterceptDeploymentGroup { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === InterceptDeploymentGroup.__pulumiType; + } + + /** + * Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + */ + public /*out*/ readonly connectedEndpointGroups!: pulumi.Output; + /** + * Output only. [Output only] Create time stamp + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + public /*out*/ readonly effectiveLabels!: pulumi.Output<{[key: string]: string}>; + /** + * Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * interceptDeploymentGroupId from the methodSignature of Create RPC + * + * + * - - - + */ + public readonly interceptDeploymentGroupId!: pulumi.Output; + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + */ + public readonly location!: pulumi.Output; + /** + * (Output) + * Output only. A connected intercept endpoint group. + */ + public /*out*/ readonly name!: pulumi.Output; + /** + * Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + */ + public readonly network!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + public readonly project!: pulumi.Output; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + public /*out*/ readonly pulumiLabels!: pulumi.Output<{[key: string]: string}>; + /** + * Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + */ + public /*out*/ readonly reconciling!: pulumi.Output; + /** + * Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + */ + public /*out*/ readonly state!: pulumi.Output; + /** + * Output only. [Output only] Update time stamp + */ + public /*out*/ readonly updateTime!: pulumi.Output; + + /** + * Create a InterceptDeploymentGroup resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: InterceptDeploymentGroupArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: InterceptDeploymentGroupArgs | InterceptDeploymentGroupState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as InterceptDeploymentGroupState | undefined; + resourceInputs["connectedEndpointGroups"] = state ? state.connectedEndpointGroups : undefined; + resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; + resourceInputs["interceptDeploymentGroupId"] = state ? state.interceptDeploymentGroupId : undefined; + resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["network"] = state ? state.network : undefined; + resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined; + resourceInputs["reconciling"] = state ? state.reconciling : undefined; + resourceInputs["state"] = state ? state.state : undefined; + resourceInputs["updateTime"] = state ? state.updateTime : undefined; + } else { + const args = argsOrState as InterceptDeploymentGroupArgs | undefined; + if ((!args || args.interceptDeploymentGroupId === undefined) && !opts.urn) { + throw new Error("Missing required property 'interceptDeploymentGroupId'"); + } + if ((!args || args.location === undefined) && !opts.urn) { + throw new Error("Missing required property 'location'"); + } + if ((!args || args.network === undefined) && !opts.urn) { + throw new Error("Missing required property 'network'"); + } + resourceInputs["interceptDeploymentGroupId"] = args ? args.interceptDeploymentGroupId : undefined; + resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["network"] = args ? args.network : undefined; + resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["connectedEndpointGroups"] = undefined /*out*/; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["effectiveLabels"] = undefined /*out*/; + resourceInputs["name"] = undefined /*out*/; + resourceInputs["pulumiLabels"] = undefined /*out*/; + resourceInputs["reconciling"] = undefined /*out*/; + resourceInputs["state"] = undefined /*out*/; + resourceInputs["updateTime"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(InterceptDeploymentGroup.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering InterceptDeploymentGroup resources. + */ +export interface InterceptDeploymentGroupState { + /** + * Output only. The list of Intercept Endpoint Groups that are connected to this resource. + * Structure is documented below. + */ + connectedEndpointGroups?: pulumi.Input[]>; + /** + * Output only. [Output only] Create time stamp + */ + createTime?: pulumi.Input; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + effectiveLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * interceptDeploymentGroupId from the methodSignature of Create RPC + * + * + * - - - + */ + interceptDeploymentGroupId?: pulumi.Input; + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + */ + location?: pulumi.Input; + /** + * (Output) + * Output only. A connected intercept endpoint group. + */ + name?: pulumi.Input; + /** + * Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + */ + network?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + pulumiLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Output only. Whether reconciling is in progress, recommended per + * https://google.aip.dev/128. + */ + reconciling?: pulumi.Input; + /** + * Output only. Current state of the deployment group. + * Possible values: + * STATE_UNSPECIFIED + * ACTIVE + * CREATING + * DELETING + */ + state?: pulumi.Input; + /** + * Output only. [Output only] Update time stamp + */ + updateTime?: pulumi.Input; +} + +/** + * The set of arguments for constructing a InterceptDeploymentGroup resource. + */ +export interface InterceptDeploymentGroupArgs { + /** + * Required. Id of the requesting object + * If auto-generating Id server-side, remove this field and + * interceptDeploymentGroupId from the methodSignature of Create RPC + * + * + * - - - + */ + interceptDeploymentGroupId: pulumi.Input; + /** + * Optional. Labels as key value pairs + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + */ + location: pulumi.Input; + /** + * Required. Immutable. The network that is being used for the deployment. Format is: + * projects/{project}/global/networks/{network}. + */ + network: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; +} diff --git a/sdk/nodejs/networkservices/authzExtension.ts b/sdk/nodejs/networkservices/authzExtension.ts new file mode 100644 index 0000000000..4a9f6b7134 --- /dev/null +++ b/sdk/nodejs/networkservices/authzExtension.ts @@ -0,0 +1,426 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as utilities from "../utilities"; + +/** + * AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. + * + * To get more information about AuthzExtension, see: + * + * * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions) + * + * ## Example Usage + * + * ### Network Services Authz Extension Basic + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const _default = new gcp.compute.RegionBackendService("default", { + * name: "authz-service", + * project: "my-project-name", + * region: "us-west1", + * protocol: "HTTP2", + * loadBalancingScheme: "INTERNAL_MANAGED", + * portName: "grpc", + * }); + * const defaultAuthzExtension = new gcp.networkservices.AuthzExtension("default", { + * name: "my-authz-ext", + * project: "my-project-name", + * location: "us-west1", + * description: "my description", + * loadBalancingScheme: "INTERNAL_MANAGED", + * authority: "ext11.com", + * service: _default.selfLink, + * timeout: "0.1s", + * failOpen: false, + * forwardHeaders: ["Authorization"], + * }); + * ``` + * + * ## Import + * + * AuthzExtension can be imported using any of these accepted formats: + * + * * `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}` + * + * * `{{project}}/{{location}}/{{name}}` + * + * * `{{location}}/{{name}}` + * + * * `{{name}}` + * + * When using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example: + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}} + * ``` + * + * ```sh + * $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}} + * ``` + */ +export class AuthzExtension extends pulumi.CustomResource { + /** + * Get an existing AuthzExtension resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param state Any extra arguments used during the lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, state?: AuthzExtensionState, opts?: pulumi.CustomResourceOptions): AuthzExtension { + return new AuthzExtension(name, state, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'gcp:networkservices/authzExtension:AuthzExtension'; + + /** + * Returns true if the given object is an instance of AuthzExtension. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is AuthzExtension { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === AuthzExtension.__pulumiType; + } + + /** + * The :authority header in the gRPC request sent from Envoy to the extension service. + */ + public readonly authority!: pulumi.Output; + /** + * The timestamp when the resource was created. + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * A human-readable description of the resource. + */ + public readonly description!: pulumi.Output; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + public /*out*/ readonly effectiveLabels!: pulumi.Output<{[key: string]: string}>; + /** + * Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + */ + public readonly failOpen!: pulumi.Output; + /** + * List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + */ + public readonly forwardHeaders!: pulumi.Output; + /** + * Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + public readonly labels!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + */ + public readonly loadBalancingScheme!: pulumi.Output; + /** + * The location of the resource. + * + * + * - - - + */ + public readonly location!: pulumi.Output; + /** + * The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + */ + public readonly metadata!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * Identifier. Name of the AuthzExtension resource. + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + public readonly project!: pulumi.Output; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + public /*out*/ readonly pulumiLabels!: pulumi.Output<{[key: string]: string}>; + /** + * The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + */ + public readonly service!: pulumi.Output; + /** + * Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + */ + public readonly timeout!: pulumi.Output; + /** + * The timestamp when the resource was updated. + */ + public /*out*/ readonly updateTime!: pulumi.Output; + /** + * The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + */ + public readonly wireFormat!: pulumi.Output; + + /** + * Create a AuthzExtension resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: AuthzExtensionArgs, opts?: pulumi.CustomResourceOptions) + constructor(name: string, argsOrState?: AuthzExtensionArgs | AuthzExtensionState, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (opts.id) { + const state = argsOrState as AuthzExtensionState | undefined; + resourceInputs["authority"] = state ? state.authority : undefined; + resourceInputs["createTime"] = state ? state.createTime : undefined; + resourceInputs["description"] = state ? state.description : undefined; + resourceInputs["effectiveLabels"] = state ? state.effectiveLabels : undefined; + resourceInputs["failOpen"] = state ? state.failOpen : undefined; + resourceInputs["forwardHeaders"] = state ? state.forwardHeaders : undefined; + resourceInputs["labels"] = state ? state.labels : undefined; + resourceInputs["loadBalancingScheme"] = state ? state.loadBalancingScheme : undefined; + resourceInputs["location"] = state ? state.location : undefined; + resourceInputs["metadata"] = state ? state.metadata : undefined; + resourceInputs["name"] = state ? state.name : undefined; + resourceInputs["project"] = state ? state.project : undefined; + resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined; + resourceInputs["service"] = state ? state.service : undefined; + resourceInputs["timeout"] = state ? state.timeout : undefined; + resourceInputs["updateTime"] = state ? state.updateTime : undefined; + resourceInputs["wireFormat"] = state ? state.wireFormat : undefined; + } else { + const args = argsOrState as AuthzExtensionArgs | undefined; + if ((!args || args.authority === undefined) && !opts.urn) { + throw new Error("Missing required property 'authority'"); + } + if ((!args || args.loadBalancingScheme === undefined) && !opts.urn) { + throw new Error("Missing required property 'loadBalancingScheme'"); + } + if ((!args || args.location === undefined) && !opts.urn) { + throw new Error("Missing required property 'location'"); + } + if ((!args || args.service === undefined) && !opts.urn) { + throw new Error("Missing required property 'service'"); + } + if ((!args || args.timeout === undefined) && !opts.urn) { + throw new Error("Missing required property 'timeout'"); + } + resourceInputs["authority"] = args ? args.authority : undefined; + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["failOpen"] = args ? args.failOpen : undefined; + resourceInputs["forwardHeaders"] = args ? args.forwardHeaders : undefined; + resourceInputs["labels"] = args ? args.labels : undefined; + resourceInputs["loadBalancingScheme"] = args ? args.loadBalancingScheme : undefined; + resourceInputs["location"] = args ? args.location : undefined; + resourceInputs["metadata"] = args ? args.metadata : undefined; + resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["project"] = args ? args.project : undefined; + resourceInputs["service"] = args ? args.service : undefined; + resourceInputs["timeout"] = args ? args.timeout : undefined; + resourceInputs["wireFormat"] = args ? args.wireFormat : undefined; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["effectiveLabels"] = undefined /*out*/; + resourceInputs["pulumiLabels"] = undefined /*out*/; + resourceInputs["updateTime"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const secretOpts = { additionalSecretOutputs: ["effectiveLabels", "pulumiLabels"] }; + opts = pulumi.mergeOptions(opts, secretOpts); + super(AuthzExtension.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * Input properties used for looking up and filtering AuthzExtension resources. + */ +export interface AuthzExtensionState { + /** + * The :authority header in the gRPC request sent from Envoy to the extension service. + */ + authority?: pulumi.Input; + /** + * The timestamp when the resource was created. + */ + createTime?: pulumi.Input; + /** + * A human-readable description of the resource. + */ + description?: pulumi.Input; + /** + * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + */ + effectiveLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + */ + failOpen?: pulumi.Input; + /** + * List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + */ + forwardHeaders?: pulumi.Input[]>; + /** + * Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + */ + loadBalancingScheme?: pulumi.Input; + /** + * The location of the resource. + * + * + * - - - + */ + location?: pulumi.Input; + /** + * The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + */ + metadata?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Identifier. Name of the AuthzExtension resource. + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; + /** + * The combination of labels configured directly on the resource + * and default labels configured on the provider. + */ + pulumiLabels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + */ + service?: pulumi.Input; + /** + * Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + */ + timeout?: pulumi.Input; + /** + * The timestamp when the resource was updated. + */ + updateTime?: pulumi.Input; + /** + * The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + */ + wireFormat?: pulumi.Input; +} + +/** + * The set of arguments for constructing a AuthzExtension resource. + */ +export interface AuthzExtensionArgs { + /** + * The :authority header in the gRPC request sent from Envoy to the extension service. + */ + authority: pulumi.Input; + /** + * A human-readable description of the resource. + */ + description?: pulumi.Input; + /** + * Determines how the proxy behaves if the call to the extension fails or times out. + * When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + */ + failOpen?: pulumi.Input; + /** + * List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + */ + forwardHeaders?: pulumi.Input[]>; + /** + * Set of labels associated with the AuthzExtension resource. + * + * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + * Please refer to the field `effectiveLabels` for all of the labels present on the resource. + */ + labels?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + */ + loadBalancingScheme: pulumi.Input; + /** + * The location of the resource. + * + * + * - - - + */ + location: pulumi.Input; + /** + * The metadata provided here is included as part of the metadataContext (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + * {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + */ + metadata?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * Identifier. Name of the AuthzExtension resource. + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the provider project is used. + */ + project?: pulumi.Input; + /** + * The reference to the service that runs the extension. + * To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + * https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + */ + service: pulumi.Input; + /** + * Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + */ + timeout: pulumi.Input; + /** + * The format of communication supported by the callout extension. + * Default value is `EXT_PROC_GRPC`. + * Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + */ + wireFormat?: pulumi.Input; +} diff --git a/sdk/nodejs/networkservices/index.ts b/sdk/nodejs/networkservices/index.ts index 75e5772746..0f916286e1 100644 --- a/sdk/nodejs/networkservices/index.ts +++ b/sdk/nodejs/networkservices/index.ts @@ -5,6 +5,11 @@ import * as pulumi from "@pulumi/pulumi"; import * as utilities from "../utilities"; // Export members: +export { AuthzExtensionArgs, AuthzExtensionState } from "./authzExtension"; +export type AuthzExtension = import("./authzExtension").AuthzExtension; +export const AuthzExtension: typeof import("./authzExtension").AuthzExtension = null as any; +utilities.lazyLoad(exports, ["AuthzExtension"], () => require("./authzExtension")); + export { EdgeCacheKeysetArgs, EdgeCacheKeysetState } from "./edgeCacheKeyset"; export type EdgeCacheKeyset = import("./edgeCacheKeyset").EdgeCacheKeyset; export const EdgeCacheKeyset: typeof import("./edgeCacheKeyset").EdgeCacheKeyset = null as any; @@ -80,6 +85,8 @@ const _module = { version: utilities.getVersion(), construct: (name: string, type: string, urn: string): pulumi.Resource => { switch (type) { + case "gcp:networkservices/authzExtension:AuthzExtension": + return new AuthzExtension(name, undefined, { urn }) case "gcp:networkservices/edgeCacheKeyset:EdgeCacheKeyset": return new EdgeCacheKeyset(name, undefined, { urn }) case "gcp:networkservices/edgeCacheOrigin:EdgeCacheOrigin": @@ -113,6 +120,7 @@ const _module = { } }, }; +pulumi.runtime.registerResourceModule("gcp", "networkservices/authzExtension", _module) pulumi.runtime.registerResourceModule("gcp", "networkservices/edgeCacheKeyset", _module) pulumi.runtime.registerResourceModule("gcp", "networkservices/edgeCacheOrigin", _module) pulumi.runtime.registerResourceModule("gcp", "networkservices/edgeCacheService", _module) diff --git a/sdk/nodejs/oracledatabase/autonomousDatabase.ts b/sdk/nodejs/oracledatabase/autonomousDatabase.ts index a6c31b569d..b09e367c1f 100644 --- a/sdk/nodejs/oracledatabase/autonomousDatabase.ts +++ b/sdk/nodejs/oracledatabase/autonomousDatabase.ts @@ -31,7 +31,7 @@ import * as utilities from "../utilities"; * autonomousDatabaseId: "my-instance", * location: "us-east4", * project: "my-project", - * database: "testdb", + * database: "mydatabase", * adminPassword: "123Abpassword", * network: _default.then(_default => _default.id), * cidr: "10.5.0.0/24", @@ -60,7 +60,7 @@ import * as utilities from "../utilities"; * location: "us-east4", * project: "my-project", * displayName: "autonomousDatabase displayname", - * database: "testdatabase", + * database: "mydatabase", * adminPassword: "123Abpassword", * network: _default.then(_default => _default.id), * cidr: "10.5.0.0/24", diff --git a/sdk/nodejs/orgpolicy/policy.ts b/sdk/nodejs/orgpolicy/policy.ts index 14e253ea40..9cd191fbfe 100644 --- a/sdk/nodejs/orgpolicy/policy.ts +++ b/sdk/nodejs/orgpolicy/policy.ts @@ -31,8 +31,8 @@ import * as utilities from "../utilities"; * deletionPolicy: "DELETE", * }); * const primary = new gcp.orgpolicy.Policy("primary", { - * name: pulumi.interpolate`projects/${basic.name}/policies/iam.disableServiceAccountKeyUpload`, - * parent: pulumi.interpolate`projects/${basic.name}`, + * name: pulumi.interpolate`projects/${basic.projectId}/policies/iam.disableServiceAccountKeyUpload`, + * parent: pulumi.interpolate`projects/${basic.projectId}`, * spec: { * rules: [{ * enforce: "FALSE", @@ -89,8 +89,8 @@ import * as utilities from "../utilities"; * deletionPolicy: "DELETE", * }); * const primary = new gcp.orgpolicy.Policy("primary", { - * name: pulumi.interpolate`projects/${basic.name}/policies/gcp.resourceLocations`, - * parent: pulumi.interpolate`projects/${basic.name}`, + * name: pulumi.interpolate`projects/${basic.projectId}/policies/gcp.resourceLocations`, + * parent: pulumi.interpolate`projects/${basic.projectId}`, * spec: { * rules: [ * { @@ -145,6 +145,35 @@ import * as utilities from "../utilities"; * }, * }); * ``` + * ### Org Policy Policy Parameters Enforce + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const basic = new gcp.organizations.Project("basic", { + * projectId: "id", + * name: "id", + * orgId: "123456789", + * deletionPolicy: "DELETE", + * }); + * const primary = new gcp.orgpolicy.Policy("primary", { + * name: pulumi.interpolate`projects/${basic.name}/policies/compute.managed.restrictDiskCreation`, + * parent: pulumi.interpolate`projects/${basic.name}`, + * spec: { + * rules: [{ + * enforce: "TRUE", + * parameters: JSON.stringify({ + * isSizeLimitCheck: true, + * allowedDiskTypes: [ + * "pd-ssd", + * "pd-standard", + * ], + * }), + * }], + * }, + * }); + * ``` * * ## Import * diff --git a/sdk/nodejs/sql/databaseInstance.ts b/sdk/nodejs/sql/databaseInstance.ts index 5b6d5a046e..3003e275c7 100644 --- a/sdk/nodejs/sql/databaseInstance.ts +++ b/sdk/nodejs/sql/databaseInstance.ts @@ -263,8 +263,8 @@ export class DatabaseInstance extends pulumi.CustomResource { * The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -478,8 +478,8 @@ export interface DatabaseInstanceState { * The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -607,8 +607,8 @@ export interface DatabaseInstanceArgs { * The MySQL, PostgreSQL or * SQL Server version to use. Supported values include `MYSQL_5_6`, * `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - * `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + * `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + * `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. * `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, * `SQLSERVER_2019_WEB`. * [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/nodejs/tpu/v2vm.ts b/sdk/nodejs/tpu/v2vm.ts index bae4b04e44..0c2a938c6b 100644 --- a/sdk/nodejs/tpu/v2vm.ts +++ b/sdk/nodejs/tpu/v2vm.ts @@ -71,6 +71,7 @@ import * as utilities from "../utilities"; * enableExternalIps: true, * network: network.id, * subnetwork: subnet.id, + * queueCount: 32, * }, * schedulingConfig: { * preemptible: true, @@ -224,6 +225,12 @@ export class V2Vm extends pulumi.CustomResource { * Structure is documented below. */ public readonly networkConfig!: pulumi.Output; + /** + * Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + */ + public readonly networkConfigs!: pulumi.Output; /** * The network endpoints where TPU workers can be accessed and sent work. It is recommended that * runtime clients of the node reach out to the 0th entry in this map first. @@ -312,6 +319,7 @@ export class V2Vm extends pulumi.CustomResource { resourceInputs["multisliceNode"] = state ? state.multisliceNode : undefined; resourceInputs["name"] = state ? state.name : undefined; resourceInputs["networkConfig"] = state ? state.networkConfig : undefined; + resourceInputs["networkConfigs"] = state ? state.networkConfigs : undefined; resourceInputs["networkEndpoints"] = state ? state.networkEndpoints : undefined; resourceInputs["project"] = state ? state.project : undefined; resourceInputs["pulumiLabels"] = state ? state.pulumiLabels : undefined; @@ -338,6 +346,7 @@ export class V2Vm extends pulumi.CustomResource { resourceInputs["metadata"] = args ? args.metadata : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["networkConfig"] = args ? args.networkConfig : undefined; + resourceInputs["networkConfigs"] = args ? args.networkConfigs : undefined; resourceInputs["project"] = args ? args.project : undefined; resourceInputs["runtimeVersion"] = args ? args.runtimeVersion : undefined; resourceInputs["schedulingConfig"] = args ? args.schedulingConfig : undefined; @@ -435,6 +444,12 @@ export interface V2VmState { * Structure is documented below. */ networkConfig?: pulumi.Input; + /** + * Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + */ + networkConfigs?: pulumi.Input[]>; /** * The network endpoints where TPU workers can be accessed and sent work. It is recommended that * runtime clients of the node reach out to the 0th entry in this map first. @@ -549,6 +564,12 @@ export interface V2VmArgs { * Structure is documented below. */ networkConfig?: pulumi.Input; + /** + * Repeated network configurations for the TPU node. This field is used to specify multiple + * network configs for the TPU node. + * Structure is documented below. + */ + networkConfigs?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 4527986523..333d185a47 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -1097,6 +1097,7 @@ "networksecurity/addressGroupIamMember.ts", "networksecurity/addressGroupIamPolicy.ts", "networksecurity/authorizationPolicy.ts", + "networksecurity/authzPolicy.ts", "networksecurity/clientTlsPolicy.ts", "networksecurity/firewallEndpoint.ts", "networksecurity/firewallEndpointAssociation.ts", @@ -1104,6 +1105,8 @@ "networksecurity/gatewaySecurityPolicyRule.ts", "networksecurity/getAddressGroupIamPolicy.ts", "networksecurity/index.ts", + "networksecurity/interceptDeployment.ts", + "networksecurity/interceptDeploymentGroup.ts", "networksecurity/mirroringDeployment.ts", "networksecurity/mirroringDeploymentGroup.ts", "networksecurity/mirroringEndpointGroup.ts", @@ -1113,6 +1116,7 @@ "networksecurity/serverTlsPolicy.ts", "networksecurity/tlsInspectionPolicy.ts", "networksecurity/urlList.ts", + "networkservices/authzExtension.ts", "networkservices/edgeCacheKeyset.ts", "networkservices/edgeCacheOrigin.ts", "networkservices/edgeCacheService.ts", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index 3c9121db60..d4bf8dee7a 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -1387,13 +1387,6 @@ export namespace accesscontextmanager { * behavior. */ description?: pulumi.Input; - /** - * (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - */ - etag?: pulumi.Input; /** * Resource name for the ServicePerimeter. The shortName component must * begin with a letter and only include alphanumeric and '_'. @@ -51299,6 +51292,12 @@ export namespace firebase { } export interface HostingVersionConfig { + /** + * An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + */ + headers?: pulumi.Input[]>; /** * An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, * triggers Hosting to respond with a redirect to the specified destination path. @@ -51313,6 +51312,21 @@ export namespace firebase { rewrites?: pulumi.Input[]>; } + export interface HostingVersionConfigHeader { + /** + * The user-supplied glob to match against the request URL path. + */ + glob?: pulumi.Input; + /** + * The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + */ + headers: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * The user-supplied RE2 regular expression to match against the request URL path. + */ + regex?: pulumi.Input; + } + export interface HostingVersionConfigRedirect { /** * The user-supplied glob to match against the request URL path. @@ -56859,7 +56873,7 @@ export namespace identityplatform { export interface ConfigQuota { /** - * Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. */ signUpQuotaConfig?: pulumi.Input; @@ -56867,7 +56881,7 @@ export namespace identityplatform { export interface ConfigQuotaSignUpQuotaConfig { /** - * A sign up APIs quota that customers can override temporarily. + * A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. */ quota?: pulumi.Input; /** @@ -61282,11 +61296,11 @@ export namespace networkconnectivity { /** * The IP address on the VM to use for peering. */ - ipAddress?: pulumi.Input; + ipAddress: pulumi.Input; /** * The URI of the virtual machine resource */ - virtualMachine?: pulumi.Input; + virtualMachine: pulumi.Input; } export interface SpokeLinkedVpcNetwork { @@ -61470,6 +61484,420 @@ export namespace networksecurity { principals?: pulumi.Input[]>; } + export interface AuthzPolicyCustomProvider { + /** + * Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + */ + authzExtension?: pulumi.Input; + /** + * Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + */ + cloudIap?: pulumi.Input; + } + + export interface AuthzPolicyCustomProviderAuthzExtension { + /** + * A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + */ + resources: pulumi.Input[]>; + } + + export interface AuthzPolicyCustomProviderCloudIap { + /** + * Enable Cloud IAP at the AuthzPolicy level. + */ + enabled: pulumi.Input; + } + + export interface AuthzPolicyHttpRule { + /** + * Describes properties of one or more sources of a request. + * Structure is documented below. + */ + from?: pulumi.Input; + /** + * Describes properties of one or more targets of a request + * Structure is documented below. + */ + to?: pulumi.Input; + /** + * CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + */ + when?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFrom { + /** + * Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + */ + notSources?: pulumi.Input[]>; + /** + * Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + */ + sources?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleFromNotSource { + /** + * A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + */ + principals?: pulumi.Input[]>; + /** + * A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + */ + resources?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleFromNotSourcePrincipal { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFromNotSourceResource { + /** + * An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + */ + iamServiceAccount?: pulumi.Input; + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + */ + tagValueIdSet?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet { + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + */ + ids?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleFromSource { + /** + * A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + */ + principals?: pulumi.Input[]>; + /** + * A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + */ + resources?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleFromSourcePrincipal { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFromSourceResource { + /** + * An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + */ + iamServiceAccount?: pulumi.Input; + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + */ + tagValueIdSet?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet { + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + */ + ids?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleTo { + /** + * Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + */ + operations?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleToOperation { + /** + * A list of headers to match against in http header. + * Structure is documented below. + */ + headerSet?: pulumi.Input; + /** + * A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + */ + hosts?: pulumi.Input[]>; + /** + * A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + */ + methods?: pulumi.Input[]>; + /** + * A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + */ + paths?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleToOperationHeaderSet { + /** + * A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + */ + headers?: pulumi.Input[]>; + } + + export interface AuthzPolicyHttpRuleToOperationHeaderSetHeader { + /** + * Specifies the name of the header in the request. + */ + name?: pulumi.Input; + /** + * Specifies how the header match will be performed. + * Structure is documented below. + */ + value?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleToOperationHost { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyHttpRuleToOperationPath { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: pulumi.Input; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: pulumi.Input; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: pulumi.Input; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: pulumi.Input; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: pulumi.Input; + } + + export interface AuthzPolicyTarget { + /** + * All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + */ + loadBalancingScheme: pulumi.Input; + /** + * A list of references to the Forwarding Rules on which this policy will be applied. + * + * - - - + */ + resources?: pulumi.Input[]>; + } + export interface ClientTlsPolicyClientCertificate { /** * The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. @@ -61524,6 +61952,14 @@ export namespace networksecurity { targetUri: pulumi.Input; } + export interface InterceptDeploymentGroupConnectedEndpointGroup { + /** + * (Output) + * Output only. A connected intercept endpoint group. + */ + name?: pulumi.Input; + } + export interface MirroringDeploymentGroupConnectedEndpointGroup { /** * (Output) @@ -65119,6 +65555,10 @@ export namespace orgpolicy { * If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. */ enforce?: pulumi.Input; + /** + * Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + */ + parameters?: pulumi.Input; /** * List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -65200,6 +65640,10 @@ export namespace orgpolicy { * If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. */ enforce?: pulumi.Input; + /** + * Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + */ + parameters?: pulumi.Input; /** * List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -70557,7 +71001,7 @@ export namespace sql { */ collation?: pulumi.Input; /** - * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. */ connectorEnforcement?: pulumi.Input; /** @@ -71487,6 +71931,10 @@ export namespace storage { * A Google Cloud Storage data source. Structure documented below. */ gcsDataSource?: pulumi.Input; + /** + * An HDFS data source. Structure documented below. + */ + hdfsDataSource?: pulumi.Input; /** * A HTTP URL data source. Structure documented below. */ @@ -71601,6 +72049,13 @@ export namespace storage { path?: pulumi.Input; } + export interface TransferJobTransferSpecHdfsDataSource { + /** + * Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + */ + path: pulumi.Input; + } + export interface TransferJobTransferSpecHttpDataSource { /** * The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported. @@ -71645,8 +72100,6 @@ export namespace storage { export interface TransferJobTransferSpecPosixDataSource { /** * Root directory path to the filesystem. - * - * The `awsS3DataSource` block supports: */ rootDirectory: pulumi.Input; } @@ -71797,16 +72250,16 @@ export namespace tpu { enableExternalIps?: pulumi.Input; /** * The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. */ network?: pulumi.Input; + /** + * Specifies networking queue count for TPU VM instance's network interface. + */ + queueCount?: pulumi.Input; /** * The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. */ subnetwork?: pulumi.Input; } diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 1aaef26768..94f3b0bff9 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -1383,13 +1383,6 @@ export namespace accesscontextmanager { * behavior. */ description?: string; - /** - * (Output) - * An opaque identifier for the current version of the ServicePerimeter. This - * identifier does not follow any specific format. If an etag is not provided, the - * operation will be performed as if a valid etag is provided. - */ - etag: string; /** * Resource name for the ServicePerimeter. The shortName component must * begin with a letter and only include alphanumeric and '_'. @@ -64504,6 +64497,12 @@ export namespace firebase { } export interface HostingVersionConfig { + /** + * An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + * triggers Hosting to apply the specified custom response headers. + * Structure is documented below. + */ + headers?: outputs.firebase.HostingVersionConfigHeader[]; /** * An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, * triggers Hosting to respond with a redirect to the specified destination path. @@ -64518,6 +64517,21 @@ export namespace firebase { rewrites?: outputs.firebase.HostingVersionConfigRewrite[]; } + export interface HostingVersionConfigHeader { + /** + * The user-supplied glob to match against the request URL path. + */ + glob?: string; + /** + * The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + */ + headers: {[key: string]: string}; + /** + * The user-supplied RE2 regular expression to match against the request URL path. + */ + regex?: string; + } + export interface HostingVersionConfigRedirect { /** * The user-supplied glob to match against the request URL path. @@ -70264,7 +70278,7 @@ export namespace identityplatform { export interface ConfigQuota { /** - * Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + * Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. * Structure is documented below. */ signUpQuotaConfig?: outputs.identityplatform.ConfigQuotaSignUpQuotaConfig; @@ -70272,7 +70286,7 @@ export namespace identityplatform { export interface ConfigQuotaSignUpQuotaConfig { /** - * A sign up APIs quota that customers can override temporarily. + * A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. */ quota?: number; /** @@ -75007,11 +75021,11 @@ export namespace networkconnectivity { /** * The IP address on the VM to use for peering. */ - ipAddress?: string; + ipAddress: string; /** * The URI of the virtual machine resource */ - virtualMachine?: string; + virtualMachine: string; } export interface SpokeLinkedVpcNetwork { @@ -75197,6 +75211,420 @@ export namespace networksecurity { principals?: string[]; } + export interface AuthzPolicyCustomProvider { + /** + * Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + * Structure is documented below. + */ + authzExtension?: outputs.networksecurity.AuthzPolicyCustomProviderAuthzExtension; + /** + * Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + * Structure is documented below. + */ + cloudIap?: outputs.networksecurity.AuthzPolicyCustomProviderCloudIap; + } + + export interface AuthzPolicyCustomProviderAuthzExtension { + /** + * A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + */ + resources: string[]; + } + + export interface AuthzPolicyCustomProviderCloudIap { + /** + * Enable Cloud IAP at the AuthzPolicy level. + */ + enabled: boolean; + } + + export interface AuthzPolicyHttpRule { + /** + * Describes properties of one or more sources of a request. + * Structure is documented below. + */ + from?: outputs.networksecurity.AuthzPolicyHttpRuleFrom; + /** + * Describes properties of one or more targets of a request + * Structure is documented below. + */ + to?: outputs.networksecurity.AuthzPolicyHttpRuleTo; + /** + * CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + */ + when?: string; + } + + export interface AuthzPolicyHttpRuleFrom { + /** + * Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + */ + notSources?: outputs.networksecurity.AuthzPolicyHttpRuleFromNotSource[]; + /** + * Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + * Structure is documented below. + */ + sources?: outputs.networksecurity.AuthzPolicyHttpRuleFromSource[]; + } + + export interface AuthzPolicyHttpRuleFromNotSource { + /** + * A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + */ + principals?: outputs.networksecurity.AuthzPolicyHttpRuleFromNotSourcePrincipal[]; + /** + * A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + */ + resources?: outputs.networksecurity.AuthzPolicyHttpRuleFromNotSourceResource[]; + } + + export interface AuthzPolicyHttpRuleFromNotSourcePrincipal { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyHttpRuleFromNotSourceResource { + /** + * An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + */ + iamServiceAccount?: outputs.networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount; + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + */ + tagValueIdSet?: outputs.networksecurity.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet; + } + + export interface AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet { + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + */ + ids?: string[]; + } + + export interface AuthzPolicyHttpRuleFromSource { + /** + * A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + * Limited to 5 principals. + * Structure is documented below. + */ + principals?: outputs.networksecurity.AuthzPolicyHttpRuleFromSourcePrincipal[]; + /** + * A list of resources to match against the resource of the source VM of a request. + * Limited to 5 resources. + * Structure is documented below. + */ + resources?: outputs.networksecurity.AuthzPolicyHttpRuleFromSourceResource[]; + } + + export interface AuthzPolicyHttpRuleFromSourcePrincipal { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyHttpRuleFromSourceResource { + /** + * An IAM service account to match against the source service account of the VM sending the request. + * Structure is documented below. + */ + iamServiceAccount?: outputs.networksecurity.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount; + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + * Structure is documented below. + */ + tagValueIdSet?: outputs.networksecurity.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet; + } + + export interface AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet { + /** + * A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + * Limited to 5 matches. + */ + ids?: string[]; + } + + export interface AuthzPolicyHttpRuleTo { + /** + * Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + * Structure is documented below. + */ + operations?: outputs.networksecurity.AuthzPolicyHttpRuleToOperation[]; + } + + export interface AuthzPolicyHttpRuleToOperation { + /** + * A list of headers to match against in http header. + * Structure is documented below. + */ + headerSet?: outputs.networksecurity.AuthzPolicyHttpRuleToOperationHeaderSet; + /** + * A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Structure is documented below. + */ + hosts?: outputs.networksecurity.AuthzPolicyHttpRuleToOperationHost[]; + /** + * A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + */ + methods?: string[]; + /** + * A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + * Limited to 5 matches. + * Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + * Structure is documented below. + */ + paths?: outputs.networksecurity.AuthzPolicyHttpRuleToOperationPath[]; + } + + export interface AuthzPolicyHttpRuleToOperationHeaderSet { + /** + * A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + * Structure is documented below. + */ + headers?: outputs.networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeader[]; + } + + export interface AuthzPolicyHttpRuleToOperationHeaderSetHeader { + /** + * Specifies the name of the header in the request. + */ + name?: string; + /** + * Specifies how the header match will be performed. + * Structure is documented below. + */ + value?: outputs.networksecurity.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue; + } + + export interface AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyHttpRuleToOperationHost { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyHttpRuleToOperationPath { + /** + * The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc.def + */ + contains?: string; + /** + * The input string must match exactly the string specified here. + * Examples: + * * abc only matches the value abc. + */ + exact?: string; + /** + * If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + */ + ignoreCase?: boolean; + /** + * The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value abc.xyz + */ + prefix?: string; + /** + * The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + * Examples: + * * abc matches the value xyz.abc + */ + suffix?: string; + } + + export interface AuthzPolicyTarget { + /** + * All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + * For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + * Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + */ + loadBalancingScheme: string; + /** + * A list of references to the Forwarding Rules on which this policy will be applied. + * + * - - - + */ + resources?: string[]; + } + export interface ClientTlsPolicyClientCertificate { /** * The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information. @@ -75251,6 +75679,14 @@ export namespace networksecurity { targetUri: string; } + export interface InterceptDeploymentGroupConnectedEndpointGroup { + /** + * (Output) + * Output only. A connected intercept endpoint group. + */ + name: string; + } + export interface MirroringDeploymentGroupConnectedEndpointGroup { /** * (Output) @@ -81144,6 +81580,10 @@ export namespace orgpolicy { * If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. */ enforce?: string; + /** + * Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + */ + parameters?: string; /** * List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -81225,6 +81665,10 @@ export namespace orgpolicy { * If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. */ enforce?: string; + /** + * Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \"allowedLocations\" : [\"us-east1\", \"us-west1\"], \"allowAll\" : true } + */ + parameters?: string; /** * List of values to be used for this policy rule. This field can be set only in policies for list constraints. * Structure is documented below. @@ -87826,7 +88270,7 @@ export namespace sql { */ collation?: string; /** - * Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + * Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. */ connectorEnforcement: string; /** @@ -90122,6 +90566,10 @@ export namespace storage { * A Google Cloud Storage data source. Structure documented below. */ gcsDataSource?: outputs.storage.TransferJobTransferSpecGcsDataSource; + /** + * An HDFS data source. Structure documented below. + */ + hdfsDataSource?: outputs.storage.TransferJobTransferSpecHdfsDataSource; /** * A HTTP URL data source. Structure documented below. */ @@ -90236,6 +90684,13 @@ export namespace storage { path: string; } + export interface TransferJobTransferSpecHdfsDataSource { + /** + * Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + */ + path: string; + } + export interface TransferJobTransferSpecHttpDataSource { /** * The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported. @@ -90280,8 +90735,6 @@ export namespace storage { export interface TransferJobTransferSpecPosixDataSource { /** * Root directory path to the filesystem. - * - * The `awsS3DataSource` block supports: */ rootDirectory: string; } @@ -90508,16 +90961,16 @@ export namespace tpu { enableExternalIps?: boolean; /** * The name of the network for the TPU node. It must be a preexisting Google Compute Engine - * network. If both network and subnetwork are specified, the given subnetwork must belong - * to the given network. If network is not specified, it will be looked up from the - * subnetwork if one is provided, or otherwise use "default". + * network. If none is provided, "default" will be used. */ network: string; + /** + * Specifies networking queue count for TPU VM instance's network interface. + */ + queueCount?: number; /** * The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - * Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - * must belong to the given network. If subnetwork is not specified, the subnetwork with the - * same name as the network will be used. + * Engine subnetwork. If none is provided, "default" will be used. */ subnetwork: string; } diff --git a/sdk/python/pulumi_gcp/__init__.py b/sdk/python/pulumi_gcp/__init__.py index a6fa644d46..9c9e2c2a0f 100644 --- a/sdk/python/pulumi_gcp/__init__.py +++ b/sdk/python/pulumi_gcp/__init__.py @@ -6478,6 +6478,14 @@ "gcp:networksecurity/authorizationPolicy:AuthorizationPolicy": "AuthorizationPolicy" } }, + { + "pkg": "gcp", + "mod": "networksecurity/authzPolicy", + "fqn": "pulumi_gcp.networksecurity", + "classes": { + "gcp:networksecurity/authzPolicy:AuthzPolicy": "AuthzPolicy" + } + }, { "pkg": "gcp", "mod": "networksecurity/clientTlsPolicy", @@ -6518,6 +6526,22 @@ "gcp:networksecurity/gatewaySecurityPolicyRule:GatewaySecurityPolicyRule": "GatewaySecurityPolicyRule" } }, + { + "pkg": "gcp", + "mod": "networksecurity/interceptDeployment", + "fqn": "pulumi_gcp.networksecurity", + "classes": { + "gcp:networksecurity/interceptDeployment:InterceptDeployment": "InterceptDeployment" + } + }, + { + "pkg": "gcp", + "mod": "networksecurity/interceptDeploymentGroup", + "fqn": "pulumi_gcp.networksecurity", + "classes": { + "gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup": "InterceptDeploymentGroup" + } + }, { "pkg": "gcp", "mod": "networksecurity/mirroringDeployment", @@ -6590,6 +6614,14 @@ "gcp:networksecurity/urlList:UrlList": "UrlList" } }, + { + "pkg": "gcp", + "mod": "networkservices/authzExtension", + "fqn": "pulumi_gcp.networkservices", + "classes": { + "gcp:networkservices/authzExtension:AuthzExtension": "AuthzExtension" + } + }, { "pkg": "gcp", "mod": "networkservices/edgeCacheKeyset", diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py b/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py index 50755221cc..9b2bc43047 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/_inputs.py @@ -6054,13 +6054,6 @@ class ServicePerimetersServicePerimeterArgsDict(TypedDict): Description of the ServicePerimeter and its use. Does not affect behavior. """ - etag: NotRequired[pulumi.Input[str]] - """ - (Output) - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. - """ perimeter_type: NotRequired[pulumi.Input[str]] """ Specifies the type of the Perimeter. There are two types: regular and @@ -6122,7 +6115,6 @@ def __init__(__self__, *, title: pulumi.Input[str], create_time: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - etag: Optional[pulumi.Input[str]] = None, perimeter_type: Optional[pulumi.Input[str]] = None, spec: Optional[pulumi.Input['ServicePerimetersServicePerimeterSpecArgs']] = None, status: Optional[pulumi.Input['ServicePerimetersServicePerimeterStatusArgs']] = None, @@ -6137,10 +6129,6 @@ def __init__(__self__, *, Time the AccessPolicy was created in UTC. :param pulumi.Input[str] description: Description of the ServicePerimeter and its use. Does not affect behavior. - :param pulumi.Input[str] etag: (Output) - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. :param pulumi.Input[str] perimeter_type: Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most @@ -6184,8 +6172,6 @@ def __init__(__self__, *, pulumi.set(__self__, "create_time", create_time) if description is not None: pulumi.set(__self__, "description", description) - if etag is not None: - pulumi.set(__self__, "etag", etag) if perimeter_type is not None: pulumi.set(__self__, "perimeter_type", perimeter_type) if spec is not None: @@ -6249,21 +6235,6 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) - @property - @pulumi.getter - def etag(self) -> Optional[pulumi.Input[str]]: - """ - (Output) - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. - """ - return pulumi.get(self, "etag") - - @etag.setter - def etag(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "etag", value) - @property @pulumi.getter(name="perimeterType") def perimeter_type(self) -> Optional[pulumi.Input[str]]: diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py b/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py index a043a1cb8f..d2bf9db905 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/outputs.py @@ -4683,7 +4683,6 @@ def __init__(__self__, *, title: str, create_time: Optional[str] = None, description: Optional[str] = None, - etag: Optional[str] = None, perimeter_type: Optional[str] = None, spec: Optional['outputs.ServicePerimetersServicePerimeterSpec'] = None, status: Optional['outputs.ServicePerimetersServicePerimeterStatus'] = None, @@ -4698,10 +4697,6 @@ def __init__(__self__, *, Time the AccessPolicy was created in UTC. :param str description: Description of the ServicePerimeter and its use. Does not affect behavior. - :param str etag: (Output) - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. :param str perimeter_type: Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most @@ -4745,8 +4740,6 @@ def __init__(__self__, *, pulumi.set(__self__, "create_time", create_time) if description is not None: pulumi.set(__self__, "description", description) - if etag is not None: - pulumi.set(__self__, "etag", etag) if perimeter_type is not None: pulumi.set(__self__, "perimeter_type", perimeter_type) if spec is not None: @@ -4794,17 +4787,6 @@ def description(self) -> Optional[str]: """ return pulumi.get(self, "description") - @property - @pulumi.getter - def etag(self) -> Optional[str]: - """ - (Output) - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. - """ - return pulumi.get(self, "etag") - @property @pulumi.getter(name="perimeterType") def perimeter_type(self) -> Optional[str]: diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter.py b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter.py index a01d1dda8c..d705870463 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/service_perimeter.py @@ -231,7 +231,6 @@ class _ServicePerimeterState: def __init__(__self__, *, create_time: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - etag: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, perimeter_type: Optional[pulumi.Input[str]] = None, @@ -245,9 +244,6 @@ def __init__(__self__, *, :param pulumi.Input[str] create_time: Time the AccessPolicy was created in UTC. :param pulumi.Input[str] description: Description of the ServicePerimeter and its use. Does not affect behavior. - :param pulumi.Input[str] etag: An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. :param pulumi.Input[str] name: Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -297,8 +293,6 @@ def __init__(__self__, *, pulumi.set(__self__, "create_time", create_time) if description is not None: pulumi.set(__self__, "description", description) - if etag is not None: - pulumi.set(__self__, "etag", etag) if name is not None: pulumi.set(__self__, "name", name) if parent is not None: @@ -341,20 +335,6 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) - @property - @pulumi.getter - def etag(self) -> Optional[pulumi.Input[str]]: - """ - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. - """ - return pulumi.get(self, "etag") - - @etag.setter - def etag(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "etag", value) - @property @pulumi.getter def name(self) -> Optional[pulumi.Input[str]]: @@ -1009,7 +989,6 @@ def _internal_init(__self__, __props__.__dict__["title"] = title __props__.__dict__["use_explicit_dry_run_spec"] = use_explicit_dry_run_spec __props__.__dict__["create_time"] = None - __props__.__dict__["etag"] = None __props__.__dict__["update_time"] = None super(ServicePerimeter, __self__).__init__( 'gcp:accesscontextmanager/servicePerimeter:ServicePerimeter', @@ -1023,7 +1002,6 @@ def get(resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, create_time: Optional[pulumi.Input[str]] = None, description: Optional[pulumi.Input[str]] = None, - etag: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, parent: Optional[pulumi.Input[str]] = None, perimeter_type: Optional[pulumi.Input[str]] = None, @@ -1042,9 +1020,6 @@ def get(resource_name: str, :param pulumi.Input[str] create_time: Time the AccessPolicy was created in UTC. :param pulumi.Input[str] description: Description of the ServicePerimeter and its use. Does not affect behavior. - :param pulumi.Input[str] etag: An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. :param pulumi.Input[str] name: Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} @@ -1096,7 +1071,6 @@ def get(resource_name: str, __props__.__dict__["create_time"] = create_time __props__.__dict__["description"] = description - __props__.__dict__["etag"] = etag __props__.__dict__["name"] = name __props__.__dict__["parent"] = parent __props__.__dict__["perimeter_type"] = perimeter_type @@ -1124,16 +1098,6 @@ def description(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "description") - @property - @pulumi.getter - def etag(self) -> pulumi.Output[str]: - """ - An opaque identifier for the current version of the ServicePerimeter. This - identifier does not follow any specific format. If an etag is not provided, the - operation will be performed as if a valid etag is provided. - """ - return pulumi.get(self, "etag") - @property @pulumi.getter def name(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py b/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py index ba1faa9598..9971e1fdf9 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/artifactregistry/get_repository_iam_policy.py @@ -120,8 +120,12 @@ def get_repository_iam_policy(location: Optional[str] = None, ``` - :param str location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param str location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param str project: The ID of the project in which the resource belongs. @@ -161,8 +165,12 @@ def get_repository_iam_policy_output(location: Optional[pulumi.Input[Optional[st ``` - :param str location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param str location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param str project: The ID of the project in which the resource belongs. diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository.py b/sdk/python/pulumi_gcp/artifactregistry/repository.py index 53912e6cbf..e411d642df 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository.py @@ -41,11 +41,11 @@ def __init__(__self__, *, can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + :param pulumi.Input[str] repository_id: The last part of the repository name, for example: + "repo1" - - - - :param pulumi.Input[str] repository_id: The last part of the repository name, for example: - "repo1" :param pulumi.Input[Sequence[pulumi.Input['RepositoryCleanupPolicyArgs']]] cleanup_policies: Cleanup policies for this repository. Cleanup policies indicate when certain package versions can be automatically deleted. Map keys are policy IDs supplied by users during policy creation. They must @@ -68,7 +68,12 @@ def __init__(__self__, *, **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field `effective_labels` for all of the labels present on the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. :param pulumi.Input['RepositoryMavenConfigArgs'] maven_config: MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type. @@ -118,9 +123,6 @@ def format(self) -> pulumi.Input[str]: can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - - - - - - """ return pulumi.get(self, "format") @@ -134,6 +136,9 @@ def repository_id(self) -> pulumi.Input[str]: """ The last part of the repository name, for example: "repo1" + + + - - - """ return pulumi.get(self, "repository_id") @@ -233,7 +238,12 @@ def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]) @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. """ return pulumi.get(self, "location") @@ -350,9 +360,6 @@ def __init__(__self__, *, can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - - - - - - :param pulumi.Input[str] kms_key_name: The Cloud KMS resource name of the customer managed encryption key that’s used to encrypt the contents of the Repository. Has the form: `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. @@ -365,7 +372,12 @@ def __init__(__self__, *, **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field `effective_labels` for all of the labels present on the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. :param pulumi.Input['RepositoryMavenConfigArgs'] maven_config: MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type. @@ -383,6 +395,9 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] repository_id: The last part of the repository name, for example: "repo1" + + + - - - :param pulumi.Input[str] update_time: The time when the repository was last updated. :param pulumi.Input['RepositoryVirtualRepositoryConfigArgs'] virtual_repository_config: Configuration specific for a Virtual Repository. Structure is documented below. @@ -512,9 +527,6 @@ def format(self) -> Optional[pulumi.Input[str]]: can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - - - - - - """ return pulumi.get(self, "format") @@ -560,7 +572,12 @@ def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]) @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. """ return pulumi.get(self, "location") @@ -655,6 +672,9 @@ def repository_id(self) -> Optional[pulumi.Input[str]]: """ The last part of the repository name, for example: "repo1" + + + - - - """ return pulumi.get(self, "repository_id") @@ -731,6 +751,18 @@ def __init__(__self__, description="example docker repository", format="DOCKER") ``` + ### Artifact Registry Repository Multi Region + + ```python + import pulumi + import pulumi_gcp as gcp + + my_repo = gcp.artifactregistry.Repository("my-repo", + repository_id="my-repository", + description="example docker repository", + location="us", + format="DOCKER") + ``` ### Artifact Registry Repository Docker ```python @@ -1218,8 +1250,6 @@ def __init__(__self__, * `{{location}}/{{repository_id}}` - * `{{repository_id}}` - When using the `pulumi import` command, Repository can be imported using one of the formats above. For example: ```sh @@ -1234,10 +1264,6 @@ def __init__(__self__, $ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}} ``` - ```sh - $ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}} - ``` - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[Sequence[pulumi.Input[Union['RepositoryCleanupPolicyArgs', 'RepositoryCleanupPolicyArgsDict']]]] cleanup_policies: Cleanup policies for this repository. Cleanup policies indicate when @@ -1254,9 +1280,6 @@ def __init__(__self__, can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - - - - - - :param pulumi.Input[str] kms_key_name: The Cloud KMS resource name of the customer managed encryption key that’s used to encrypt the contents of the Repository. Has the form: `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. @@ -1269,7 +1292,12 @@ def __init__(__self__, **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field `effective_labels` for all of the labels present on the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. :param pulumi.Input[Union['RepositoryMavenConfigArgs', 'RepositoryMavenConfigArgsDict']] maven_config: MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type. @@ -1283,6 +1311,9 @@ def __init__(__self__, Structure is documented below. :param pulumi.Input[str] repository_id: The last part of the repository name, for example: "repo1" + + + - - - :param pulumi.Input[Union['RepositoryVirtualRepositoryConfigArgs', 'RepositoryVirtualRepositoryConfigArgsDict']] virtual_repository_config: Configuration specific for a Virtual Repository. Structure is documented below. """ @@ -1315,6 +1346,18 @@ def __init__(__self__, description="example docker repository", format="DOCKER") ``` + ### Artifact Registry Repository Multi Region + + ```python + import pulumi + import pulumi_gcp as gcp + + my_repo = gcp.artifactregistry.Repository("my-repo", + repository_id="my-repository", + description="example docker repository", + location="us", + format="DOCKER") + ``` ### Artifact Registry Repository Docker ```python @@ -1802,8 +1845,6 @@ def __init__(__self__, * `{{location}}/{{repository_id}}` - * `{{repository_id}}` - When using the `pulumi import` command, Repository can be imported using one of the formats above. For example: ```sh @@ -1818,10 +1859,6 @@ def __init__(__self__, $ pulumi import gcp:artifactregistry/repository:Repository default {{location}}/{{repository_id}} ``` - ```sh - $ pulumi import gcp:artifactregistry/repository:Repository default {{repository_id}} - ``` - :param str resource_name: The name of the resource. :param RepositoryArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. @@ -1937,9 +1974,6 @@ def get(resource_name: str, can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - - - - - - :param pulumi.Input[str] kms_key_name: The Cloud KMS resource name of the customer managed encryption key that’s used to encrypt the contents of the Repository. Has the form: `projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`. @@ -1952,7 +1986,12 @@ def get(resource_name: str, **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field `effective_labels` for all of the labels present on the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. :param pulumi.Input[Union['RepositoryMavenConfigArgs', 'RepositoryMavenConfigArgsDict']] maven_config: MavenRepositoryConfig is maven related repository details. Provides additional configuration details for repositories of the maven format type. @@ -1970,6 +2009,9 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] repository_id: The last part of the repository name, for example: "repo1" + + + - - - :param pulumi.Input[str] update_time: The time when the repository was last updated. :param pulumi.Input[Union['RepositoryVirtualRepositoryConfigArgs', 'RepositoryVirtualRepositoryConfigArgsDict']] virtual_repository_config: Configuration specific for a Virtual Repository. Structure is documented below. @@ -2061,9 +2103,6 @@ def format(self) -> pulumi.Output[str]: can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). You can only create alpha formats if you are a member of the [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). - - - - - - """ return pulumi.get(self, "format") @@ -2097,7 +2136,12 @@ def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]: @pulumi.getter def location(self) -> pulumi.Output[str]: """ - The name of the location this repository is located in. + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. """ return pulumi.get(self, "location") @@ -2164,6 +2208,9 @@ def repository_id(self) -> pulumi.Output[str]: """ The last part of the repository name, for example: "repo1" + + + - - - """ return pulumi.get(self, "repository_id") diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py index 5845b3be38..fc76a6c60b 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py @@ -44,8 +44,12 @@ def __init__(__self__, *, :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. @@ -122,8 +126,12 @@ def condition(self, value: Optional[pulumi.Input['RepositoryIamBindingConditionA @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ @@ -160,8 +168,12 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RepositoryIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. @@ -222,8 +234,12 @@ def etag(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ @@ -471,8 +487,12 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. @@ -729,8 +749,12 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. @@ -781,8 +805,12 @@ def etag(self) -> pulumi.Output[str]: @pulumi.getter def location(self) -> pulumi.Output[str]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py index eff1523465..9bd9ee1b2e 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py @@ -44,8 +44,12 @@ def __init__(__self__, *, :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. @@ -122,8 +126,12 @@ def condition(self, value: Optional[pulumi.Input['RepositoryIamMemberConditionAr @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ @@ -160,8 +168,12 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RepositoryIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. @@ -222,8 +234,12 @@ def etag(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ @@ -471,8 +487,12 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. @@ -729,8 +749,12 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. @@ -781,8 +805,12 @@ def etag(self) -> pulumi.Output[str]: @pulumi.getter def location(self) -> pulumi.Output[str]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py index 211ad5a74f..065196f54b 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py @@ -28,8 +28,12 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. @@ -71,8 +75,12 @@ def repository(self, value: pulumi.Input[str]): @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ @@ -107,8 +115,12 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RepositoryIamPolicy resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] policy_data: The policy data generated by @@ -144,8 +156,12 @@ def etag(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def location(self) -> Optional[pulumi.Input[str]]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ @@ -368,8 +384,12 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] policy_data: The policy data generated by @@ -606,8 +626,12 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + :param pulumi.Input[str] location: The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. :param pulumi.Input[str] policy_data: The policy data generated by @@ -639,8 +663,12 @@ def etag(self) -> pulumi.Output[str]: @pulumi.getter def location(self) -> pulumi.Output[str]: """ - The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to. If not specified, + The name of the repository's location. In addition to specific regions, + special values for multi-region locations are `asia`, `europe`, and `us`. + See [here](https://cloud.google.com/artifact-registry/docs/repositories/repo-locations), + or use the + artifactregistry_get_locations + data source for possible values. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no location is specified, it is taken from the provider configuration. """ diff --git a/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py b/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py index 9dd80218fa..285abfe871 100644 --- a/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py +++ b/sdk/python/pulumi_gcp/compute/get_global_forwarding_rule.py @@ -27,7 +27,7 @@ class GetGlobalForwardingRuleResult: """ A collection of values returned by getGlobalForwardingRule. """ - def __init__(__self__, allow_psc_global_access=None, base_forwarding_rule=None, description=None, effective_labels=None, forwarding_rule_id=None, id=None, ip_address=None, ip_protocol=None, ip_version=None, label_fingerprint=None, labels=None, load_balancing_scheme=None, metadata_filters=None, name=None, network=None, no_automate_dns_zone=None, port_range=None, project=None, psc_connection_id=None, psc_connection_status=None, pulumi_labels=None, self_link=None, service_directory_registrations=None, source_ip_ranges=None, subnetwork=None, target=None): + def __init__(__self__, allow_psc_global_access=None, base_forwarding_rule=None, description=None, effective_labels=None, forwarding_rule_id=None, id=None, ip_address=None, ip_protocol=None, ip_version=None, label_fingerprint=None, labels=None, load_balancing_scheme=None, metadata_filters=None, name=None, network=None, network_tier=None, no_automate_dns_zone=None, port_range=None, project=None, psc_connection_id=None, psc_connection_status=None, pulumi_labels=None, self_link=None, service_directory_registrations=None, source_ip_ranges=None, subnetwork=None, target=None): if allow_psc_global_access and not isinstance(allow_psc_global_access, bool): raise TypeError("Expected argument 'allow_psc_global_access' to be a bool") pulumi.set(__self__, "allow_psc_global_access", allow_psc_global_access) @@ -73,6 +73,9 @@ def __init__(__self__, allow_psc_global_access=None, base_forwarding_rule=None, if network and not isinstance(network, str): raise TypeError("Expected argument 'network' to be a str") pulumi.set(__self__, "network", network) + if network_tier and not isinstance(network_tier, str): + raise TypeError("Expected argument 'network_tier' to be a str") + pulumi.set(__self__, "network_tier", network_tier) if no_automate_dns_zone and not isinstance(no_automate_dns_zone, bool): raise TypeError("Expected argument 'no_automate_dns_zone' to be a bool") pulumi.set(__self__, "no_automate_dns_zone", no_automate_dns_zone) @@ -185,6 +188,11 @@ def name(self) -> str: def network(self) -> str: return pulumi.get(self, "network") + @property + @pulumi.getter(name="networkTier") + def network_tier(self) -> str: + return pulumi.get(self, "network_tier") + @property @pulumi.getter(name="noAutomateDnsZone") def no_automate_dns_zone(self) -> bool: @@ -262,6 +270,7 @@ def __await__(self): metadata_filters=self.metadata_filters, name=self.name, network=self.network, + network_tier=self.network_tier, no_automate_dns_zone=self.no_automate_dns_zone, port_range=self.port_range, project=self.project, @@ -319,6 +328,7 @@ def get_global_forwarding_rule(name: Optional[str] = None, metadata_filters=pulumi.get(__ret__, 'metadata_filters'), name=pulumi.get(__ret__, 'name'), network=pulumi.get(__ret__, 'network'), + network_tier=pulumi.get(__ret__, 'network_tier'), no_automate_dns_zone=pulumi.get(__ret__, 'no_automate_dns_zone'), port_range=pulumi.get(__ret__, 'port_range'), project=pulumi.get(__ret__, 'project'), @@ -373,6 +383,7 @@ def get_global_forwarding_rule_output(name: Optional[pulumi.Input[str]] = None, metadata_filters=pulumi.get(__response__, 'metadata_filters'), name=pulumi.get(__response__, 'name'), network=pulumi.get(__response__, 'network'), + network_tier=pulumi.get(__response__, 'network_tier'), no_automate_dns_zone=pulumi.get(__response__, 'no_automate_dns_zone'), port_range=pulumi.get(__response__, 'port_range'), project=pulumi.get(__response__, 'project'), diff --git a/sdk/python/pulumi_gcp/compute/global_forwarding_rule.py b/sdk/python/pulumi_gcp/compute/global_forwarding_rule.py index ecc8aa9535..904fb5732e 100644 --- a/sdk/python/pulumi_gcp/compute/global_forwarding_rule.py +++ b/sdk/python/pulumi_gcp/compute/global_forwarding_rule.py @@ -32,6 +32,7 @@ def __init__(__self__, *, metadata_filters: Optional[pulumi.Input[Sequence[pulumi.Input['GlobalForwardingRuleMetadataFilterArgs']]]] = None, name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, + network_tier: Optional[pulumi.Input[str]] = None, no_automate_dns_zone: Optional[pulumi.Input[bool]] = None, port_range: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, @@ -141,6 +142,16 @@ def __init__(__self__, *, be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. + :param pulumi.Input[str] network_tier: This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. :param pulumi.Input[bool] no_automate_dns_zone: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. :param pulumi.Input[str] port_range: The `portRange` field has the following limitations: * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, @@ -193,6 +204,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if network is not None: pulumi.set(__self__, "network", network) + if network_tier is not None: + pulumi.set(__self__, "network_tier", network_tier) if no_automate_dns_zone is not None: pulumi.set(__self__, "no_automate_dns_zone", no_automate_dns_zone) if port_range is not None: @@ -428,6 +441,27 @@ def network(self) -> Optional[pulumi.Input[str]]: def network(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "network", value) + @property + @pulumi.getter(name="networkTier") + def network_tier(self) -> Optional[pulumi.Input[str]]: + """ + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. + """ + return pulumi.get(self, "network_tier") + + @network_tier.setter + def network_tier(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "network_tier", value) + @property @pulumi.getter(name="noAutomateDnsZone") def no_automate_dns_zone(self) -> Optional[pulumi.Input[bool]]: @@ -542,6 +576,7 @@ def __init__(__self__, *, metadata_filters: Optional[pulumi.Input[Sequence[pulumi.Input['GlobalForwardingRuleMetadataFilterArgs']]]] = None, name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, + network_tier: Optional[pulumi.Input[str]] = None, no_automate_dns_zone: Optional[pulumi.Input[bool]] = None, port_range: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, @@ -648,6 +683,16 @@ def __init__(__self__, *, be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. + :param pulumi.Input[str] network_tier: This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. :param pulumi.Input[bool] no_automate_dns_zone: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. :param pulumi.Input[str] port_range: The `portRange` field has the following limitations: * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, @@ -725,6 +770,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if network is not None: pulumi.set(__self__, "network", network) + if network_tier is not None: + pulumi.set(__self__, "network_tier", network_tier) if no_automate_dns_zone is not None: pulumi.set(__self__, "no_automate_dns_zone", no_automate_dns_zone) if port_range is not None: @@ -995,6 +1042,27 @@ def network(self) -> Optional[pulumi.Input[str]]: def network(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "network", value) + @property + @pulumi.getter(name="networkTier") + def network_tier(self) -> Optional[pulumi.Input[str]]: + """ + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. + """ + return pulumi.get(self, "network_tier") + + @network_tier.setter + def network_tier(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "network_tier", value) + @property @pulumi.getter(name="noAutomateDnsZone") def no_automate_dns_zone(self) -> Optional[pulumi.Input[bool]]: @@ -1180,6 +1248,7 @@ def __init__(__self__, metadata_filters: Optional[pulumi.Input[Sequence[pulumi.Input[Union['GlobalForwardingRuleMetadataFilterArgs', 'GlobalForwardingRuleMetadataFilterArgsDict']]]]] = None, name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, + network_tier: Optional[pulumi.Input[str]] = None, no_automate_dns_zone: Optional[pulumi.Input[bool]] = None, port_range: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, @@ -1358,7 +1427,8 @@ def __init__(__self__, name="global-rule", target=default_target_http_proxy.id, port_range="80", - load_balancing_scheme="EXTERNAL_MANAGED") + load_balancing_scheme="EXTERNAL_MANAGED", + network_tier="PREMIUM") ``` ### Global Forwarding Rule Hybrid @@ -1651,6 +1721,16 @@ def __init__(__self__, be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. + :param pulumi.Input[str] network_tier: This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. :param pulumi.Input[bool] no_automate_dns_zone: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. :param pulumi.Input[str] port_range: The `portRange` field has the following limitations: * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, @@ -1871,7 +1951,8 @@ def __init__(__self__, name="global-rule", target=default_target_http_proxy.id, port_range="80", - load_balancing_scheme="EXTERNAL_MANAGED") + load_balancing_scheme="EXTERNAL_MANAGED", + network_tier="PREMIUM") ``` ### Global Forwarding Rule Hybrid @@ -2099,6 +2180,7 @@ def _internal_init(__self__, metadata_filters: Optional[pulumi.Input[Sequence[pulumi.Input[Union['GlobalForwardingRuleMetadataFilterArgs', 'GlobalForwardingRuleMetadataFilterArgsDict']]]]] = None, name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, + network_tier: Optional[pulumi.Input[str]] = None, no_automate_dns_zone: Optional[pulumi.Input[bool]] = None, port_range: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, @@ -2125,6 +2207,7 @@ def _internal_init(__self__, __props__.__dict__["metadata_filters"] = metadata_filters __props__.__dict__["name"] = name __props__.__dict__["network"] = network + __props__.__dict__["network_tier"] = network_tier __props__.__dict__["no_automate_dns_zone"] = no_automate_dns_zone __props__.__dict__["port_range"] = port_range __props__.__dict__["project"] = project @@ -2168,6 +2251,7 @@ def get(resource_name: str, metadata_filters: Optional[pulumi.Input[Sequence[pulumi.Input[Union['GlobalForwardingRuleMetadataFilterArgs', 'GlobalForwardingRuleMetadataFilterArgsDict']]]]] = None, name: Optional[pulumi.Input[str]] = None, network: Optional[pulumi.Input[str]] = None, + network_tier: Optional[pulumi.Input[str]] = None, no_automate_dns_zone: Optional[pulumi.Input[bool]] = None, port_range: Optional[pulumi.Input[str]] = None, project: Optional[pulumi.Input[str]] = None, @@ -2279,6 +2363,16 @@ def get(resource_name: str, be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided. + :param pulumi.Input[str] network_tier: This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. :param pulumi.Input[bool] no_automate_dns_zone: This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. :param pulumi.Input[str] port_range: The `portRange` field has the following limitations: * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, @@ -2346,6 +2440,7 @@ def get(resource_name: str, __props__.__dict__["metadata_filters"] = metadata_filters __props__.__dict__["name"] = name __props__.__dict__["network"] = network + __props__.__dict__["network_tier"] = network_tier __props__.__dict__["no_automate_dns_zone"] = no_automate_dns_zone __props__.__dict__["port_range"] = port_range __props__.__dict__["project"] = project @@ -2550,6 +2645,23 @@ def network(self) -> pulumi.Output[str]: """ return pulumi.get(self, "network") + @property + @pulumi.getter(name="networkTier") + def network_tier(self) -> pulumi.Output[str]: + """ + This signifies the networking tier used for configuring + this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. + For regional ForwardingRule, the valid values are `PREMIUM` and + `STANDARD`. For GlobalForwardingRule, the valid value is + `PREMIUM`. + If this field is not specified, it is assumed to be `PREMIUM`. + If `IPAddress` is specified, this value must be equal to the + networkTier of the Address. + Possible values are: `PREMIUM`, `STANDARD`. + """ + return pulumi.get(self, "network_tier") + @property @pulumi.getter(name="noAutomateDnsZone") def no_automate_dns_zone(self) -> pulumi.Output[Optional[bool]]: diff --git a/sdk/python/pulumi_gcp/compute/project_cloud_armor_tier.py b/sdk/python/pulumi_gcp/compute/project_cloud_armor_tier.py index 41e11ddc18..8b9f1bde96 100644 --- a/sdk/python/pulumi_gcp/compute/project_cloud_armor_tier.py +++ b/sdk/python/pulumi_gcp/compute/project_cloud_armor_tier.py @@ -24,7 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ProjectCloudArmorTier resource. :param pulumi.Input[str] cloud_armor_tier: Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - @@ -40,7 +40,7 @@ def __init__(__self__, *, def cloud_armor_tier(self) -> pulumi.Input[str]: """ Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - @@ -73,7 +73,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ProjectCloudArmorTier resources. :param pulumi.Input[str] cloud_armor_tier: Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - @@ -90,7 +90,7 @@ def __init__(__self__, *, def cloud_armor_tier(self) -> Optional[pulumi.Input[str]]: """ Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - @@ -184,7 +184,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_armor_tier: Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - @@ -305,7 +305,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_armor_tier: Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - @@ -325,7 +325,7 @@ def get(resource_name: str, def cloud_armor_tier(self) -> pulumi.Output[str]: """ Managed protection tier to be set. - Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`. + Possible values are: `CA_STANDARD`, `CA_ENTERPRISE_PAYGO`, `CA_ENTERPRISE_ANNUAL`. - - - diff --git a/sdk/python/pulumi_gcp/firebase/_inputs.py b/sdk/python/pulumi_gcp/firebase/_inputs.py index d8792bf6a4..8aa8eaba01 100644 --- a/sdk/python/pulumi_gcp/firebase/_inputs.py +++ b/sdk/python/pulumi_gcp/firebase/_inputs.py @@ -55,6 +55,8 @@ 'HostingCustomDomainRequiredDnsUpdateDiscoveredRecordArgsDict', 'HostingVersionConfigArgs', 'HostingVersionConfigArgsDict', + 'HostingVersionConfigHeaderArgs', + 'HostingVersionConfigHeaderArgsDict', 'HostingVersionConfigRedirectArgs', 'HostingVersionConfigRedirectArgsDict', 'HostingVersionConfigRewriteArgs', @@ -1694,6 +1696,12 @@ def type(self, value: Optional[pulumi.Input[str]]): if not MYPY: class HostingVersionConfigArgsDict(TypedDict): + headers: NotRequired[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigHeaderArgsDict']]]] + """ + An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to apply the specified custom response headers. + Structure is documented below. + """ redirects: NotRequired[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigRedirectArgsDict']]]] """ An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, @@ -1712,9 +1720,13 @@ class HostingVersionConfigArgsDict(TypedDict): @pulumi.input_type class HostingVersionConfigArgs: def __init__(__self__, *, + headers: Optional[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigHeaderArgs']]]] = None, redirects: Optional[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigRedirectArgs']]]] = None, rewrites: Optional[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigRewriteArgs']]]] = None): """ + :param pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigHeaderArgs']]] headers: An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to apply the specified custom response headers. + Structure is documented below. :param pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigRedirectArgs']]] redirects: An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, triggers Hosting to respond with a redirect to the specified destination path. Structure is documented below. @@ -1722,11 +1734,27 @@ def __init__(__self__, *, request URL path, triggers Hosting to respond as if the service were given the specified destination URL. Structure is documented below. """ + if headers is not None: + pulumi.set(__self__, "headers", headers) if redirects is not None: pulumi.set(__self__, "redirects", redirects) if rewrites is not None: pulumi.set(__self__, "rewrites", rewrites) + @property + @pulumi.getter + def headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigHeaderArgs']]]]: + """ + An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to apply the specified custom response headers. + Structure is documented below. + """ + return pulumi.get(self, "headers") + + @headers.setter + def headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigHeaderArgs']]]]): + pulumi.set(self, "headers", value) + @property @pulumi.getter def redirects(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['HostingVersionConfigRedirectArgs']]]]: @@ -1756,6 +1784,77 @@ def rewrites(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['HostingVe pulumi.set(self, "rewrites", value) +if not MYPY: + class HostingVersionConfigHeaderArgsDict(TypedDict): + headers: pulumi.Input[Mapping[str, pulumi.Input[str]]] + """ + The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + """ + glob: NotRequired[pulumi.Input[str]] + """ + The user-supplied glob to match against the request URL path. + """ + regex: NotRequired[pulumi.Input[str]] + """ + The user-supplied RE2 regular expression to match against the request URL path. + """ +elif False: + HostingVersionConfigHeaderArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class HostingVersionConfigHeaderArgs: + def __init__(__self__, *, + headers: pulumi.Input[Mapping[str, pulumi.Input[str]]], + glob: Optional[pulumi.Input[str]] = None, + regex: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] headers: The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + :param pulumi.Input[str] glob: The user-supplied glob to match against the request URL path. + :param pulumi.Input[str] regex: The user-supplied RE2 regular expression to match against the request URL path. + """ + pulumi.set(__self__, "headers", headers) + if glob is not None: + pulumi.set(__self__, "glob", glob) + if regex is not None: + pulumi.set(__self__, "regex", regex) + + @property + @pulumi.getter + def headers(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + """ + The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + """ + return pulumi.get(self, "headers") + + @headers.setter + def headers(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + pulumi.set(self, "headers", value) + + @property + @pulumi.getter + def glob(self) -> Optional[pulumi.Input[str]]: + """ + The user-supplied glob to match against the request URL path. + """ + return pulumi.get(self, "glob") + + @glob.setter + def glob(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "glob", value) + + @property + @pulumi.getter + def regex(self) -> Optional[pulumi.Input[str]]: + """ + The user-supplied RE2 regular expression to match against the request URL path. + """ + return pulumi.get(self, "regex") + + @regex.setter + def regex(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "regex", value) + + if not MYPY: class HostingVersionConfigRedirectArgsDict(TypedDict): location: pulumi.Input[str] diff --git a/sdk/python/pulumi_gcp/firebase/database_instance.py b/sdk/python/pulumi_gcp/firebase/database_instance.py index 4db3b8912d..e8a95095e4 100644 --- a/sdk/python/pulumi_gcp/firebase/database_instance.py +++ b/sdk/python/pulumi_gcp/firebase/database_instance.py @@ -333,6 +333,7 @@ def __init__(__self__, ```python import pulumi import pulumi_gcp as gcp + import pulumi_time as time default = gcp.organizations.Project("default", project_id="rtdb-project", @@ -342,16 +343,24 @@ def __init__(__self__, labels={ "firebase": "enabled", }) - default_project = gcp.firebase.Project("default", project=default.project_id) + firebase = gcp.projects.Service("firebase", + project=default.project_id, + service="firebase.googleapis.com", + disable_on_destroy=False) + default_project = gcp.firebase.Project("default", project=default.project_id, + opts = pulumi.ResourceOptions(depends_on=[firebase])) firebase_database = gcp.projects.Service("firebase_database", project=default_project.project, - service="firebasedatabase.googleapis.com") + service="firebasedatabase.googleapis.com", + disable_on_destroy=False) + wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s, + opts = pulumi.ResourceOptions(depends_on=[firebase_database])) default_database_instance = gcp.firebase.DatabaseInstance("default", project=default_project.project, region="us-central1", instance_id="rtdb-project-default-rtdb", type="DEFAULT_DATABASE", - opts = pulumi.ResourceOptions(depends_on=[firebase_database])) + opts = pulumi.ResourceOptions(depends_on=[wait60_seconds])) ``` ## Import @@ -441,6 +450,7 @@ def __init__(__self__, ```python import pulumi import pulumi_gcp as gcp + import pulumi_time as time default = gcp.organizations.Project("default", project_id="rtdb-project", @@ -450,16 +460,24 @@ def __init__(__self__, labels={ "firebase": "enabled", }) - default_project = gcp.firebase.Project("default", project=default.project_id) + firebase = gcp.projects.Service("firebase", + project=default.project_id, + service="firebase.googleapis.com", + disable_on_destroy=False) + default_project = gcp.firebase.Project("default", project=default.project_id, + opts = pulumi.ResourceOptions(depends_on=[firebase])) firebase_database = gcp.projects.Service("firebase_database", project=default_project.project, - service="firebasedatabase.googleapis.com") + service="firebasedatabase.googleapis.com", + disable_on_destroy=False) + wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s, + opts = pulumi.ResourceOptions(depends_on=[firebase_database])) default_database_instance = gcp.firebase.DatabaseInstance("default", project=default_project.project, region="us-central1", instance_id="rtdb-project-default-rtdb", type="DEFAULT_DATABASE", - opts = pulumi.ResourceOptions(depends_on=[firebase_database])) + opts = pulumi.ResourceOptions(depends_on=[wait60_seconds])) ``` ## Import diff --git a/sdk/python/pulumi_gcp/firebase/hosting_version.py b/sdk/python/pulumi_gcp/firebase/hosting_version.py index 1e58b881d4..f57e379f36 100644 --- a/sdk/python/pulumi_gcp/firebase/hosting_version.py +++ b/sdk/python/pulumi_gcp/firebase/hosting_version.py @@ -181,6 +181,54 @@ def __init__(__self__, version_name=default_hosting_version.name, message="Redirect to Google") ``` + ### Firebasehosting Version Headers + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.firebase.HostingSite("default", + project="my-project-name", + site_id="site-id") + default_hosting_version = gcp.firebase.HostingVersion("default", + site_id=default.site_id, + config={ + "headers": [{ + "glob": "/headers/**", + "headers": { + "my-header": "my-value", + }, + }], + }) + default_hosting_release = gcp.firebase.HostingRelease("default", + site_id=default.site_id, + version_name=default_hosting_version.name, + message="With custom headers") + ``` + ### Firebasehosting Version Headers Regex + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.firebase.HostingSite("default", + project="my-project-name", + site_id="site-id") + default_hosting_version = gcp.firebase.HostingVersion("default", + site_id=default.site_id, + config={ + "headers": [{ + "regex": "^~/headers$", + "headers": { + "my-header": "my-value", + }, + }], + }) + default_hosting_release = gcp.firebase.HostingRelease("default", + site_id=default.site_id, + version_name=default_hosting_version.name, + message="With custom headers") + ``` ### Firebasehosting Version Path ```python @@ -340,6 +388,54 @@ def __init__(__self__, version_name=default_hosting_version.name, message="Redirect to Google") ``` + ### Firebasehosting Version Headers + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.firebase.HostingSite("default", + project="my-project-name", + site_id="site-id") + default_hosting_version = gcp.firebase.HostingVersion("default", + site_id=default.site_id, + config={ + "headers": [{ + "glob": "/headers/**", + "headers": { + "my-header": "my-value", + }, + }], + }) + default_hosting_release = gcp.firebase.HostingRelease("default", + site_id=default.site_id, + version_name=default_hosting_version.name, + message="With custom headers") + ``` + ### Firebasehosting Version Headers Regex + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.firebase.HostingSite("default", + project="my-project-name", + site_id="site-id") + default_hosting_version = gcp.firebase.HostingVersion("default", + site_id=default.site_id, + config={ + "headers": [{ + "regex": "^~/headers$", + "headers": { + "my-header": "my-value", + }, + }], + }) + default_hosting_release = gcp.firebase.HostingRelease("default", + site_id=default.site_id, + version_name=default_hosting_version.name, + message="With custom headers") + ``` ### Firebasehosting Version Path ```python diff --git a/sdk/python/pulumi_gcp/firebase/outputs.py b/sdk/python/pulumi_gcp/firebase/outputs.py index 37def4435d..75b5fd5150 100644 --- a/sdk/python/pulumi_gcp/firebase/outputs.py +++ b/sdk/python/pulumi_gcp/firebase/outputs.py @@ -36,6 +36,7 @@ 'HostingCustomDomainRequiredDnsUpdateDiscovered', 'HostingCustomDomainRequiredDnsUpdateDiscoveredRecord', 'HostingVersionConfig', + 'HostingVersionConfigHeader', 'HostingVersionConfigRedirect', 'HostingVersionConfigRewrite', 'HostingVersionConfigRewriteRun', @@ -1308,9 +1309,13 @@ def type(self) -> Optional[str]: @pulumi.output_type class HostingVersionConfig(dict): def __init__(__self__, *, + headers: Optional[Sequence['outputs.HostingVersionConfigHeader']] = None, redirects: Optional[Sequence['outputs.HostingVersionConfigRedirect']] = None, rewrites: Optional[Sequence['outputs.HostingVersionConfigRewrite']] = None): """ + :param Sequence['HostingVersionConfigHeaderArgs'] headers: An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to apply the specified custom response headers. + Structure is documented below. :param Sequence['HostingVersionConfigRedirectArgs'] redirects: An array of objects (called redirect rules), where each rule specifies a URL pattern that, if matched to the request URL path, triggers Hosting to respond with a redirect to the specified destination path. Structure is documented below. @@ -1318,11 +1323,23 @@ def __init__(__self__, *, request URL path, triggers Hosting to respond as if the service were given the specified destination URL. Structure is documented below. """ + if headers is not None: + pulumi.set(__self__, "headers", headers) if redirects is not None: pulumi.set(__self__, "redirects", redirects) if rewrites is not None: pulumi.set(__self__, "rewrites", rewrites) + @property + @pulumi.getter + def headers(self) -> Optional[Sequence['outputs.HostingVersionConfigHeader']]: + """ + An array of objects, where each object specifies a URL pattern that, if matched to the request URL path, + triggers Hosting to apply the specified custom response headers. + Structure is documented below. + """ + return pulumi.get(self, "headers") + @property @pulumi.getter def redirects(self) -> Optional[Sequence['outputs.HostingVersionConfigRedirect']]: @@ -1344,6 +1361,48 @@ def rewrites(self) -> Optional[Sequence['outputs.HostingVersionConfigRewrite']]: return pulumi.get(self, "rewrites") +@pulumi.output_type +class HostingVersionConfigHeader(dict): + def __init__(__self__, *, + headers: Mapping[str, str], + glob: Optional[str] = None, + regex: Optional[str] = None): + """ + :param Mapping[str, str] headers: The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + :param str glob: The user-supplied glob to match against the request URL path. + :param str regex: The user-supplied RE2 regular expression to match against the request URL path. + """ + pulumi.set(__self__, "headers", headers) + if glob is not None: + pulumi.set(__self__, "glob", glob) + if regex is not None: + pulumi.set(__self__, "regex", regex) + + @property + @pulumi.getter + def headers(self) -> Mapping[str, str]: + """ + The additional headers to add to the response. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + """ + return pulumi.get(self, "headers") + + @property + @pulumi.getter + def glob(self) -> Optional[str]: + """ + The user-supplied glob to match against the request URL path. + """ + return pulumi.get(self, "glob") + + @property + @pulumi.getter + def regex(self) -> Optional[str]: + """ + The user-supplied RE2 regular expression to match against the request URL path. + """ + return pulumi.get(self, "regex") + + @pulumi.output_type class HostingVersionConfigRedirect(dict): @staticmethod diff --git a/sdk/python/pulumi_gcp/firebase/project.py b/sdk/python/pulumi_gcp/firebase/project.py index 5e95d92f39..9a4e1f5b92 100644 --- a/sdk/python/pulumi_gcp/firebase/project.py +++ b/sdk/python/pulumi_gcp/firebase/project.py @@ -53,7 +53,7 @@ def __init__(__self__, *, :param pulumi.Input[str] display_name: The GCP project display name :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - :param pulumi.Input[str] project_number: The number of the google project that firebase is enabled on. + :param pulumi.Input[str] project_number: The number of the Google Project that Firebase is enabled on. """ if display_name is not None: pulumi.set(__self__, "display_name", display_name) @@ -91,7 +91,7 @@ def project(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="projectNumber") def project_number(self) -> Optional[pulumi.Input[str]]: """ - The number of the google project that firebase is enabled on. + The number of the Google Project that Firebase is enabled on. """ return pulumi.get(self, "project_number") @@ -108,7 +108,7 @@ def __init__(__self__, project: Optional[pulumi.Input[str]] = None, __props__=None): """ - A Google Cloud Firebase instance. This enables Firebase resources on a given google project. + A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project. Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. Once Firebase has been added to a Google Project it cannot be removed. @@ -172,7 +172,7 @@ def __init__(__self__, args: Optional[ProjectArgs] = None, opts: Optional[pulumi.ResourceOptions] = None): """ - A Google Cloud Firebase instance. This enables Firebase resources on a given google project. + A Google Cloud Firebase instance. This enables Firebase resources on a given Google Project. Since a FirebaseProject is actually also a GCP Project, a FirebaseProject uses underlying GCP identifiers (most importantly, the projectId) as its own for easy interop with GCP APIs. Once Firebase has been added to a Google Project it cannot be removed. @@ -275,7 +275,7 @@ def get(resource_name: str, :param pulumi.Input[str] display_name: The GCP project display name :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - :param pulumi.Input[str] project_number: The number of the google project that firebase is enabled on. + :param pulumi.Input[str] project_number: The number of the Google Project that Firebase is enabled on. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -307,7 +307,7 @@ def project(self) -> pulumi.Output[str]: @pulumi.getter(name="projectNumber") def project_number(self) -> pulumi.Output[str]: """ - The number of the google project that firebase is enabled on. + The number of the Google Project that Firebase is enabled on. """ return pulumi.get(self, "project_number") diff --git a/sdk/python/pulumi_gcp/identityplatform/_inputs.py b/sdk/python/pulumi_gcp/identityplatform/_inputs.py index 0c9e176f95..4b6db10a91 100644 --- a/sdk/python/pulumi_gcp/identityplatform/_inputs.py +++ b/sdk/python/pulumi_gcp/identityplatform/_inputs.py @@ -718,7 +718,7 @@ def default_tenant_location(self, value: Optional[pulumi.Input[str]]): class ConfigQuotaArgsDict(TypedDict): sign_up_quota_config: NotRequired[pulumi.Input['ConfigQuotaSignUpQuotaConfigArgsDict']] """ - Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. Structure is documented below. """ elif False: @@ -729,7 +729,7 @@ class ConfigQuotaArgs: def __init__(__self__, *, sign_up_quota_config: Optional[pulumi.Input['ConfigQuotaSignUpQuotaConfigArgs']] = None): """ - :param pulumi.Input['ConfigQuotaSignUpQuotaConfigArgs'] sign_up_quota_config: Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + :param pulumi.Input['ConfigQuotaSignUpQuotaConfigArgs'] sign_up_quota_config: Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. Structure is documented below. """ if sign_up_quota_config is not None: @@ -739,7 +739,7 @@ def __init__(__self__, *, @pulumi.getter(name="signUpQuotaConfig") def sign_up_quota_config(self) -> Optional[pulumi.Input['ConfigQuotaSignUpQuotaConfigArgs']]: """ - Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. Structure is documented below. """ return pulumi.get(self, "sign_up_quota_config") @@ -753,7 +753,7 @@ def sign_up_quota_config(self, value: Optional[pulumi.Input['ConfigQuotaSignUpQu class ConfigQuotaSignUpQuotaConfigArgsDict(TypedDict): quota: NotRequired[pulumi.Input[int]] """ - A sign up APIs quota that customers can override temporarily. + A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. """ quota_duration: NotRequired[pulumi.Input[str]] """ @@ -773,7 +773,7 @@ def __init__(__self__, *, quota_duration: Optional[pulumi.Input[str]] = None, start_time: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[int] quota: A sign up APIs quota that customers can override temporarily. + :param pulumi.Input[int] quota: A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. :param pulumi.Input[str] quota_duration: How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". :param pulumi.Input[str] start_time: When this quota will take affect. """ @@ -788,7 +788,7 @@ def __init__(__self__, *, @pulumi.getter def quota(self) -> Optional[pulumi.Input[int]]: """ - A sign up APIs quota that customers can override temporarily. + A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. """ return pulumi.get(self, "quota") diff --git a/sdk/python/pulumi_gcp/identityplatform/config.py b/sdk/python/pulumi_gcp/identityplatform/config.py index 21e1f2e9a6..eabdfa230e 100644 --- a/sdk/python/pulumi_gcp/identityplatform/config.py +++ b/sdk/python/pulumi_gcp/identityplatform/config.py @@ -531,7 +531,7 @@ def __init__(__self__, quota={ "sign_up_quota_config": { "quota": 1000, - "start_time": "", + "start_time": "2014-10-02T15:01:23Z", "quota_duration": "7200s", }, }, @@ -671,7 +671,7 @@ def __init__(__self__, quota={ "sign_up_quota_config": { "quota": 1000, - "start_time": "", + "start_time": "2014-10-02T15:01:23Z", "quota_duration": "7200s", }, }, diff --git a/sdk/python/pulumi_gcp/identityplatform/outputs.py b/sdk/python/pulumi_gcp/identityplatform/outputs.py index 3b88e3912c..94c704fa4a 100644 --- a/sdk/python/pulumi_gcp/identityplatform/outputs.py +++ b/sdk/python/pulumi_gcp/identityplatform/outputs.py @@ -637,7 +637,7 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, sign_up_quota_config: Optional['outputs.ConfigQuotaSignUpQuotaConfig'] = None): """ - :param 'ConfigQuotaSignUpQuotaConfigArgs' sign_up_quota_config: Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + :param 'ConfigQuotaSignUpQuotaConfigArgs' sign_up_quota_config: Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. Structure is documented below. """ if sign_up_quota_config is not None: @@ -647,7 +647,7 @@ def __init__(__self__, *, @pulumi.getter(name="signUpQuotaConfig") def sign_up_quota_config(self) -> Optional['outputs.ConfigQuotaSignUpQuotaConfig']: """ - Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. + Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP. None of quota, startTime, or quotaDuration can be skipped. Structure is documented below. """ return pulumi.get(self, "sign_up_quota_config") @@ -679,7 +679,7 @@ def __init__(__self__, *, quota_duration: Optional[str] = None, start_time: Optional[str] = None): """ - :param int quota: A sign up APIs quota that customers can override temporarily. + :param int quota: A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. :param str quota_duration: How long this quota will be active for. It is measurred in seconds, e.g., Example: "9.615s". :param str start_time: When this quota will take affect. """ @@ -694,7 +694,7 @@ def __init__(__self__, *, @pulumi.getter def quota(self) -> Optional[int]: """ - A sign up APIs quota that customers can override temporarily. + A sign up APIs quota that customers can override temporarily. Value can be in between 1 and 1000. """ return pulumi.get(self, "quota") diff --git a/sdk/python/pulumi_gcp/looker/instance.py b/sdk/python/pulumi_gcp/looker/instance.py index 7d6c49808d..f20a99af7a 100644 --- a/sdk/python/pulumi_gcp/looker/instance.py +++ b/sdk/python/pulumi_gcp/looker/instance.py @@ -62,8 +62,11 @@ def __init__(__self__, *, these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] :param pulumi.Input[bool] private_ip_enabled: Whether private IP is enabled on the Looker instance. :param pulumi.Input['InstancePscConfigArgs'] psc_config: Information for Private Service Connect (PSC) setup for a Looker instance. :param pulumi.Input[bool] psc_enabled: Whether Public Service Connect (PSC) is enabled on the Looker instance @@ -249,8 +252,11 @@ def platform_edition(self) -> Optional[pulumi.Input[str]]: these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] """ return pulumi.get(self, "platform_edition") @@ -415,8 +421,11 @@ def __init__(__self__, *, these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] :param pulumi.Input[bool] private_ip_enabled: Whether private IP is enabled on the Looker instance. :param pulumi.Input['InstancePscConfigArgs'] psc_config: Information for Private Service Connect (PSC) setup for a Looker instance. :param pulumi.Input[bool] psc_enabled: Whether Public Service Connect (PSC) is enabled on the Looker instance @@ -692,8 +701,11 @@ def platform_edition(self) -> Optional[pulumi.Input[str]]: these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] """ return pulumi.get(self, "platform_edition") @@ -1106,8 +1118,11 @@ def __init__(__self__, these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] :param pulumi.Input[bool] private_ip_enabled: Whether private IP is enabled on the Looker instance. :param pulumi.Input[Union['InstancePscConfigArgs', 'InstancePscConfigArgsDict']] psc_config: Information for Private Service Connect (PSC) setup for a Looker instance. :param pulumi.Input[bool] psc_enabled: Whether Public Service Connect (PSC) is enabled on the Looker instance @@ -1514,8 +1529,11 @@ def get(resource_name: str, these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] :param pulumi.Input[bool] private_ip_enabled: Whether private IP is enabled on the Looker instance. :param pulumi.Input[Union['InstancePscConfigArgs', 'InstancePscConfigArgsDict']] psc_config: Information for Private Service Connect (PSC) setup for a Looker instance. :param pulumi.Input[bool] psc_enabled: Whether Public Service Connect (PSC) is enabled on the Looker instance @@ -1706,8 +1724,11 @@ def platform_edition(self) -> pulumi.Output[Optional[str]]: these values: - LOOKER_CORE_TRIAL: trial instance (Currently Unavailable) - LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable) - LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance - LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance - LOOKER_CORE_EMBED_ANNUAL: subscription embed instance - Default value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", - "LOOKER_CORE_STANDARD_ANNUAL", "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL"] + - LOOKER_CORE_NONPROD_STANDARD_ANNUAL: nonprod subscription standard instance - LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL: + nonprod subscription enterprise instance - LOOKER_CORE_NONPROD_EMBED_ANNUAL: nonprod subscription embed instance Default + value: "LOOKER_CORE_TRIAL" Possible values: ["LOOKER_CORE_TRIAL", "LOOKER_CORE_STANDARD", "LOOKER_CORE_STANDARD_ANNUAL", + "LOOKER_CORE_ENTERPRISE_ANNUAL", "LOOKER_CORE_EMBED_ANNUAL", "LOOKER_CORE_NONPROD_STANDARD_ANNUAL", + "LOOKER_CORE_NONPROD_ENTERPRISE_ANNUAL", "LOOKER_CORE_NONPROD_EMBED_ANNUAL"] """ return pulumi.get(self, "platform_edition") diff --git a/sdk/python/pulumi_gcp/networkconnectivity/_inputs.py b/sdk/python/pulumi_gcp/networkconnectivity/_inputs.py index c8434fdc28..8d858e7543 100644 --- a/sdk/python/pulumi_gcp/networkconnectivity/_inputs.py +++ b/sdk/python/pulumi_gcp/networkconnectivity/_inputs.py @@ -1096,11 +1096,11 @@ def include_import_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Inp if not MYPY: class SpokeLinkedRouterApplianceInstancesInstanceArgsDict(TypedDict): - ip_address: NotRequired[pulumi.Input[str]] + ip_address: pulumi.Input[str] """ The IP address on the VM to use for peering. """ - virtual_machine: NotRequired[pulumi.Input[str]] + virtual_machine: pulumi.Input[str] """ The URI of the virtual machine resource """ @@ -1110,39 +1110,37 @@ class SpokeLinkedRouterApplianceInstancesInstanceArgsDict(TypedDict): @pulumi.input_type class SpokeLinkedRouterApplianceInstancesInstanceArgs: def __init__(__self__, *, - ip_address: Optional[pulumi.Input[str]] = None, - virtual_machine: Optional[pulumi.Input[str]] = None): + ip_address: pulumi.Input[str], + virtual_machine: pulumi.Input[str]): """ :param pulumi.Input[str] ip_address: The IP address on the VM to use for peering. :param pulumi.Input[str] virtual_machine: The URI of the virtual machine resource """ - if ip_address is not None: - pulumi.set(__self__, "ip_address", ip_address) - if virtual_machine is not None: - pulumi.set(__self__, "virtual_machine", virtual_machine) + pulumi.set(__self__, "ip_address", ip_address) + pulumi.set(__self__, "virtual_machine", virtual_machine) @property @pulumi.getter(name="ipAddress") - def ip_address(self) -> Optional[pulumi.Input[str]]: + def ip_address(self) -> pulumi.Input[str]: """ The IP address on the VM to use for peering. """ return pulumi.get(self, "ip_address") @ip_address.setter - def ip_address(self, value: Optional[pulumi.Input[str]]): + def ip_address(self, value: pulumi.Input[str]): pulumi.set(self, "ip_address", value) @property @pulumi.getter(name="virtualMachine") - def virtual_machine(self) -> Optional[pulumi.Input[str]]: + def virtual_machine(self) -> pulumi.Input[str]: """ The URI of the virtual machine resource """ return pulumi.get(self, "virtual_machine") @virtual_machine.setter - def virtual_machine(self, value: Optional[pulumi.Input[str]]): + def virtual_machine(self, value: pulumi.Input[str]): pulumi.set(self, "virtual_machine", value) diff --git a/sdk/python/pulumi_gcp/networkconnectivity/outputs.py b/sdk/python/pulumi_gcp/networkconnectivity/outputs.py index 4d5031535f..551b4aae32 100644 --- a/sdk/python/pulumi_gcp/networkconnectivity/outputs.py +++ b/sdk/python/pulumi_gcp/networkconnectivity/outputs.py @@ -823,20 +823,18 @@ def get(self, key: str, default = None) -> Any: return super().get(key, default) def __init__(__self__, *, - ip_address: Optional[str] = None, - virtual_machine: Optional[str] = None): + ip_address: str, + virtual_machine: str): """ :param str ip_address: The IP address on the VM to use for peering. :param str virtual_machine: The URI of the virtual machine resource """ - if ip_address is not None: - pulumi.set(__self__, "ip_address", ip_address) - if virtual_machine is not None: - pulumi.set(__self__, "virtual_machine", virtual_machine) + pulumi.set(__self__, "ip_address", ip_address) + pulumi.set(__self__, "virtual_machine", virtual_machine) @property @pulumi.getter(name="ipAddress") - def ip_address(self) -> Optional[str]: + def ip_address(self) -> str: """ The IP address on the VM to use for peering. """ @@ -844,7 +842,7 @@ def ip_address(self) -> Optional[str]: @property @pulumi.getter(name="virtualMachine") - def virtual_machine(self) -> Optional[str]: + def virtual_machine(self) -> str: """ The URI of the virtual machine resource """ diff --git a/sdk/python/pulumi_gcp/networksecurity/__init__.py b/sdk/python/pulumi_gcp/networksecurity/__init__.py index 463d2eb92c..44cdc98867 100644 --- a/sdk/python/pulumi_gcp/networksecurity/__init__.py +++ b/sdk/python/pulumi_gcp/networksecurity/__init__.py @@ -10,12 +10,15 @@ from .address_group_iam_member import * from .address_group_iam_policy import * from .authorization_policy import * +from .authz_policy import * from .client_tls_policy import * from .firewall_endpoint import * from .firewall_endpoint_association import * from .gateway_security_policy import * from .gateway_security_policy_rule import * from .get_address_group_iam_policy import * +from .intercept_deployment import * +from .intercept_deployment_group import * from .mirroring_deployment import * from .mirroring_deployment_group import * from .mirroring_endpoint_group import * diff --git a/sdk/python/pulumi_gcp/networksecurity/_inputs.py b/sdk/python/pulumi_gcp/networksecurity/_inputs.py index f62ddf39ef..76784853b3 100644 --- a/sdk/python/pulumi_gcp/networksecurity/_inputs.py +++ b/sdk/python/pulumi_gcp/networksecurity/_inputs.py @@ -27,6 +27,52 @@ 'AuthorizationPolicyRuleDestinationHttpHeaderMatchArgsDict', 'AuthorizationPolicyRuleSourceArgs', 'AuthorizationPolicyRuleSourceArgsDict', + 'AuthzPolicyCustomProviderArgs', + 'AuthzPolicyCustomProviderArgsDict', + 'AuthzPolicyCustomProviderAuthzExtensionArgs', + 'AuthzPolicyCustomProviderAuthzExtensionArgsDict', + 'AuthzPolicyCustomProviderCloudIapArgs', + 'AuthzPolicyCustomProviderCloudIapArgsDict', + 'AuthzPolicyHttpRuleArgs', + 'AuthzPolicyHttpRuleArgsDict', + 'AuthzPolicyHttpRuleFromArgs', + 'AuthzPolicyHttpRuleFromArgsDict', + 'AuthzPolicyHttpRuleFromNotSourceArgs', + 'AuthzPolicyHttpRuleFromNotSourceArgsDict', + 'AuthzPolicyHttpRuleFromNotSourcePrincipalArgs', + 'AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict', + 'AuthzPolicyHttpRuleFromNotSourceResourceArgs', + 'AuthzPolicyHttpRuleFromNotSourceResourceArgsDict', + 'AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs', + 'AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict', + 'AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs', + 'AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict', + 'AuthzPolicyHttpRuleFromSourceArgs', + 'AuthzPolicyHttpRuleFromSourceArgsDict', + 'AuthzPolicyHttpRuleFromSourcePrincipalArgs', + 'AuthzPolicyHttpRuleFromSourcePrincipalArgsDict', + 'AuthzPolicyHttpRuleFromSourceResourceArgs', + 'AuthzPolicyHttpRuleFromSourceResourceArgsDict', + 'AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs', + 'AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict', + 'AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs', + 'AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict', + 'AuthzPolicyHttpRuleToArgs', + 'AuthzPolicyHttpRuleToArgsDict', + 'AuthzPolicyHttpRuleToOperationArgs', + 'AuthzPolicyHttpRuleToOperationArgsDict', + 'AuthzPolicyHttpRuleToOperationHeaderSetArgs', + 'AuthzPolicyHttpRuleToOperationHeaderSetArgsDict', + 'AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs', + 'AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict', + 'AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs', + 'AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict', + 'AuthzPolicyHttpRuleToOperationHostArgs', + 'AuthzPolicyHttpRuleToOperationHostArgsDict', + 'AuthzPolicyHttpRuleToOperationPathArgs', + 'AuthzPolicyHttpRuleToOperationPathArgsDict', + 'AuthzPolicyTargetArgs', + 'AuthzPolicyTargetArgsDict', 'ClientTlsPolicyClientCertificateArgs', 'ClientTlsPolicyClientCertificateArgsDict', 'ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs', @@ -39,6 +85,8 @@ 'ClientTlsPolicyServerValidationCaCertificateProviderInstanceArgsDict', 'ClientTlsPolicyServerValidationCaGrpcEndpointArgs', 'ClientTlsPolicyServerValidationCaGrpcEndpointArgsDict', + 'InterceptDeploymentGroupConnectedEndpointGroupArgs', + 'InterceptDeploymentGroupConnectedEndpointGroupArgsDict', 'MirroringDeploymentGroupConnectedEndpointGroupArgs', 'MirroringDeploymentGroupConnectedEndpointGroupArgsDict', 'MirroringEndpointGroupAssociationLocationsDetailArgs', @@ -428,6 +476,1826 @@ def principals(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]) pulumi.set(self, "principals", value) +if not MYPY: + class AuthzPolicyCustomProviderArgsDict(TypedDict): + authz_extension: NotRequired[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgsDict']] + """ + Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + Structure is documented below. + """ + cloud_iap: NotRequired[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgsDict']] + """ + Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + Structure is documented below. + """ +elif False: + AuthzPolicyCustomProviderArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyCustomProviderArgs: + def __init__(__self__, *, + authz_extension: Optional[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs']] = None, + cloud_iap: Optional[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs']] = None): + """ + :param pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs'] authz_extension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + Structure is documented below. + :param pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs'] cloud_iap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + Structure is documented below. + """ + if authz_extension is not None: + pulumi.set(__self__, "authz_extension", authz_extension) + if cloud_iap is not None: + pulumi.set(__self__, "cloud_iap", cloud_iap) + + @property + @pulumi.getter(name="authzExtension") + def authz_extension(self) -> Optional[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs']]: + """ + Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + Structure is documented below. + """ + return pulumi.get(self, "authz_extension") + + @authz_extension.setter + def authz_extension(self, value: Optional[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs']]): + pulumi.set(self, "authz_extension", value) + + @property + @pulumi.getter(name="cloudIap") + def cloud_iap(self) -> Optional[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs']]: + """ + Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + Structure is documented below. + """ + return pulumi.get(self, "cloud_iap") + + @cloud_iap.setter + def cloud_iap(self, value: Optional[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs']]): + pulumi.set(self, "cloud_iap", value) + + +if not MYPY: + class AuthzPolicyCustomProviderAuthzExtensionArgsDict(TypedDict): + resources: pulumi.Input[Sequence[pulumi.Input[str]]] + """ + A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + """ +elif False: + AuthzPolicyCustomProviderAuthzExtensionArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyCustomProviderAuthzExtensionArgs: + def __init__(__self__, *, + resources: pulumi.Input[Sequence[pulumi.Input[str]]]): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] resources: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + """ + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def resources(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + """ + return pulumi.get(self, "resources") + + @resources.setter + def resources(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "resources", value) + + +if not MYPY: + class AuthzPolicyCustomProviderCloudIapArgsDict(TypedDict): + enabled: pulumi.Input[bool] + """ + Enable Cloud IAP at the AuthzPolicy level. + """ +elif False: + AuthzPolicyCustomProviderCloudIapArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyCustomProviderCloudIapArgs: + def __init__(__self__, *, + enabled: pulumi.Input[bool]): + """ + :param pulumi.Input[bool] enabled: Enable Cloud IAP at the AuthzPolicy level. + """ + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter + def enabled(self) -> pulumi.Input[bool]: + """ + Enable Cloud IAP at the AuthzPolicy level. + """ + return pulumi.get(self, "enabled") + + @enabled.setter + def enabled(self, value: pulumi.Input[bool]): + pulumi.set(self, "enabled", value) + + +if not MYPY: + class AuthzPolicyHttpRuleArgsDict(TypedDict): + from_: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromArgsDict']] + """ + Describes properties of one or more sources of a request. + Structure is documented below. + """ + to: NotRequired[pulumi.Input['AuthzPolicyHttpRuleToArgsDict']] + """ + Describes properties of one or more targets of a request + Structure is documented below. + """ + when: NotRequired[pulumi.Input[str]] + """ + CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + """ +elif False: + AuthzPolicyHttpRuleArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleArgs: + def __init__(__self__, *, + from_: Optional[pulumi.Input['AuthzPolicyHttpRuleFromArgs']] = None, + to: Optional[pulumi.Input['AuthzPolicyHttpRuleToArgs']] = None, + when: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input['AuthzPolicyHttpRuleFromArgs'] from_: Describes properties of one or more sources of a request. + Structure is documented below. + :param pulumi.Input['AuthzPolicyHttpRuleToArgs'] to: Describes properties of one or more targets of a request + Structure is documented below. + :param pulumi.Input[str] when: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + """ + if from_ is not None: + pulumi.set(__self__, "from_", from_) + if to is not None: + pulumi.set(__self__, "to", to) + if when is not None: + pulumi.set(__self__, "when", when) + + @property + @pulumi.getter(name="from") + def from_(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromArgs']]: + """ + Describes properties of one or more sources of a request. + Structure is documented below. + """ + return pulumi.get(self, "from_") + + @from_.setter + def from_(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromArgs']]): + pulumi.set(self, "from_", value) + + @property + @pulumi.getter + def to(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleToArgs']]: + """ + Describes properties of one or more targets of a request + Structure is documented below. + """ + return pulumi.get(self, "to") + + @to.setter + def to(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleToArgs']]): + pulumi.set(self, "to", value) + + @property + @pulumi.getter + def when(self) -> Optional[pulumi.Input[str]]: + """ + CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + """ + return pulumi.get(self, "when") + + @when.setter + def when(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "when", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromArgsDict(TypedDict): + not_sources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgsDict']]]] + """ + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + sources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgsDict']]]] + """ + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleFromArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromArgs: + def __init__(__self__, *, + not_sources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]]] = None, + sources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]] not_sources: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]] sources: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + if not_sources is not None: + pulumi.set(__self__, "not_sources", not_sources) + if sources is not None: + pulumi.set(__self__, "sources", sources) + + @property + @pulumi.getter(name="notSources") + def not_sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]]]: + """ + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + return pulumi.get(self, "not_sources") + + @not_sources.setter + def not_sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]]]): + pulumi.set(self, "not_sources", value) + + @property + @pulumi.getter + def sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]]]: + """ + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + return pulumi.get(self, "sources") + + @sources.setter + def sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]]]): + pulumi.set(self, "sources", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromNotSourceArgsDict(TypedDict): + principals: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict']]]] + """ + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + """ + resources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgsDict']]]] + """ + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleFromNotSourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromNotSourceArgs: + def __init__(__self__, *, + principals: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]]] = None, + resources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]] principals: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]] resources: A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + if principals is not None: + pulumi.set(__self__, "principals", principals) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def principals(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]]]: + """ + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + """ + return pulumi.get(self, "principals") + + @principals.setter + def principals(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]]]): + pulumi.set(self, "principals", value) + + @property + @pulumi.getter + def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]]]: + """ + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + return pulumi.get(self, "resources") + + @resources.setter + def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]]]): + pulumi.set(self, "resources", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromNotSourcePrincipalArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromNotSourceResourceArgsDict(TypedDict): + iam_service_account: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict']] + """ + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + """ + tag_value_id_set: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict']] + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleFromNotSourceResourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromNotSourceResourceArgs: + def __init__(__self__, *, + iam_service_account: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs']] = None, + tag_value_id_set: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs']] = None): + """ + :param pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs'] iam_service_account: An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + :param pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs'] tag_value_id_set: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + if iam_service_account is not None: + pulumi.set(__self__, "iam_service_account", iam_service_account) + if tag_value_id_set is not None: + pulumi.set(__self__, "tag_value_id_set", tag_value_id_set) + + @property + @pulumi.getter(name="iamServiceAccount") + def iam_service_account(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs']]: + """ + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + """ + return pulumi.get(self, "iam_service_account") + + @iam_service_account.setter + def iam_service_account(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs']]): + pulumi.set(self, "iam_service_account", value) + + @property + @pulumi.getter(name="tagValueIdSet") + def tag_value_id_set(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs']]: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + return pulumi.get(self, "tag_value_id_set") + + @tag_value_id_set.setter + def tag_value_id_set(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs']]): + pulumi.set(self, "tag_value_id_set", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict(TypedDict): + ids: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ +elif False: + AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs: + def __init__(__self__, *, + ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] ids: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + if ids is not None: + pulumi.set(__self__, "ids", ids) + + @property + @pulumi.getter + def ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + return pulumi.get(self, "ids") + + @ids.setter + def ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ids", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromSourceArgsDict(TypedDict): + principals: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgsDict']]]] + """ + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + """ + resources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgsDict']]]] + """ + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleFromSourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromSourceArgs: + def __init__(__self__, *, + principals: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]]] = None, + resources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]] principals: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]] resources: A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + if principals is not None: + pulumi.set(__self__, "principals", principals) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def principals(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]]]: + """ + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + """ + return pulumi.get(self, "principals") + + @principals.setter + def principals(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]]]): + pulumi.set(self, "principals", value) + + @property + @pulumi.getter + def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]]]: + """ + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + return pulumi.get(self, "resources") + + @resources.setter + def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]]]): + pulumi.set(self, "resources", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromSourcePrincipalArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleFromSourcePrincipalArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromSourcePrincipalArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromSourceResourceArgsDict(TypedDict): + iam_service_account: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict']] + """ + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + """ + tag_value_id_set: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict']] + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleFromSourceResourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromSourceResourceArgs: + def __init__(__self__, *, + iam_service_account: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs']] = None, + tag_value_id_set: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs']] = None): + """ + :param pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs'] iam_service_account: An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + :param pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs'] tag_value_id_set: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + if iam_service_account is not None: + pulumi.set(__self__, "iam_service_account", iam_service_account) + if tag_value_id_set is not None: + pulumi.set(__self__, "tag_value_id_set", tag_value_id_set) + + @property + @pulumi.getter(name="iamServiceAccount") + def iam_service_account(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs']]: + """ + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + """ + return pulumi.get(self, "iam_service_account") + + @iam_service_account.setter + def iam_service_account(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs']]): + pulumi.set(self, "iam_service_account", value) + + @property + @pulumi.getter(name="tagValueIdSet") + def tag_value_id_set(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs']]: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + return pulumi.get(self, "tag_value_id_set") + + @tag_value_id_set.setter + def tag_value_id_set(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs']]): + pulumi.set(self, "tag_value_id_set", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict(TypedDict): + ids: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ +elif False: + AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs: + def __init__(__self__, *, + ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input[str]]] ids: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + if ids is not None: + pulumi.set(__self__, "ids", ids) + + @property + @pulumi.getter + def ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + return pulumi.get(self, "ids") + + @ids.setter + def ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "ids", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToArgsDict(TypedDict): + operations: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgsDict']]]] + """ + Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleToArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToArgs: + def __init__(__self__, *, + operations: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]] operations: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + Structure is documented below. + """ + if operations is not None: + pulumi.set(__self__, "operations", operations) + + @property + @pulumi.getter + def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]]]: + """ + Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + Structure is documented below. + """ + return pulumi.get(self, "operations") + + @operations.setter + def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]]]): + pulumi.set(self, "operations", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToOperationArgsDict(TypedDict): + header_set: NotRequired[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgsDict']] + """ + A list of headers to match against in http header. + Structure is documented below. + """ + hosts: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgsDict']]]] + """ + A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Structure is documented below. + """ + methods: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + """ + paths: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgsDict']]]] + """ + A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleToOperationArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToOperationArgs: + def __init__(__self__, *, + header_set: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs']] = None, + hosts: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]]] = None, + methods: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + paths: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]]] = None): + """ + :param pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs'] header_set: A list of headers to match against in http header. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]] hosts: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[str]]] methods: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]] paths: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + Structure is documented below. + """ + if header_set is not None: + pulumi.set(__self__, "header_set", header_set) + if hosts is not None: + pulumi.set(__self__, "hosts", hosts) + if methods is not None: + pulumi.set(__self__, "methods", methods) + if paths is not None: + pulumi.set(__self__, "paths", paths) + + @property + @pulumi.getter(name="headerSet") + def header_set(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs']]: + """ + A list of headers to match against in http header. + Structure is documented below. + """ + return pulumi.get(self, "header_set") + + @header_set.setter + def header_set(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs']]): + pulumi.set(self, "header_set", value) + + @property + @pulumi.getter + def hosts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]]]: + """ + A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Structure is documented below. + """ + return pulumi.get(self, "hosts") + + @hosts.setter + def hosts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]]]): + pulumi.set(self, "hosts", value) + + @property + @pulumi.getter + def methods(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + """ + return pulumi.get(self, "methods") + + @methods.setter + def methods(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "methods", value) + + @property + @pulumi.getter + def paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]]]: + """ + A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + Structure is documented below. + """ + return pulumi.get(self, "paths") + + @paths.setter + def paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]]]): + pulumi.set(self, "paths", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToOperationHeaderSetArgsDict(TypedDict): + headers: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict']]]] + """ + A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleToOperationHeaderSetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToOperationHeaderSetArgs: + def __init__(__self__, *, + headers: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]]] = None): + """ + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]] headers: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + Structure is documented below. + """ + if headers is not None: + pulumi.set(__self__, "headers", headers) + + @property + @pulumi.getter + def headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]]]: + """ + A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + Structure is documented below. + """ + return pulumi.get(self, "headers") + + @headers.setter + def headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]]]): + pulumi.set(self, "headers", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict(TypedDict): + name: NotRequired[pulumi.Input[str]] + """ + Specifies the name of the header in the request. + """ + value: NotRequired[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict']] + """ + Specifies how the header match will be performed. + Structure is documented below. + """ +elif False: + AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs: + def __init__(__self__, *, + name: Optional[pulumi.Input[str]] = None, + value: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs']] = None): + """ + :param pulumi.Input[str] name: Specifies the name of the header in the request. + :param pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs'] value: Specifies how the header match will be performed. + Structure is documented below. + """ + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the name of the header in the request. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def value(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs']]: + """ + Specifies how the header match will be performed. + Structure is documented below. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs']]): + pulumi.set(self, "value", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToOperationHostArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleToOperationHostArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToOperationHostArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyHttpRuleToOperationPathArgsDict(TypedDict): + contains: NotRequired[pulumi.Input[str]] + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + exact: NotRequired[pulumi.Input[str]] + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + ignore_case: NotRequired[pulumi.Input[bool]] + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + prefix: NotRequired[pulumi.Input[str]] + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + suffix: NotRequired[pulumi.Input[str]] + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ +elif False: + AuthzPolicyHttpRuleToOperationPathArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyHttpRuleToOperationPathArgs: + def __init__(__self__, *, + contains: Optional[pulumi.Input[str]] = None, + exact: Optional[pulumi.Input[str]] = None, + ignore_case: Optional[pulumi.Input[bool]] = None, + prefix: Optional[pulumi.Input[str]] = None, + suffix: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param pulumi.Input[str] exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @contains.setter + def contains(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "contains", value) + + @property + @pulumi.getter + def exact(self) -> Optional[pulumi.Input[str]]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @exact.setter + def exact(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "exact", value) + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[pulumi.Input[bool]]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @ignore_case.setter + def ignore_case(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "ignore_case", value) + + @property + @pulumi.getter + def prefix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @prefix.setter + def prefix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "prefix", value) + + @property + @pulumi.getter + def suffix(self) -> Optional[pulumi.Input[str]]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + @suffix.setter + def suffix(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "suffix", value) + + +if not MYPY: + class AuthzPolicyTargetArgsDict(TypedDict): + load_balancing_scheme: pulumi.Input[str] + """ + All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + """ + resources: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]] + """ + A list of references to the Forwarding Rules on which this policy will be applied. + + - - - + """ +elif False: + AuthzPolicyTargetArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AuthzPolicyTargetArgs: + def __init__(__self__, *, + load_balancing_scheme: pulumi.Input[str], + resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): + """ + :param pulumi.Input[str] load_balancing_scheme: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] resources: A list of references to the Forwarding Rules on which this policy will be applied. + + - - - + """ + pulumi.set(__self__, "load_balancing_scheme", load_balancing_scheme) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter(name="loadBalancingScheme") + def load_balancing_scheme(self) -> pulumi.Input[str]: + """ + All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + """ + return pulumi.get(self, "load_balancing_scheme") + + @load_balancing_scheme.setter + def load_balancing_scheme(self, value: pulumi.Input[str]): + pulumi.set(self, "load_balancing_scheme", value) + + @property + @pulumi.getter + def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + A list of references to the Forwarding Rules on which this policy will be applied. + + - - - + """ + return pulumi.get(self, "resources") + + @resources.setter + def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "resources", value) + + if not MYPY: class ClientTlsPolicyClientCertificateArgsDict(TypedDict): certificate_provider_instance: NotRequired[pulumi.Input['ClientTlsPolicyClientCertificateCertificateProviderInstanceArgsDict']] @@ -668,6 +2536,41 @@ def target_uri(self, value: pulumi.Input[str]): pulumi.set(self, "target_uri", value) +if not MYPY: + class InterceptDeploymentGroupConnectedEndpointGroupArgsDict(TypedDict): + name: NotRequired[pulumi.Input[str]] + """ + (Output) + Output only. A connected intercept endpoint group. + """ +elif False: + InterceptDeploymentGroupConnectedEndpointGroupArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class InterceptDeploymentGroupConnectedEndpointGroupArgs: + def __init__(__self__, *, + name: Optional[pulumi.Input[str]] = None): + """ + :param pulumi.Input[str] name: (Output) + Output only. A connected intercept endpoint group. + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + (Output) + Output only. A connected intercept endpoint group. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + if not MYPY: class MirroringDeploymentGroupConnectedEndpointGroupArgsDict(TypedDict): name: NotRequired[pulumi.Input[str]] diff --git a/sdk/python/pulumi_gcp/networksecurity/authz_policy.py b/sdk/python/pulumi_gcp/networksecurity/authz_policy.py new file mode 100644 index 0000000000..59affd4e55 --- /dev/null +++ b/sdk/python/pulumi_gcp/networksecurity/authz_policy.py @@ -0,0 +1,1008 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['AuthzPolicyArgs', 'AuthzPolicy'] + +@pulumi.input_type +class AuthzPolicyArgs: + def __init__(__self__, *, + action: pulumi.Input[str], + location: pulumi.Input[str], + target: pulumi.Input['AuthzPolicyTargetArgs'], + custom_provider: Optional[pulumi.Input['AuthzPolicyCustomProviderArgs']] = None, + description: Optional[pulumi.Input[str]] = None, + http_rules: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a AuthzPolicy resource. + :param pulumi.Input[str] action: When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + :param pulumi.Input[str] location: The location of the resource. + :param pulumi.Input['AuthzPolicyTargetArgs'] target: Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + :param pulumi.Input['AuthzPolicyCustomProviderArgs'] custom_provider: Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]] http_rules: A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + :param pulumi.Input[str] name: Identifier. Name of the AuthzPolicy resource. + """ + pulumi.set(__self__, "action", action) + pulumi.set(__self__, "location", location) + pulumi.set(__self__, "target", target) + if custom_provider is not None: + pulumi.set(__self__, "custom_provider", custom_provider) + if description is not None: + pulumi.set(__self__, "description", description) + if http_rules is not None: + pulumi.set(__self__, "http_rules", http_rules) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + + @property + @pulumi.getter + def action(self) -> pulumi.Input[str]: + """ + When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + """ + return pulumi.get(self, "action") + + @action.setter + def action(self, value: pulumi.Input[str]): + pulumi.set(self, "action", value) + + @property + @pulumi.getter + def location(self) -> pulumi.Input[str]: + """ + The location of the resource. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: pulumi.Input[str]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def target(self) -> pulumi.Input['AuthzPolicyTargetArgs']: + """ + Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: pulumi.Input['AuthzPolicyTargetArgs']): + pulumi.set(self, "target", value) + + @property + @pulumi.getter(name="customProvider") + def custom_provider(self) -> Optional[pulumi.Input['AuthzPolicyCustomProviderArgs']]: + """ + Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + """ + return pulumi.get(self, "custom_provider") + + @custom_provider.setter + def custom_provider(self, value: Optional[pulumi.Input['AuthzPolicyCustomProviderArgs']]): + pulumi.set(self, "custom_provider", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A human-readable description of the resource. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="httpRules") + def http_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]]]: + """ + A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + """ + return pulumi.get(self, "http_rules") + + @http_rules.setter + def http_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]]]): + pulumi.set(self, "http_rules", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Identifier. Name of the AuthzPolicy resource. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + +@pulumi.input_type +class _AuthzPolicyState: + def __init__(__self__, *, + action: Optional[pulumi.Input[str]] = None, + create_time: Optional[pulumi.Input[str]] = None, + custom_provider: Optional[pulumi.Input['AuthzPolicyCustomProviderArgs']] = None, + description: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + http_rules: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + target: Optional[pulumi.Input['AuthzPolicyTargetArgs']] = None, + update_time: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering AuthzPolicy resources. + :param pulumi.Input[str] action: When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + :param pulumi.Input[str] create_time: The timestamp when the resource was created. + :param pulumi.Input['AuthzPolicyCustomProviderArgs'] custom_provider: Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]] http_rules: A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + :param pulumi.Input[str] location: The location of the resource. + :param pulumi.Input[str] name: Identifier. Name of the AuthzPolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input['AuthzPolicyTargetArgs'] target: Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + :param pulumi.Input[str] update_time: The timestamp when the resource was updated. + """ + if action is not None: + pulumi.set(__self__, "action", action) + if create_time is not None: + pulumi.set(__self__, "create_time", create_time) + if custom_provider is not None: + pulumi.set(__self__, "custom_provider", custom_provider) + if description is not None: + pulumi.set(__self__, "description", description) + if effective_labels is not None: + pulumi.set(__self__, "effective_labels", effective_labels) + if http_rules is not None: + pulumi.set(__self__, "http_rules", http_rules) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if location is not None: + pulumi.set(__self__, "location", location) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + if pulumi_labels is not None: + pulumi.set(__self__, "pulumi_labels", pulumi_labels) + if target is not None: + pulumi.set(__self__, "target", target) + if update_time is not None: + pulumi.set(__self__, "update_time", update_time) + + @property + @pulumi.getter + def action(self) -> Optional[pulumi.Input[str]]: + """ + When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + """ + return pulumi.get(self, "action") + + @action.setter + def action(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "action", value) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[pulumi.Input[str]]: + """ + The timestamp when the resource was created. + """ + return pulumi.get(self, "create_time") + + @create_time.setter + def create_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "create_time", value) + + @property + @pulumi.getter(name="customProvider") + def custom_provider(self) -> Optional[pulumi.Input['AuthzPolicyCustomProviderArgs']]: + """ + Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + """ + return pulumi.get(self, "custom_provider") + + @custom_provider.setter + def custom_provider(self, value: Optional[pulumi.Input['AuthzPolicyCustomProviderArgs']]): + pulumi.set(self, "custom_provider", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A human-readable description of the resource. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @effective_labels.setter + def effective_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "effective_labels", value) + + @property + @pulumi.getter(name="httpRules") + def http_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]]]: + """ + A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + """ + return pulumi.get(self, "http_rules") + + @http_rules.setter + def http_rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleArgs']]]]): + pulumi.set(self, "http_rules", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + The location of the resource. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Identifier. Name of the AuthzPolicy resource. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @pulumi_labels.setter + def pulumi_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "pulumi_labels", value) + + @property + @pulumi.getter + def target(self) -> Optional[pulumi.Input['AuthzPolicyTargetArgs']]: + """ + Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + """ + return pulumi.get(self, "target") + + @target.setter + def target(self, value: Optional[pulumi.Input['AuthzPolicyTargetArgs']]): + pulumi.set(self, "target", value) + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> Optional[pulumi.Input[str]]: + """ + The timestamp when the resource was updated. + """ + return pulumi.get(self, "update_time") + + @update_time.setter + def update_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "update_time", value) + + +class AuthzPolicy(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + action: Optional[pulumi.Input[str]] = None, + custom_provider: Optional[pulumi.Input[Union['AuthzPolicyCustomProviderArgs', 'AuthzPolicyCustomProviderArgsDict']]] = None, + description: Optional[pulumi.Input[str]] = None, + http_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthzPolicyHttpRuleArgs', 'AuthzPolicyHttpRuleArgsDict']]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input[Union['AuthzPolicyTargetArgs', 'AuthzPolicyTargetArgsDict']]] = None, + __props__=None): + """ + AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. + + To get more information about AuthzPolicy, see: + + * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies) + + ## Example Usage + + ### Network Services Authz Policy Advanced + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.Network("default", + name="lb-network", + project="my-project-name", + auto_create_subnetworks=False) + default_subnetwork = gcp.compute.Subnetwork("default", + name="backend-subnet", + project="my-project-name", + region="us-west1", + ip_cidr_range="10.1.2.0/24", + network=default.id) + proxy_only = gcp.compute.Subnetwork("proxy_only", + name="proxy-only-subnet", + project="my-project-name", + region="us-west1", + ip_cidr_range="10.129.0.0/23", + purpose="REGIONAL_MANAGED_PROXY", + role="ACTIVE", + network=default.id) + default_address = gcp.compute.Address("default", + name="l7-ilb-ip-address", + project="my-project-name", + region="us-west1", + subnetwork=default_subnetwork.id, + address_type="INTERNAL", + purpose="GCE_ENDPOINT") + default_region_health_check = gcp.compute.RegionHealthCheck("default", + name="l7-ilb-basic-check", + project="my-project-name", + region="us-west1", + http_health_check={ + "port_specification": "USE_SERVING_PORT", + }) + url_map = gcp.compute.RegionBackendService("url_map", + name="l7-ilb-backend-service", + project="my-project-name", + region="us-west1", + load_balancing_scheme="INTERNAL_MANAGED", + health_checks=default_region_health_check.id) + default_region_url_map = gcp.compute.RegionUrlMap("default", + name="l7-ilb-map", + project="my-project-name", + region="us-west1", + default_service=url_map.id) + default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default", + name="l7-ilb-proxy", + project="my-project-name", + region="us-west1", + url_map=default_region_url_map.id) + default_forwarding_rule = gcp.compute.ForwardingRule("default", + name="l7-ilb-forwarding-rule", + project="my-project-name", + region="us-west1", + load_balancing_scheme="INTERNAL_MANAGED", + network=default.id, + subnetwork=default_subnetwork.id, + ip_protocol="TCP", + port_range="80", + target=default_region_target_http_proxy.id, + ip_address=default_address.id, + opts = pulumi.ResourceOptions(depends_on=[proxy_only])) + authz_extension = gcp.compute.RegionBackendService("authz_extension", + name="authz-service", + project="my-project-name", + region="us-west1", + protocol="HTTP2", + load_balancing_scheme="INTERNAL_MANAGED", + port_name="grpc") + default_authz_extension = gcp.networkservices.AuthzExtension("default", + name="my-authz-ext", + project="my-project-name", + location="us-west1", + description="my description", + load_balancing_scheme="INTERNAL_MANAGED", + authority="ext11.com", + service=authz_extension.self_link, + timeout="0.1s", + fail_open=False, + forward_headers=["Authorization"]) + default_authz_policy = gcp.networksecurity.AuthzPolicy("default", + name="my-authz-policy", + project="my-project-name", + location="us-west1", + description="my description", + target={ + "load_balancing_scheme": "INTERNAL_MANAGED", + "resources": [default_forwarding_rule.self_link], + }, + action="CUSTOM", + custom_provider={ + "authz_extension": { + "resources": [default_authz_extension.id], + }, + }) + ``` + + ## Import + + AuthzPolicy can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}` + + * `{{project}}/{{location}}/{{name}}` + + * `{{location}}/{{name}}` + + * `{{name}}` + + When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] action: When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + :param pulumi.Input[Union['AuthzPolicyCustomProviderArgs', 'AuthzPolicyCustomProviderArgsDict']] custom_provider: Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[Sequence[pulumi.Input[Union['AuthzPolicyHttpRuleArgs', 'AuthzPolicyHttpRuleArgsDict']]]] http_rules: A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + :param pulumi.Input[str] location: The location of the resource. + :param pulumi.Input[str] name: Identifier. Name of the AuthzPolicy resource. + :param pulumi.Input[Union['AuthzPolicyTargetArgs', 'AuthzPolicyTargetArgsDict']] target: Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: AuthzPolicyArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + AuthzPolicy is a resource that allows to forward traffic to a callout backend designed to scan the traffic for security purposes. + + To get more information about AuthzPolicy, see: + + * [API documentation](https://cloud.google.com/load-balancing/docs/reference/network-security/rest/v1beta1/projects.locations.authzPolicies) + + ## Example Usage + + ### Network Services Authz Policy Advanced + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.Network("default", + name="lb-network", + project="my-project-name", + auto_create_subnetworks=False) + default_subnetwork = gcp.compute.Subnetwork("default", + name="backend-subnet", + project="my-project-name", + region="us-west1", + ip_cidr_range="10.1.2.0/24", + network=default.id) + proxy_only = gcp.compute.Subnetwork("proxy_only", + name="proxy-only-subnet", + project="my-project-name", + region="us-west1", + ip_cidr_range="10.129.0.0/23", + purpose="REGIONAL_MANAGED_PROXY", + role="ACTIVE", + network=default.id) + default_address = gcp.compute.Address("default", + name="l7-ilb-ip-address", + project="my-project-name", + region="us-west1", + subnetwork=default_subnetwork.id, + address_type="INTERNAL", + purpose="GCE_ENDPOINT") + default_region_health_check = gcp.compute.RegionHealthCheck("default", + name="l7-ilb-basic-check", + project="my-project-name", + region="us-west1", + http_health_check={ + "port_specification": "USE_SERVING_PORT", + }) + url_map = gcp.compute.RegionBackendService("url_map", + name="l7-ilb-backend-service", + project="my-project-name", + region="us-west1", + load_balancing_scheme="INTERNAL_MANAGED", + health_checks=default_region_health_check.id) + default_region_url_map = gcp.compute.RegionUrlMap("default", + name="l7-ilb-map", + project="my-project-name", + region="us-west1", + default_service=url_map.id) + default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default", + name="l7-ilb-proxy", + project="my-project-name", + region="us-west1", + url_map=default_region_url_map.id) + default_forwarding_rule = gcp.compute.ForwardingRule("default", + name="l7-ilb-forwarding-rule", + project="my-project-name", + region="us-west1", + load_balancing_scheme="INTERNAL_MANAGED", + network=default.id, + subnetwork=default_subnetwork.id, + ip_protocol="TCP", + port_range="80", + target=default_region_target_http_proxy.id, + ip_address=default_address.id, + opts = pulumi.ResourceOptions(depends_on=[proxy_only])) + authz_extension = gcp.compute.RegionBackendService("authz_extension", + name="authz-service", + project="my-project-name", + region="us-west1", + protocol="HTTP2", + load_balancing_scheme="INTERNAL_MANAGED", + port_name="grpc") + default_authz_extension = gcp.networkservices.AuthzExtension("default", + name="my-authz-ext", + project="my-project-name", + location="us-west1", + description="my description", + load_balancing_scheme="INTERNAL_MANAGED", + authority="ext11.com", + service=authz_extension.self_link, + timeout="0.1s", + fail_open=False, + forward_headers=["Authorization"]) + default_authz_policy = gcp.networksecurity.AuthzPolicy("default", + name="my-authz-policy", + project="my-project-name", + location="us-west1", + description="my description", + target={ + "load_balancing_scheme": "INTERNAL_MANAGED", + "resources": [default_forwarding_rule.self_link], + }, + action="CUSTOM", + custom_provider={ + "authz_extension": { + "resources": [default_authz_extension.id], + }, + }) + ``` + + ## Import + + AuthzPolicy can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/authzPolicies/{{name}}` + + * `{{project}}/{{location}}/{{name}}` + + * `{{location}}/{{name}}` + + * `{{name}}` + + When using the `pulumi import` command, AuthzPolicy can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default projects/{{project}}/locations/{{location}}/authzPolicies/{{name}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{project}}/{{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/authzPolicy:AuthzPolicy default {{name}} + ``` + + :param str resource_name: The name of the resource. + :param AuthzPolicyArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(AuthzPolicyArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + action: Optional[pulumi.Input[str]] = None, + custom_provider: Optional[pulumi.Input[Union['AuthzPolicyCustomProviderArgs', 'AuthzPolicyCustomProviderArgsDict']]] = None, + description: Optional[pulumi.Input[str]] = None, + http_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthzPolicyHttpRuleArgs', 'AuthzPolicyHttpRuleArgsDict']]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + target: Optional[pulumi.Input[Union['AuthzPolicyTargetArgs', 'AuthzPolicyTargetArgsDict']]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = AuthzPolicyArgs.__new__(AuthzPolicyArgs) + + if action is None and not opts.urn: + raise TypeError("Missing required property 'action'") + __props__.__dict__["action"] = action + __props__.__dict__["custom_provider"] = custom_provider + __props__.__dict__["description"] = description + __props__.__dict__["http_rules"] = http_rules + __props__.__dict__["labels"] = labels + if location is None and not opts.urn: + raise TypeError("Missing required property 'location'") + __props__.__dict__["location"] = location + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + if target is None and not opts.urn: + raise TypeError("Missing required property 'target'") + __props__.__dict__["target"] = target + __props__.__dict__["create_time"] = None + __props__.__dict__["effective_labels"] = None + __props__.__dict__["pulumi_labels"] = None + __props__.__dict__["update_time"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["effectiveLabels", "pulumiLabels"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(AuthzPolicy, __self__).__init__( + 'gcp:networksecurity/authzPolicy:AuthzPolicy', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + action: Optional[pulumi.Input[str]] = None, + create_time: Optional[pulumi.Input[str]] = None, + custom_provider: Optional[pulumi.Input[Union['AuthzPolicyCustomProviderArgs', 'AuthzPolicyCustomProviderArgsDict']]] = None, + description: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + http_rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AuthzPolicyHttpRuleArgs', 'AuthzPolicyHttpRuleArgsDict']]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + target: Optional[pulumi.Input[Union['AuthzPolicyTargetArgs', 'AuthzPolicyTargetArgsDict']]] = None, + update_time: Optional[pulumi.Input[str]] = None) -> 'AuthzPolicy': + """ + Get an existing AuthzPolicy resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] action: When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + :param pulumi.Input[str] create_time: The timestamp when the resource was created. + :param pulumi.Input[Union['AuthzPolicyCustomProviderArgs', 'AuthzPolicyCustomProviderArgsDict']] custom_provider: Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[Sequence[pulumi.Input[Union['AuthzPolicyHttpRuleArgs', 'AuthzPolicyHttpRuleArgsDict']]]] http_rules: A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + :param pulumi.Input[str] location: The location of the resource. + :param pulumi.Input[str] name: Identifier. Name of the AuthzPolicy resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[Union['AuthzPolicyTargetArgs', 'AuthzPolicyTargetArgsDict']] target: Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + :param pulumi.Input[str] update_time: The timestamp when the resource was updated. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _AuthzPolicyState.__new__(_AuthzPolicyState) + + __props__.__dict__["action"] = action + __props__.__dict__["create_time"] = create_time + __props__.__dict__["custom_provider"] = custom_provider + __props__.__dict__["description"] = description + __props__.__dict__["effective_labels"] = effective_labels + __props__.__dict__["http_rules"] = http_rules + __props__.__dict__["labels"] = labels + __props__.__dict__["location"] = location + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + __props__.__dict__["pulumi_labels"] = pulumi_labels + __props__.__dict__["target"] = target + __props__.__dict__["update_time"] = update_time + return AuthzPolicy(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def action(self) -> pulumi.Output[str]: + """ + When the action is CUSTOM, customProvider must be specified. + When the action is ALLOW, only requests matching the policy will be allowed. + When the action is DENY, only requests matching the policy will be denied. + When a request arrives, the policies are evaluated in the following order: + 1. If there is a CUSTOM policy that matches the request, the CUSTOM policy is evaluated using the custom authorization providers and the request is denied if the provider rejects the request. + 2. If there are any DENY policies that match the request, the request is denied. + 3. If there are no ALLOW policies for the resource or if any of the ALLOW policies match the request, the request is allowed. + 4. Else the request is denied by default if none of the configured AuthzPolicies with ALLOW action match the request. + Possible values are: `ALLOW`, `DENY`, `CUSTOM`. + """ + return pulumi.get(self, "action") + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + The timestamp when the resource was created. + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter(name="customProvider") + def custom_provider(self) -> pulumi.Output[Optional['outputs.AuthzPolicyCustomProvider']]: + """ + Required if the action is CUSTOM. Allows delegating authorization decisions to Cloud IAP or to Service Extensions. One + of cloudIap or authzExtension must be specified. + """ + return pulumi.get(self, "custom_provider") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + A human-readable description of the resource. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @property + @pulumi.getter(name="httpRules") + def http_rules(self) -> pulumi.Output[Optional[Sequence['outputs.AuthzPolicyHttpRule']]]: + """ + A list of authorization HTTP rules to match against the incoming request.A policy match occurs when at least one HTTP + rule matches the request or when no HTTP rules are specified in the policy. At least one HTTP Rule is required for Allow + or Deny Action. Limited to 5 rules. + """ + return pulumi.get(self, "http_rules") + + @property + @pulumi.getter + def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Set of labels associated with the AuthzExtension resource. **Note**: This field is non-authoritative, and will only + manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels + present on the resource. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[str]: + """ + The location of the resource. + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Identifier. Name of the AuthzPolicy resource. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @property + @pulumi.getter + def target(self) -> pulumi.Output['outputs.AuthzPolicyTarget']: + """ + Specifies the set of resources to which this policy should be applied to. + Structure is documented below. + """ + return pulumi.get(self, "target") + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> pulumi.Output[str]: + """ + The timestamp when the resource was updated. + """ + return pulumi.get(self, "update_time") + diff --git a/sdk/python/pulumi_gcp/networksecurity/intercept_deployment.py b/sdk/python/pulumi_gcp/networksecurity/intercept_deployment.py new file mode 100644 index 0000000000..df59def1cf --- /dev/null +++ b/sdk/python/pulumi_gcp/networksecurity/intercept_deployment.py @@ -0,0 +1,846 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = ['InterceptDeploymentArgs', 'InterceptDeployment'] + +@pulumi.input_type +class InterceptDeploymentArgs: + def __init__(__self__, *, + forwarding_rule: pulumi.Input[str], + intercept_deployment_group: pulumi.Input[str], + intercept_deployment_id: pulumi.Input[str], + location: pulumi.Input[str], + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + project: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a InterceptDeployment resource. + :param pulumi.Input[str] forwarding_rule: Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + :param pulumi.Input[str] intercept_deployment_group: Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + :param pulumi.Input[str] intercept_deployment_id: Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + pulumi.set(__self__, "forwarding_rule", forwarding_rule) + pulumi.set(__self__, "intercept_deployment_group", intercept_deployment_group) + pulumi.set(__self__, "intercept_deployment_id", intercept_deployment_id) + pulumi.set(__self__, "location", location) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if project is not None: + pulumi.set(__self__, "project", project) + + @property + @pulumi.getter(name="forwardingRule") + def forwarding_rule(self) -> pulumi.Input[str]: + """ + Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + """ + return pulumi.get(self, "forwarding_rule") + + @forwarding_rule.setter + def forwarding_rule(self, value: pulumi.Input[str]): + pulumi.set(self, "forwarding_rule", value) + + @property + @pulumi.getter(name="interceptDeploymentGroup") + def intercept_deployment_group(self) -> pulumi.Input[str]: + """ + Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + """ + return pulumi.get(self, "intercept_deployment_group") + + @intercept_deployment_group.setter + def intercept_deployment_group(self, value: pulumi.Input[str]): + pulumi.set(self, "intercept_deployment_group", value) + + @property + @pulumi.getter(name="interceptDeploymentId") + def intercept_deployment_id(self) -> pulumi.Input[str]: + """ + Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + """ + return pulumi.get(self, "intercept_deployment_id") + + @intercept_deployment_id.setter + def intercept_deployment_id(self, value: pulumi.Input[str]): + pulumi.set(self, "intercept_deployment_id", value) + + @property + @pulumi.getter + def location(self) -> pulumi.Input[str]: + """ + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: pulumi.Input[str]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + +@pulumi.input_type +class _InterceptDeploymentState: + def __init__(__self__, *, + create_time: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + forwarding_rule: Optional[pulumi.Input[str]] = None, + intercept_deployment_group: Optional[pulumi.Input[str]] = None, + intercept_deployment_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + reconciling: Optional[pulumi.Input[bool]] = None, + state: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering InterceptDeployment resources. + :param pulumi.Input[str] create_time: Create time stamp + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[str] forwarding_rule: Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + :param pulumi.Input[str] intercept_deployment_group: Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + :param pulumi.Input[str] intercept_deployment_id: Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + :param pulumi.Input[str] name: Identifier. The name of the InterceptDeployment. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[bool] reconciling: Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + :param pulumi.Input[str] state: Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED + :param pulumi.Input[str] update_time: Update time stamp + """ + if create_time is not None: + pulumi.set(__self__, "create_time", create_time) + if effective_labels is not None: + pulumi.set(__self__, "effective_labels", effective_labels) + if forwarding_rule is not None: + pulumi.set(__self__, "forwarding_rule", forwarding_rule) + if intercept_deployment_group is not None: + pulumi.set(__self__, "intercept_deployment_group", intercept_deployment_group) + if intercept_deployment_id is not None: + pulumi.set(__self__, "intercept_deployment_id", intercept_deployment_id) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if location is not None: + pulumi.set(__self__, "location", location) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + if pulumi_labels is not None: + pulumi.set(__self__, "pulumi_labels", pulumi_labels) + if reconciling is not None: + pulumi.set(__self__, "reconciling", reconciling) + if state is not None: + pulumi.set(__self__, "state", state) + if update_time is not None: + pulumi.set(__self__, "update_time", update_time) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[pulumi.Input[str]]: + """ + Create time stamp + """ + return pulumi.get(self, "create_time") + + @create_time.setter + def create_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "create_time", value) + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @effective_labels.setter + def effective_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "effective_labels", value) + + @property + @pulumi.getter(name="forwardingRule") + def forwarding_rule(self) -> Optional[pulumi.Input[str]]: + """ + Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + """ + return pulumi.get(self, "forwarding_rule") + + @forwarding_rule.setter + def forwarding_rule(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "forwarding_rule", value) + + @property + @pulumi.getter(name="interceptDeploymentGroup") + def intercept_deployment_group(self) -> Optional[pulumi.Input[str]]: + """ + Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + """ + return pulumi.get(self, "intercept_deployment_group") + + @intercept_deployment_group.setter + def intercept_deployment_group(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "intercept_deployment_group", value) + + @property + @pulumi.getter(name="interceptDeploymentId") + def intercept_deployment_id(self) -> Optional[pulumi.Input[str]]: + """ + Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + """ + return pulumi.get(self, "intercept_deployment_id") + + @intercept_deployment_id.setter + def intercept_deployment_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "intercept_deployment_id", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Identifier. The name of the InterceptDeployment. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @pulumi_labels.setter + def pulumi_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "pulumi_labels", value) + + @property + @pulumi.getter + def reconciling(self) -> Optional[pulumi.Input[bool]]: + """ + Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + """ + return pulumi.get(self, "reconciling") + + @reconciling.setter + def reconciling(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "reconciling", value) + + @property + @pulumi.getter + def state(self) -> Optional[pulumi.Input[str]]: + """ + Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED + """ + return pulumi.get(self, "state") + + @state.setter + def state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "state", value) + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> Optional[pulumi.Input[str]]: + """ + Update time stamp + """ + return pulumi.get(self, "update_time") + + @update_time.setter + def update_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "update_time", value) + + +class InterceptDeployment(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + forwarding_rule: Optional[pulumi.Input[str]] = None, + intercept_deployment_group: Optional[pulumi.Input[str]] = None, + intercept_deployment_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ### Network Security Intercept Deployment Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + network = gcp.compute.Network("network", + name="example-network", + auto_create_subnetworks=False) + subnetwork = gcp.compute.Subnetwork("subnetwork", + name="example-subnet", + region="us-central1", + ip_cidr_range="10.1.0.0/16", + network=network.name) + health_check = gcp.compute.RegionHealthCheck("health_check", + name="example-hc", + region="us-central1", + http_health_check={ + "port": 80, + }) + backend_service = gcp.compute.RegionBackendService("backend_service", + name="example-bs", + region="us-central1", + health_checks=health_check.id, + protocol="UDP", + load_balancing_scheme="INTERNAL") + forwarding_rule = gcp.compute.ForwardingRule("forwarding_rule", + name="example-fwr", + region="us-central1", + network=network.name, + subnetwork=subnetwork.name, + backend_service=backend_service.id, + load_balancing_scheme="INTERNAL", + ports=["6081"], + ip_protocol="UDP") + deployment_group = gcp.networksecurity.InterceptDeploymentGroup("deployment_group", + intercept_deployment_group_id="example-dg", + location="global", + network=network.id) + default = gcp.networksecurity.InterceptDeployment("default", + intercept_deployment_id="example-deployment", + location="us-central1-a", + forwarding_rule=forwarding_rule.id, + intercept_deployment_group=deployment_group.id, + labels={ + "foo": "bar", + }) + ``` + + ## Import + + InterceptDeployment can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` + + * `{{project}}/{{location}}/{{intercept_deployment_id}}` + + * `{{location}}/{{intercept_deployment_id}}` + + When using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] forwarding_rule: Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + :param pulumi.Input[str] intercept_deployment_group: Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + :param pulumi.Input[str] intercept_deployment_id: Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: InterceptDeploymentArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ### Network Security Intercept Deployment Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + network = gcp.compute.Network("network", + name="example-network", + auto_create_subnetworks=False) + subnetwork = gcp.compute.Subnetwork("subnetwork", + name="example-subnet", + region="us-central1", + ip_cidr_range="10.1.0.0/16", + network=network.name) + health_check = gcp.compute.RegionHealthCheck("health_check", + name="example-hc", + region="us-central1", + http_health_check={ + "port": 80, + }) + backend_service = gcp.compute.RegionBackendService("backend_service", + name="example-bs", + region="us-central1", + health_checks=health_check.id, + protocol="UDP", + load_balancing_scheme="INTERNAL") + forwarding_rule = gcp.compute.ForwardingRule("forwarding_rule", + name="example-fwr", + region="us-central1", + network=network.name, + subnetwork=subnetwork.name, + backend_service=backend_service.id, + load_balancing_scheme="INTERNAL", + ports=["6081"], + ip_protocol="UDP") + deployment_group = gcp.networksecurity.InterceptDeploymentGroup("deployment_group", + intercept_deployment_group_id="example-dg", + location="global", + network=network.id) + default = gcp.networksecurity.InterceptDeployment("default", + intercept_deployment_id="example-deployment", + location="us-central1-a", + forwarding_rule=forwarding_rule.id, + intercept_deployment_group=deployment_group.id, + labels={ + "foo": "bar", + }) + ``` + + ## Import + + InterceptDeployment can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` + + * `{{project}}/{{location}}/{{intercept_deployment_id}}` + + * `{{location}}/{{intercept_deployment_id}}` + + When using the `pulumi import` command, InterceptDeployment can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{project}}/{{location}}/{{intercept_deployment_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeployment:InterceptDeployment default {{location}}/{{intercept_deployment_id}} + ``` + + :param str resource_name: The name of the resource. + :param InterceptDeploymentArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(InterceptDeploymentArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + forwarding_rule: Optional[pulumi.Input[str]] = None, + intercept_deployment_group: Optional[pulumi.Input[str]] = None, + intercept_deployment_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = InterceptDeploymentArgs.__new__(InterceptDeploymentArgs) + + if forwarding_rule is None and not opts.urn: + raise TypeError("Missing required property 'forwarding_rule'") + __props__.__dict__["forwarding_rule"] = forwarding_rule + if intercept_deployment_group is None and not opts.urn: + raise TypeError("Missing required property 'intercept_deployment_group'") + __props__.__dict__["intercept_deployment_group"] = intercept_deployment_group + if intercept_deployment_id is None and not opts.urn: + raise TypeError("Missing required property 'intercept_deployment_id'") + __props__.__dict__["intercept_deployment_id"] = intercept_deployment_id + __props__.__dict__["labels"] = labels + if location is None and not opts.urn: + raise TypeError("Missing required property 'location'") + __props__.__dict__["location"] = location + __props__.__dict__["project"] = project + __props__.__dict__["create_time"] = None + __props__.__dict__["effective_labels"] = None + __props__.__dict__["name"] = None + __props__.__dict__["pulumi_labels"] = None + __props__.__dict__["reconciling"] = None + __props__.__dict__["state"] = None + __props__.__dict__["update_time"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["effectiveLabels", "pulumiLabels"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(InterceptDeployment, __self__).__init__( + 'gcp:networksecurity/interceptDeployment:InterceptDeployment', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + create_time: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + forwarding_rule: Optional[pulumi.Input[str]] = None, + intercept_deployment_group: Optional[pulumi.Input[str]] = None, + intercept_deployment_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + reconciling: Optional[pulumi.Input[bool]] = None, + state: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None) -> 'InterceptDeployment': + """ + Get an existing InterceptDeployment resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] create_time: Create time stamp + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[str] forwarding_rule: Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + :param pulumi.Input[str] intercept_deployment_group: Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + :param pulumi.Input[str] intercept_deployment_id: Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + :param pulumi.Input[str] name: Identifier. The name of the InterceptDeployment. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[bool] reconciling: Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + :param pulumi.Input[str] state: Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED + :param pulumi.Input[str] update_time: Update time stamp + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _InterceptDeploymentState.__new__(_InterceptDeploymentState) + + __props__.__dict__["create_time"] = create_time + __props__.__dict__["effective_labels"] = effective_labels + __props__.__dict__["forwarding_rule"] = forwarding_rule + __props__.__dict__["intercept_deployment_group"] = intercept_deployment_group + __props__.__dict__["intercept_deployment_id"] = intercept_deployment_id + __props__.__dict__["labels"] = labels + __props__.__dict__["location"] = location + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + __props__.__dict__["pulumi_labels"] = pulumi_labels + __props__.__dict__["reconciling"] = reconciling + __props__.__dict__["state"] = state + __props__.__dict__["update_time"] = update_time + return InterceptDeployment(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + Create time stamp + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @property + @pulumi.getter(name="forwardingRule") + def forwarding_rule(self) -> pulumi.Output[str]: + """ + Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + """ + return pulumi.get(self, "forwarding_rule") + + @property + @pulumi.getter(name="interceptDeploymentGroup") + def intercept_deployment_group(self) -> pulumi.Output[str]: + """ + Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + """ + return pulumi.get(self, "intercept_deployment_group") + + @property + @pulumi.getter(name="interceptDeploymentId") + def intercept_deployment_id(self) -> pulumi.Output[str]: + """ + Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + + - - - + """ + return pulumi.get(self, "intercept_deployment_id") + + @property + @pulumi.getter + def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[str]: + """ + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Identifier. The name of the InterceptDeployment. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @property + @pulumi.getter + def reconciling(self) -> pulumi.Output[bool]: + """ + Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + """ + return pulumi.get(self, "reconciling") + + @property + @pulumi.getter + def state(self) -> pulumi.Output[str]: + """ + Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED + """ + return pulumi.get(self, "state") + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> pulumi.Output[str]: + """ + Update time stamp + """ + return pulumi.get(self, "update_time") + diff --git a/sdk/python/pulumi_gcp/networksecurity/intercept_deployment_group.py b/sdk/python/pulumi_gcp/networksecurity/intercept_deployment_group.py new file mode 100644 index 0000000000..b169e723df --- /dev/null +++ b/sdk/python/pulumi_gcp/networksecurity/intercept_deployment_group.py @@ -0,0 +1,752 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['InterceptDeploymentGroupArgs', 'InterceptDeploymentGroup'] + +@pulumi.input_type +class InterceptDeploymentGroupArgs: + def __init__(__self__, *, + intercept_deployment_group_id: pulumi.Input[str], + location: pulumi.Input[str], + network: pulumi.Input[str], + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + project: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a InterceptDeploymentGroup resource. + :param pulumi.Input[str] intercept_deployment_group_id: Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + :param pulumi.Input[str] network: Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + pulumi.set(__self__, "intercept_deployment_group_id", intercept_deployment_group_id) + pulumi.set(__self__, "location", location) + pulumi.set(__self__, "network", network) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if project is not None: + pulumi.set(__self__, "project", project) + + @property + @pulumi.getter(name="interceptDeploymentGroupId") + def intercept_deployment_group_id(self) -> pulumi.Input[str]: + """ + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + """ + return pulumi.get(self, "intercept_deployment_group_id") + + @intercept_deployment_group_id.setter + def intercept_deployment_group_id(self, value: pulumi.Input[str]): + pulumi.set(self, "intercept_deployment_group_id", value) + + @property + @pulumi.getter + def location(self) -> pulumi.Input[str]: + """ + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: pulumi.Input[str]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def network(self) -> pulumi.Input[str]: + """ + Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + """ + return pulumi.get(self, "network") + + @network.setter + def network(self, value: pulumi.Input[str]): + pulumi.set(self, "network", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + +@pulumi.input_type +class _InterceptDeploymentGroupState: + def __init__(__self__, *, + connected_endpoint_groups: Optional[pulumi.Input[Sequence[pulumi.Input['InterceptDeploymentGroupConnectedEndpointGroupArgs']]]] = None, + create_time: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + intercept_deployment_group_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + network: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + reconciling: Optional[pulumi.Input[bool]] = None, + state: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering InterceptDeploymentGroup resources. + :param pulumi.Input[Sequence[pulumi.Input['InterceptDeploymentGroupConnectedEndpointGroupArgs']]] connected_endpoint_groups: Output only. The list of Intercept Endpoint Groups that are connected to this resource. + Structure is documented below. + :param pulumi.Input[str] create_time: Output only. [Output only] Create time stamp + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[str] intercept_deployment_group_id: Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + :param pulumi.Input[str] name: (Output) + Output only. A connected intercept endpoint group. + :param pulumi.Input[str] network: Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[bool] reconciling: Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + :param pulumi.Input[str] state: Output only. Current state of the deployment group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + :param pulumi.Input[str] update_time: Output only. [Output only] Update time stamp + """ + if connected_endpoint_groups is not None: + pulumi.set(__self__, "connected_endpoint_groups", connected_endpoint_groups) + if create_time is not None: + pulumi.set(__self__, "create_time", create_time) + if effective_labels is not None: + pulumi.set(__self__, "effective_labels", effective_labels) + if intercept_deployment_group_id is not None: + pulumi.set(__self__, "intercept_deployment_group_id", intercept_deployment_group_id) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if location is not None: + pulumi.set(__self__, "location", location) + if name is not None: + pulumi.set(__self__, "name", name) + if network is not None: + pulumi.set(__self__, "network", network) + if project is not None: + pulumi.set(__self__, "project", project) + if pulumi_labels is not None: + pulumi.set(__self__, "pulumi_labels", pulumi_labels) + if reconciling is not None: + pulumi.set(__self__, "reconciling", reconciling) + if state is not None: + pulumi.set(__self__, "state", state) + if update_time is not None: + pulumi.set(__self__, "update_time", update_time) + + @property + @pulumi.getter(name="connectedEndpointGroups") + def connected_endpoint_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['InterceptDeploymentGroupConnectedEndpointGroupArgs']]]]: + """ + Output only. The list of Intercept Endpoint Groups that are connected to this resource. + Structure is documented below. + """ + return pulumi.get(self, "connected_endpoint_groups") + + @connected_endpoint_groups.setter + def connected_endpoint_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['InterceptDeploymentGroupConnectedEndpointGroupArgs']]]]): + pulumi.set(self, "connected_endpoint_groups", value) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[pulumi.Input[str]]: + """ + Output only. [Output only] Create time stamp + """ + return pulumi.get(self, "create_time") + + @create_time.setter + def create_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "create_time", value) + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @effective_labels.setter + def effective_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "effective_labels", value) + + @property + @pulumi.getter(name="interceptDeploymentGroupId") + def intercept_deployment_group_id(self) -> Optional[pulumi.Input[str]]: + """ + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + """ + return pulumi.get(self, "intercept_deployment_group_id") + + @intercept_deployment_group_id.setter + def intercept_deployment_group_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "intercept_deployment_group_id", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + (Output) + Output only. A connected intercept endpoint group. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def network(self) -> Optional[pulumi.Input[str]]: + """ + Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + """ + return pulumi.get(self, "network") + + @network.setter + def network(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "network", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @pulumi_labels.setter + def pulumi_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "pulumi_labels", value) + + @property + @pulumi.getter + def reconciling(self) -> Optional[pulumi.Input[bool]]: + """ + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + """ + return pulumi.get(self, "reconciling") + + @reconciling.setter + def reconciling(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "reconciling", value) + + @property + @pulumi.getter + def state(self) -> Optional[pulumi.Input[str]]: + """ + Output only. Current state of the deployment group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + """ + return pulumi.get(self, "state") + + @state.setter + def state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "state", value) + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> Optional[pulumi.Input[str]]: + """ + Output only. [Output only] Update time stamp + """ + return pulumi.get(self, "update_time") + + @update_time.setter + def update_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "update_time", value) + + +class InterceptDeploymentGroup(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + intercept_deployment_group_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + network: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + ## Example Usage + + ### Network Security Intercept Deployment Group Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + network = gcp.compute.Network("network", + name="example-network", + auto_create_subnetworks=False) + default = gcp.networksecurity.InterceptDeploymentGroup("default", + intercept_deployment_group_id="example-dg", + location="global", + network=network.id, + labels={ + "foo": "bar", + }) + ``` + + ## Import + + InterceptDeploymentGroup can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}` + + * `{{project}}/{{location}}/{{intercept_deployment_group_id}}` + + * `{{location}}/{{intercept_deployment_group_id}}` + + When using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] intercept_deployment_group_id: Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + :param pulumi.Input[str] network: Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: InterceptDeploymentGroupArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + ## Example Usage + + ### Network Security Intercept Deployment Group Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + network = gcp.compute.Network("network", + name="example-network", + auto_create_subnetworks=False) + default = gcp.networksecurity.InterceptDeploymentGroup("default", + intercept_deployment_group_id="example-dg", + location="global", + network=network.id, + labels={ + "foo": "bar", + }) + ``` + + ## Import + + InterceptDeploymentGroup can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}` + + * `{{project}}/{{location}}/{{intercept_deployment_group_id}}` + + * `{{location}}/{{intercept_deployment_group_id}}` + + When using the `pulumi import` command, InterceptDeploymentGroup can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{project}}/{{location}}/{{intercept_deployment_group_id}} + ``` + + ```sh + $ pulumi import gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup default {{location}}/{{intercept_deployment_group_id}} + ``` + + :param str resource_name: The name of the resource. + :param InterceptDeploymentGroupArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(InterceptDeploymentGroupArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + intercept_deployment_group_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + network: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = InterceptDeploymentGroupArgs.__new__(InterceptDeploymentGroupArgs) + + if intercept_deployment_group_id is None and not opts.urn: + raise TypeError("Missing required property 'intercept_deployment_group_id'") + __props__.__dict__["intercept_deployment_group_id"] = intercept_deployment_group_id + __props__.__dict__["labels"] = labels + if location is None and not opts.urn: + raise TypeError("Missing required property 'location'") + __props__.__dict__["location"] = location + if network is None and not opts.urn: + raise TypeError("Missing required property 'network'") + __props__.__dict__["network"] = network + __props__.__dict__["project"] = project + __props__.__dict__["connected_endpoint_groups"] = None + __props__.__dict__["create_time"] = None + __props__.__dict__["effective_labels"] = None + __props__.__dict__["name"] = None + __props__.__dict__["pulumi_labels"] = None + __props__.__dict__["reconciling"] = None + __props__.__dict__["state"] = None + __props__.__dict__["update_time"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["effectiveLabels", "pulumiLabels"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(InterceptDeploymentGroup, __self__).__init__( + 'gcp:networksecurity/interceptDeploymentGroup:InterceptDeploymentGroup', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + connected_endpoint_groups: Optional[pulumi.Input[Sequence[pulumi.Input[Union['InterceptDeploymentGroupConnectedEndpointGroupArgs', 'InterceptDeploymentGroupConnectedEndpointGroupArgsDict']]]]] = None, + create_time: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + intercept_deployment_group_id: Optional[pulumi.Input[str]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + location: Optional[pulumi.Input[str]] = None, + name: Optional[pulumi.Input[str]] = None, + network: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + reconciling: Optional[pulumi.Input[bool]] = None, + state: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None) -> 'InterceptDeploymentGroup': + """ + Get an existing InterceptDeploymentGroup resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[Union['InterceptDeploymentGroupConnectedEndpointGroupArgs', 'InterceptDeploymentGroupConnectedEndpointGroupArgsDict']]]] connected_endpoint_groups: Output only. The list of Intercept Endpoint Groups that are connected to this resource. + Structure is documented below. + :param pulumi.Input[str] create_time: Output only. [Output only] Create time stamp + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[str] intercept_deployment_group_id: Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + :param pulumi.Input[str] name: (Output) + Output only. A connected intercept endpoint group. + :param pulumi.Input[str] network: Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[bool] reconciling: Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + :param pulumi.Input[str] state: Output only. Current state of the deployment group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + :param pulumi.Input[str] update_time: Output only. [Output only] Update time stamp + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _InterceptDeploymentGroupState.__new__(_InterceptDeploymentGroupState) + + __props__.__dict__["connected_endpoint_groups"] = connected_endpoint_groups + __props__.__dict__["create_time"] = create_time + __props__.__dict__["effective_labels"] = effective_labels + __props__.__dict__["intercept_deployment_group_id"] = intercept_deployment_group_id + __props__.__dict__["labels"] = labels + __props__.__dict__["location"] = location + __props__.__dict__["name"] = name + __props__.__dict__["network"] = network + __props__.__dict__["project"] = project + __props__.__dict__["pulumi_labels"] = pulumi_labels + __props__.__dict__["reconciling"] = reconciling + __props__.__dict__["state"] = state + __props__.__dict__["update_time"] = update_time + return InterceptDeploymentGroup(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="connectedEndpointGroups") + def connected_endpoint_groups(self) -> pulumi.Output[Sequence['outputs.InterceptDeploymentGroupConnectedEndpointGroup']]: + """ + Output only. The list of Intercept Endpoint Groups that are connected to this resource. + Structure is documented below. + """ + return pulumi.get(self, "connected_endpoint_groups") + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + Output only. [Output only] Create time stamp + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @property + @pulumi.getter(name="interceptDeploymentGroupId") + def intercept_deployment_group_id(self) -> pulumi.Output[str]: + """ + Required. Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_group_id from the method_signature of Create RPC + + + - - - + """ + return pulumi.get(self, "intercept_deployment_group_id") + + @property + @pulumi.getter + def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[str]: + """ + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`. + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + (Output) + Output only. A connected intercept endpoint group. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def network(self) -> pulumi.Output[str]: + """ + Required. Immutable. The network that is being used for the deployment. Format is: + projects/{project}/global/networks/{network}. + """ + return pulumi.get(self, "network") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @property + @pulumi.getter + def reconciling(self) -> pulumi.Output[bool]: + """ + Output only. Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + """ + return pulumi.get(self, "reconciling") + + @property + @pulumi.getter + def state(self) -> pulumi.Output[str]: + """ + Output only. Current state of the deployment group. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + """ + return pulumi.get(self, "state") + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> pulumi.Output[str]: + """ + Output only. [Output only] Update time stamp + """ + return pulumi.get(self, "update_time") + diff --git a/sdk/python/pulumi_gcp/networksecurity/outputs.py b/sdk/python/pulumi_gcp/networksecurity/outputs.py index 03488fb78c..08b9a2af53 100644 --- a/sdk/python/pulumi_gcp/networksecurity/outputs.py +++ b/sdk/python/pulumi_gcp/networksecurity/outputs.py @@ -22,12 +22,36 @@ 'AuthorizationPolicyRuleDestination', 'AuthorizationPolicyRuleDestinationHttpHeaderMatch', 'AuthorizationPolicyRuleSource', + 'AuthzPolicyCustomProvider', + 'AuthzPolicyCustomProviderAuthzExtension', + 'AuthzPolicyCustomProviderCloudIap', + 'AuthzPolicyHttpRule', + 'AuthzPolicyHttpRuleFrom', + 'AuthzPolicyHttpRuleFromNotSource', + 'AuthzPolicyHttpRuleFromNotSourcePrincipal', + 'AuthzPolicyHttpRuleFromNotSourceResource', + 'AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount', + 'AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet', + 'AuthzPolicyHttpRuleFromSource', + 'AuthzPolicyHttpRuleFromSourcePrincipal', + 'AuthzPolicyHttpRuleFromSourceResource', + 'AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount', + 'AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet', + 'AuthzPolicyHttpRuleTo', + 'AuthzPolicyHttpRuleToOperation', + 'AuthzPolicyHttpRuleToOperationHeaderSet', + 'AuthzPolicyHttpRuleToOperationHeaderSetHeader', + 'AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue', + 'AuthzPolicyHttpRuleToOperationHost', + 'AuthzPolicyHttpRuleToOperationPath', + 'AuthzPolicyTarget', 'ClientTlsPolicyClientCertificate', 'ClientTlsPolicyClientCertificateCertificateProviderInstance', 'ClientTlsPolicyClientCertificateGrpcEndpoint', 'ClientTlsPolicyServerValidationCa', 'ClientTlsPolicyServerValidationCaCertificateProviderInstance', 'ClientTlsPolicyServerValidationCaGrpcEndpoint', + 'InterceptDeploymentGroupConnectedEndpointGroup', 'MirroringDeploymentGroupConnectedEndpointGroup', 'MirroringEndpointGroupAssociationLocationsDetail', 'SecurityProfileThreatPreventionProfile', @@ -308,6 +332,1354 @@ def principals(self) -> Optional[Sequence[str]]: return pulumi.get(self, "principals") +@pulumi.output_type +class AuthzPolicyCustomProvider(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "authzExtension": + suggest = "authz_extension" + elif key == "cloudIap": + suggest = "cloud_iap" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyCustomProvider. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyCustomProvider.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyCustomProvider.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + authz_extension: Optional['outputs.AuthzPolicyCustomProviderAuthzExtension'] = None, + cloud_iap: Optional['outputs.AuthzPolicyCustomProviderCloudIap'] = None): + """ + :param 'AuthzPolicyCustomProviderAuthzExtensionArgs' authz_extension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + Structure is documented below. + :param 'AuthzPolicyCustomProviderCloudIapArgs' cloud_iap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + Structure is documented below. + """ + if authz_extension is not None: + pulumi.set(__self__, "authz_extension", authz_extension) + if cloud_iap is not None: + pulumi.set(__self__, "cloud_iap", cloud_iap) + + @property + @pulumi.getter(name="authzExtension") + def authz_extension(self) -> Optional['outputs.AuthzPolicyCustomProviderAuthzExtension']: + """ + Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified. + Structure is documented below. + """ + return pulumi.get(self, "authz_extension") + + @property + @pulumi.getter(name="cloudIap") + def cloud_iap(self) -> Optional['outputs.AuthzPolicyCustomProviderCloudIap']: + """ + Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places. + Structure is documented below. + """ + return pulumi.get(self, "cloud_iap") + + +@pulumi.output_type +class AuthzPolicyCustomProviderAuthzExtension(dict): + def __init__(__self__, *, + resources: Sequence[str]): + """ + :param Sequence[str] resources: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + """ + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def resources(self) -> Sequence[str]: + """ + A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider. + """ + return pulumi.get(self, "resources") + + +@pulumi.output_type +class AuthzPolicyCustomProviderCloudIap(dict): + def __init__(__self__, *, + enabled: bool): + """ + :param bool enabled: Enable Cloud IAP at the AuthzPolicy level. + """ + pulumi.set(__self__, "enabled", enabled) + + @property + @pulumi.getter + def enabled(self) -> bool: + """ + Enable Cloud IAP at the AuthzPolicy level. + """ + return pulumi.get(self, "enabled") + + +@pulumi.output_type +class AuthzPolicyHttpRule(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "from": + suggest = "from_" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRule. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRule.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRule.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + from_: Optional['outputs.AuthzPolicyHttpRuleFrom'] = None, + to: Optional['outputs.AuthzPolicyHttpRuleTo'] = None, + when: Optional[str] = None): + """ + :param 'AuthzPolicyHttpRuleFromArgs' from_: Describes properties of one or more sources of a request. + Structure is documented below. + :param 'AuthzPolicyHttpRuleToArgs' to: Describes properties of one or more targets of a request + Structure is documented below. + :param str when: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + """ + if from_ is not None: + pulumi.set(__self__, "from_", from_) + if to is not None: + pulumi.set(__self__, "to", to) + if when is not None: + pulumi.set(__self__, "when", when) + + @property + @pulumi.getter(name="from") + def from_(self) -> Optional['outputs.AuthzPolicyHttpRuleFrom']: + """ + Describes properties of one or more sources of a request. + Structure is documented below. + """ + return pulumi.get(self, "from_") + + @property + @pulumi.getter + def to(self) -> Optional['outputs.AuthzPolicyHttpRuleTo']: + """ + Describes properties of one or more targets of a request + Structure is documented below. + """ + return pulumi.get(self, "to") + + @property + @pulumi.getter + def when(self) -> Optional[str]: + """ + CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes. + """ + return pulumi.get(self, "when") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFrom(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "notSources": + suggest = "not_sources" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFrom. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFrom.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFrom.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + not_sources: Optional[Sequence['outputs.AuthzPolicyHttpRuleFromNotSource']] = None, + sources: Optional[Sequence['outputs.AuthzPolicyHttpRuleFromSource']] = None): + """ + :param Sequence['AuthzPolicyHttpRuleFromNotSourceArgs'] not_sources: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + :param Sequence['AuthzPolicyHttpRuleFromSourceArgs'] sources: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + if not_sources is not None: + pulumi.set(__self__, "not_sources", not_sources) + if sources is not None: + pulumi.set(__self__, "sources", sources) + + @property + @pulumi.getter(name="notSources") + def not_sources(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleFromNotSource']]: + """ + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + return pulumi.get(self, "not_sources") + + @property + @pulumi.getter + def sources(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleFromSource']]: + """ + Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match. + Structure is documented below. + """ + return pulumi.get(self, "sources") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromNotSource(dict): + def __init__(__self__, *, + principals: Optional[Sequence['outputs.AuthzPolicyHttpRuleFromNotSourcePrincipal']] = None, + resources: Optional[Sequence['outputs.AuthzPolicyHttpRuleFromNotSourceResource']] = None): + """ + :param Sequence['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs'] principals: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + :param Sequence['AuthzPolicyHttpRuleFromNotSourceResourceArgs'] resources: A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + if principals is not None: + pulumi.set(__self__, "principals", principals) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def principals(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleFromNotSourcePrincipal']]: + """ + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + """ + return pulumi.get(self, "principals") + + @property + @pulumi.getter + def resources(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleFromNotSourceResource']]: + """ + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + return pulumi.get(self, "resources") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromNotSourcePrincipal(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFromNotSourcePrincipal. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFromNotSourcePrincipal.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFromNotSourcePrincipal.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromNotSourceResource(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "iamServiceAccount": + suggest = "iam_service_account" + elif key == "tagValueIdSet": + suggest = "tag_value_id_set" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFromNotSourceResource. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFromNotSourceResource.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFromNotSourceResource.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + iam_service_account: Optional['outputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount'] = None, + tag_value_id_set: Optional['outputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet'] = None): + """ + :param 'AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs' iam_service_account: An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + :param 'AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs' tag_value_id_set: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + if iam_service_account is not None: + pulumi.set(__self__, "iam_service_account", iam_service_account) + if tag_value_id_set is not None: + pulumi.set(__self__, "tag_value_id_set", tag_value_id_set) + + @property + @pulumi.getter(name="iamServiceAccount") + def iam_service_account(self) -> Optional['outputs.AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount']: + """ + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + """ + return pulumi.get(self, "iam_service_account") + + @property + @pulumi.getter(name="tagValueIdSet") + def tag_value_id_set(self) -> Optional['outputs.AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet']: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + return pulumi.get(self, "tag_value_id_set") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccount.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSet(dict): + def __init__(__self__, *, + ids: Optional[Sequence[str]] = None): + """ + :param Sequence[str] ids: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + if ids is not None: + pulumi.set(__self__, "ids", ids) + + @property + @pulumi.getter + def ids(self) -> Optional[Sequence[str]]: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + return pulumi.get(self, "ids") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromSource(dict): + def __init__(__self__, *, + principals: Optional[Sequence['outputs.AuthzPolicyHttpRuleFromSourcePrincipal']] = None, + resources: Optional[Sequence['outputs.AuthzPolicyHttpRuleFromSourceResource']] = None): + """ + :param Sequence['AuthzPolicyHttpRuleFromSourcePrincipalArgs'] principals: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + :param Sequence['AuthzPolicyHttpRuleFromSourceResourceArgs'] resources: A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + if principals is not None: + pulumi.set(__self__, "principals", principals) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter + def principals(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleFromSourcePrincipal']]: + """ + A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified. + Limited to 5 principals. + Structure is documented below. + """ + return pulumi.get(self, "principals") + + @property + @pulumi.getter + def resources(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleFromSourceResource']]: + """ + A list of resources to match against the resource of the source VM of a request. + Limited to 5 resources. + Structure is documented below. + """ + return pulumi.get(self, "resources") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromSourcePrincipal(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFromSourcePrincipal. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFromSourcePrincipal.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFromSourcePrincipal.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromSourceResource(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "iamServiceAccount": + suggest = "iam_service_account" + elif key == "tagValueIdSet": + suggest = "tag_value_id_set" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFromSourceResource. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFromSourceResource.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFromSourceResource.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + iam_service_account: Optional['outputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount'] = None, + tag_value_id_set: Optional['outputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet'] = None): + """ + :param 'AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs' iam_service_account: An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + :param 'AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs' tag_value_id_set: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + if iam_service_account is not None: + pulumi.set(__self__, "iam_service_account", iam_service_account) + if tag_value_id_set is not None: + pulumi.set(__self__, "tag_value_id_set", tag_value_id_set) + + @property + @pulumi.getter(name="iamServiceAccount") + def iam_service_account(self) -> Optional['outputs.AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount']: + """ + An IAM service account to match against the source service account of the VM sending the request. + Structure is documented below. + """ + return pulumi.get(self, "iam_service_account") + + @property + @pulumi.getter(name="tagValueIdSet") + def tag_value_id_set(self) -> Optional['outputs.AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet']: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. + Structure is documented below. + """ + return pulumi.get(self, "tag_value_id_set") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleFromSourceResourceIamServiceAccount.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSet(dict): + def __init__(__self__, *, + ids: Optional[Sequence[str]] = None): + """ + :param Sequence[str] ids: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + if ids is not None: + pulumi.set(__self__, "ids", ids) + + @property + @pulumi.getter + def ids(self) -> Optional[Sequence[str]]: + """ + A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match. + Limited to 5 matches. + """ + return pulumi.get(self, "ids") + + +@pulumi.output_type +class AuthzPolicyHttpRuleTo(dict): + def __init__(__self__, *, + operations: Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperation']] = None): + """ + :param Sequence['AuthzPolicyHttpRuleToOperationArgs'] operations: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + Structure is documented below. + """ + if operations is not None: + pulumi.set(__self__, "operations", operations) + + @property + @pulumi.getter + def operations(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperation']]: + """ + Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches. + Structure is documented below. + """ + return pulumi.get(self, "operations") + + +@pulumi.output_type +class AuthzPolicyHttpRuleToOperation(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "headerSet": + suggest = "header_set" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleToOperation. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleToOperation.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleToOperation.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + header_set: Optional['outputs.AuthzPolicyHttpRuleToOperationHeaderSet'] = None, + hosts: Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperationHost']] = None, + methods: Optional[Sequence[str]] = None, + paths: Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperationPath']] = None): + """ + :param 'AuthzPolicyHttpRuleToOperationHeaderSetArgs' header_set: A list of headers to match against in http header. + Structure is documented below. + :param Sequence['AuthzPolicyHttpRuleToOperationHostArgs'] hosts: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Structure is documented below. + :param Sequence[str] methods: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + :param Sequence['AuthzPolicyHttpRuleToOperationPathArgs'] paths: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + Structure is documented below. + """ + if header_set is not None: + pulumi.set(__self__, "header_set", header_set) + if hosts is not None: + pulumi.set(__self__, "hosts", hosts) + if methods is not None: + pulumi.set(__self__, "methods", methods) + if paths is not None: + pulumi.set(__self__, "paths", paths) + + @property + @pulumi.getter(name="headerSet") + def header_set(self) -> Optional['outputs.AuthzPolicyHttpRuleToOperationHeaderSet']: + """ + A list of headers to match against in http header. + Structure is documented below. + """ + return pulumi.get(self, "header_set") + + @property + @pulumi.getter + def hosts(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperationHost']]: + """ + A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Structure is documented below. + """ + return pulumi.get(self, "hosts") + + @property + @pulumi.getter + def methods(self) -> Optional[Sequence[str]]: + """ + A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive. + """ + return pulumi.get(self, "methods") + + @property + @pulumi.getter + def paths(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperationPath']]: + """ + A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set. + Limited to 5 matches. + Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method. + Structure is documented below. + """ + return pulumi.get(self, "paths") + + +@pulumi.output_type +class AuthzPolicyHttpRuleToOperationHeaderSet(dict): + def __init__(__self__, *, + headers: Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeader']] = None): + """ + :param Sequence['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs'] headers: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + Structure is documented below. + """ + if headers is not None: + pulumi.set(__self__, "headers", headers) + + @property + @pulumi.getter + def headers(self) -> Optional[Sequence['outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeader']]: + """ + A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches. + Structure is documented below. + """ + return pulumi.get(self, "headers") + + +@pulumi.output_type +class AuthzPolicyHttpRuleToOperationHeaderSetHeader(dict): + def __init__(__self__, *, + name: Optional[str] = None, + value: Optional['outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue'] = None): + """ + :param str name: Specifies the name of the header in the request. + :param 'AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs' value: Specifies how the header match will be performed. + Structure is documented below. + """ + if name is not None: + pulumi.set(__self__, "name", name) + if value is not None: + pulumi.set(__self__, "value", value) + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + Specifies the name of the header in the request. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def value(self) -> Optional['outputs.AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue']: + """ + Specifies how the header match will be performed. + Structure is documented below. + """ + return pulumi.get(self, "value") + + +@pulumi.output_type +class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleToOperationHeaderSetHeaderValue.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyHttpRuleToOperationHost(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleToOperationHost. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleToOperationHost.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleToOperationHost.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyHttpRuleToOperationPath(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "ignoreCase": + suggest = "ignore_case" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyHttpRuleToOperationPath. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyHttpRuleToOperationPath.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyHttpRuleToOperationPath.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + contains: Optional[str] = None, + exact: Optional[str] = None, + ignore_case: Optional[bool] = None, + prefix: Optional[str] = None, + suffix: Optional[str] = None): + """ + :param str contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + :param str exact: The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + :param bool ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + :param str prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + :param str suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + if contains is not None: + pulumi.set(__self__, "contains", contains) + if exact is not None: + pulumi.set(__self__, "exact", exact) + if ignore_case is not None: + pulumi.set(__self__, "ignore_case", ignore_case) + if prefix is not None: + pulumi.set(__self__, "prefix", prefix) + if suffix is not None: + pulumi.set(__self__, "suffix", suffix) + + @property + @pulumi.getter + def contains(self) -> Optional[str]: + """ + The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc.def + """ + return pulumi.get(self, "contains") + + @property + @pulumi.getter + def exact(self) -> Optional[str]: + """ + The input string must match exactly the string specified here. + Examples: + * abc only matches the value abc. + """ + return pulumi.get(self, "exact") + + @property + @pulumi.getter(name="ignoreCase") + def ignore_case(self) -> Optional[bool]: + """ + If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true. + """ + return pulumi.get(self, "ignore_case") + + @property + @pulumi.getter + def prefix(self) -> Optional[str]: + """ + The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value abc.xyz + """ + return pulumi.get(self, "prefix") + + @property + @pulumi.getter + def suffix(self) -> Optional[str]: + """ + The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead. + Examples: + * abc matches the value xyz.abc + """ + return pulumi.get(self, "suffix") + + +@pulumi.output_type +class AuthzPolicyTarget(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "loadBalancingScheme": + suggest = "load_balancing_scheme" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in AuthzPolicyTarget. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + AuthzPolicyTarget.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + AuthzPolicyTarget.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + load_balancing_scheme: str, + resources: Optional[Sequence[str]] = None): + """ + :param str load_balancing_scheme: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + :param Sequence[str] resources: A list of references to the Forwarding Rules on which this policy will be applied. + + - - - + """ + pulumi.set(__self__, "load_balancing_scheme", load_balancing_scheme) + if resources is not None: + pulumi.set(__self__, "resources", resources) + + @property + @pulumi.getter(name="loadBalancingScheme") + def load_balancing_scheme(self) -> str: + """ + All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`. + """ + return pulumi.get(self, "load_balancing_scheme") + + @property + @pulumi.getter + def resources(self) -> Optional[Sequence[str]]: + """ + A list of references to the Forwarding Rules on which this policy will be applied. + + - - - + """ + return pulumi.get(self, "resources") + + @pulumi.output_type class ClientTlsPolicyClientCertificate(dict): @staticmethod @@ -556,6 +1928,27 @@ def target_uri(self) -> str: return pulumi.get(self, "target_uri") +@pulumi.output_type +class InterceptDeploymentGroupConnectedEndpointGroup(dict): + def __init__(__self__, *, + name: Optional[str] = None): + """ + :param str name: (Output) + Output only. A connected intercept endpoint group. + """ + if name is not None: + pulumi.set(__self__, "name", name) + + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + (Output) + Output only. A connected intercept endpoint group. + """ + return pulumi.get(self, "name") + + @pulumi.output_type class MirroringDeploymentGroupConnectedEndpointGroup(dict): def __init__(__self__, *, diff --git a/sdk/python/pulumi_gcp/networkservices/__init__.py b/sdk/python/pulumi_gcp/networkservices/__init__.py index 8de4daaca5..d2eab472ee 100644 --- a/sdk/python/pulumi_gcp/networkservices/__init__.py +++ b/sdk/python/pulumi_gcp/networkservices/__init__.py @@ -5,6 +5,7 @@ from .. import _utilities import typing # Export this package's modules as members: +from .authz_extension import * from .edge_cache_keyset import * from .edge_cache_origin import * from .edge_cache_service import * diff --git a/sdk/python/pulumi_gcp/networkservices/authz_extension.py b/sdk/python/pulumi_gcp/networkservices/authz_extension.py new file mode 100644 index 0000000000..fb3dd15d4b --- /dev/null +++ b/sdk/python/pulumi_gcp/networkservices/authz_extension.py @@ -0,0 +1,1080 @@ +# coding=utf-8 +# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities + +__all__ = ['AuthzExtensionArgs', 'AuthzExtension'] + +@pulumi.input_type +class AuthzExtensionArgs: + def __init__(__self__, *, + authority: pulumi.Input[str], + load_balancing_scheme: pulumi.Input[str], + location: pulumi.Input[str], + service: pulumi.Input[str], + timeout: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + fail_open: Optional[pulumi.Input[bool]] = None, + forward_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + wire_format: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a AuthzExtension resource. + :param pulumi.Input[str] authority: The :authority header in the gRPC request sent from Envoy to the extension service. + :param pulumi.Input[str] load_balancing_scheme: All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + :param pulumi.Input[str] location: The location of the resource. + + + - - - + :param pulumi.Input[str] service: The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + :param pulumi.Input[str] timeout: Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[bool] fail_open: Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + :param pulumi.Input[Sequence[pulumi.Input[str]]] forward_headers: List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] metadata: The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + :param pulumi.Input[str] name: Identifier. Name of the AuthzExtension resource. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[str] wire_format: The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + pulumi.set(__self__, "authority", authority) + pulumi.set(__self__, "load_balancing_scheme", load_balancing_scheme) + pulumi.set(__self__, "location", location) + pulumi.set(__self__, "service", service) + pulumi.set(__self__, "timeout", timeout) + if description is not None: + pulumi.set(__self__, "description", description) + if fail_open is not None: + pulumi.set(__self__, "fail_open", fail_open) + if forward_headers is not None: + pulumi.set(__self__, "forward_headers", forward_headers) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + if wire_format is not None: + pulumi.set(__self__, "wire_format", wire_format) + + @property + @pulumi.getter + def authority(self) -> pulumi.Input[str]: + """ + The :authority header in the gRPC request sent from Envoy to the extension service. + """ + return pulumi.get(self, "authority") + + @authority.setter + def authority(self, value: pulumi.Input[str]): + pulumi.set(self, "authority", value) + + @property + @pulumi.getter(name="loadBalancingScheme") + def load_balancing_scheme(self) -> pulumi.Input[str]: + """ + All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + """ + return pulumi.get(self, "load_balancing_scheme") + + @load_balancing_scheme.setter + def load_balancing_scheme(self, value: pulumi.Input[str]): + pulumi.set(self, "load_balancing_scheme", value) + + @property + @pulumi.getter + def location(self) -> pulumi.Input[str]: + """ + The location of the resource. + + + - - - + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: pulumi.Input[str]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def service(self) -> pulumi.Input[str]: + """ + The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + """ + return pulumi.get(self, "service") + + @service.setter + def service(self, value: pulumi.Input[str]): + pulumi.set(self, "service", value) + + @property + @pulumi.getter + def timeout(self) -> pulumi.Input[str]: + """ + Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + """ + return pulumi.get(self, "timeout") + + @timeout.setter + def timeout(self, value: pulumi.Input[str]): + pulumi.set(self, "timeout", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A human-readable description of the resource. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="failOpen") + def fail_open(self) -> Optional[pulumi.Input[bool]]: + """ + Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + """ + return pulumi.get(self, "fail_open") + + @fail_open.setter + def fail_open(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "fail_open", value) + + @property + @pulumi.getter(name="forwardHeaders") + def forward_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + """ + return pulumi.get(self, "forward_headers") + + @forward_headers.setter + def forward_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "forward_headers", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Identifier. Name of the AuthzExtension resource. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="wireFormat") + def wire_format(self) -> Optional[pulumi.Input[str]]: + """ + The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + return pulumi.get(self, "wire_format") + + @wire_format.setter + def wire_format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "wire_format", value) + + +@pulumi.input_type +class _AuthzExtensionState: + def __init__(__self__, *, + authority: Optional[pulumi.Input[str]] = None, + create_time: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + fail_open: Optional[pulumi.Input[bool]] = None, + forward_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + load_balancing_scheme: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + service: Optional[pulumi.Input[str]] = None, + timeout: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None, + wire_format: Optional[pulumi.Input[str]] = None): + """ + Input properties used for looking up and filtering AuthzExtension resources. + :param pulumi.Input[str] authority: The :authority header in the gRPC request sent from Envoy to the extension service. + :param pulumi.Input[str] create_time: The timestamp when the resource was created. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[bool] fail_open: Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + :param pulumi.Input[Sequence[pulumi.Input[str]]] forward_headers: List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] load_balancing_scheme: All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + :param pulumi.Input[str] location: The location of the resource. + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] metadata: The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + :param pulumi.Input[str] name: Identifier. Name of the AuthzExtension resource. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[str] service: The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + :param pulumi.Input[str] timeout: Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + :param pulumi.Input[str] update_time: The timestamp when the resource was updated. + :param pulumi.Input[str] wire_format: The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + if authority is not None: + pulumi.set(__self__, "authority", authority) + if create_time is not None: + pulumi.set(__self__, "create_time", create_time) + if description is not None: + pulumi.set(__self__, "description", description) + if effective_labels is not None: + pulumi.set(__self__, "effective_labels", effective_labels) + if fail_open is not None: + pulumi.set(__self__, "fail_open", fail_open) + if forward_headers is not None: + pulumi.set(__self__, "forward_headers", forward_headers) + if labels is not None: + pulumi.set(__self__, "labels", labels) + if load_balancing_scheme is not None: + pulumi.set(__self__, "load_balancing_scheme", load_balancing_scheme) + if location is not None: + pulumi.set(__self__, "location", location) + if metadata is not None: + pulumi.set(__self__, "metadata", metadata) + if name is not None: + pulumi.set(__self__, "name", name) + if project is not None: + pulumi.set(__self__, "project", project) + if pulumi_labels is not None: + pulumi.set(__self__, "pulumi_labels", pulumi_labels) + if service is not None: + pulumi.set(__self__, "service", service) + if timeout is not None: + pulumi.set(__self__, "timeout", timeout) + if update_time is not None: + pulumi.set(__self__, "update_time", update_time) + if wire_format is not None: + pulumi.set(__self__, "wire_format", wire_format) + + @property + @pulumi.getter + def authority(self) -> Optional[pulumi.Input[str]]: + """ + The :authority header in the gRPC request sent from Envoy to the extension service. + """ + return pulumi.get(self, "authority") + + @authority.setter + def authority(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "authority", value) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[pulumi.Input[str]]: + """ + The timestamp when the resource was created. + """ + return pulumi.get(self, "create_time") + + @create_time.setter + def create_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "create_time", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + """ + A human-readable description of the resource. + """ + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @effective_labels.setter + def effective_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "effective_labels", value) + + @property + @pulumi.getter(name="failOpen") + def fail_open(self) -> Optional[pulumi.Input[bool]]: + """ + Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + """ + return pulumi.get(self, "fail_open") + + @fail_open.setter + def fail_open(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "fail_open", value) + + @property + @pulumi.getter(name="forwardHeaders") + def forward_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + """ + return pulumi.get(self, "forward_headers") + + @forward_headers.setter + def forward_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "forward_headers", value) + + @property + @pulumi.getter + def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @labels.setter + def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "labels", value) + + @property + @pulumi.getter(name="loadBalancingScheme") + def load_balancing_scheme(self) -> Optional[pulumi.Input[str]]: + """ + All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + """ + return pulumi.get(self, "load_balancing_scheme") + + @load_balancing_scheme.setter + def load_balancing_scheme(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "load_balancing_scheme", value) + + @property + @pulumi.getter + def location(self) -> Optional[pulumi.Input[str]]: + """ + The location of the resource. + + + - - - + """ + return pulumi.get(self, "location") + + @location.setter + def location(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "location", value) + + @property + @pulumi.getter + def metadata(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + """ + return pulumi.get(self, "metadata") + + @metadata.setter + def metadata(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "metadata", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Identifier. Name of the AuthzExtension resource. + """ + return pulumi.get(self, "name") + + @name.setter + def name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "name", value) + + @property + @pulumi.getter + def project(self) -> Optional[pulumi.Input[str]]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @project.setter + def project(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "project", value) + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @pulumi_labels.setter + def pulumi_labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "pulumi_labels", value) + + @property + @pulumi.getter + def service(self) -> Optional[pulumi.Input[str]]: + """ + The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + """ + return pulumi.get(self, "service") + + @service.setter + def service(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "service", value) + + @property + @pulumi.getter + def timeout(self) -> Optional[pulumi.Input[str]]: + """ + Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + """ + return pulumi.get(self, "timeout") + + @timeout.setter + def timeout(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "timeout", value) + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> Optional[pulumi.Input[str]]: + """ + The timestamp when the resource was updated. + """ + return pulumi.get(self, "update_time") + + @update_time.setter + def update_time(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "update_time", value) + + @property + @pulumi.getter(name="wireFormat") + def wire_format(self) -> Optional[pulumi.Input[str]]: + """ + The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + return pulumi.get(self, "wire_format") + + @wire_format.setter + def wire_format(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "wire_format", value) + + +class AuthzExtension(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + authority: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + fail_open: Optional[pulumi.Input[bool]] = None, + forward_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + load_balancing_scheme: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + service: Optional[pulumi.Input[str]] = None, + timeout: Optional[pulumi.Input[str]] = None, + wire_format: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. + + To get more information about AuthzExtension, see: + + * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions) + + ## Example Usage + + ### Network Services Authz Extension Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.RegionBackendService("default", + name="authz-service", + project="my-project-name", + region="us-west1", + protocol="HTTP2", + load_balancing_scheme="INTERNAL_MANAGED", + port_name="grpc") + default_authz_extension = gcp.networkservices.AuthzExtension("default", + name="my-authz-ext", + project="my-project-name", + location="us-west1", + description="my description", + load_balancing_scheme="INTERNAL_MANAGED", + authority="ext11.com", + service=default.self_link, + timeout="0.1s", + fail_open=False, + forward_headers=["Authorization"]) + ``` + + ## Import + + AuthzExtension can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}` + + * `{{project}}/{{location}}/{{name}}` + + * `{{location}}/{{name}}` + + * `{{name}}` + + When using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}} + ``` + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}} + ``` + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] authority: The :authority header in the gRPC request sent from Envoy to the extension service. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[bool] fail_open: Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + :param pulumi.Input[Sequence[pulumi.Input[str]]] forward_headers: List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] load_balancing_scheme: All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + :param pulumi.Input[str] location: The location of the resource. + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] metadata: The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + :param pulumi.Input[str] name: Identifier. Name of the AuthzExtension resource. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[str] service: The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + :param pulumi.Input[str] timeout: Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + :param pulumi.Input[str] wire_format: The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: AuthzExtensionArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + AuthzExtension is a resource that allows traffic forwarding to a callout backend service to make an authorization decision. + + To get more information about AuthzExtension, see: + + * [API documentation](https://cloud.google.com/service-extensions/docs/reference/rest/v1beta1/projects.locations.authzExtensions) + + ## Example Usage + + ### Network Services Authz Extension Basic + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.RegionBackendService("default", + name="authz-service", + project="my-project-name", + region="us-west1", + protocol="HTTP2", + load_balancing_scheme="INTERNAL_MANAGED", + port_name="grpc") + default_authz_extension = gcp.networkservices.AuthzExtension("default", + name="my-authz-ext", + project="my-project-name", + location="us-west1", + description="my description", + load_balancing_scheme="INTERNAL_MANAGED", + authority="ext11.com", + service=default.self_link, + timeout="0.1s", + fail_open=False, + forward_headers=["Authorization"]) + ``` + + ## Import + + AuthzExtension can be imported using any of these accepted formats: + + * `projects/{{project}}/locations/{{location}}/authzExtensions/{{name}}` + + * `{{project}}/{{location}}/{{name}}` + + * `{{location}}/{{name}}` + + * `{{name}}` + + When using the `pulumi import` command, AuthzExtension can be imported using one of the formats above. For example: + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default projects/{{project}}/locations/{{location}}/authzExtensions/{{name}} + ``` + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{project}}/{{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{location}}/{{name}} + ``` + + ```sh + $ pulumi import gcp:networkservices/authzExtension:AuthzExtension default {{name}} + ``` + + :param str resource_name: The name of the resource. + :param AuthzExtensionArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(AuthzExtensionArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + authority: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + fail_open: Optional[pulumi.Input[bool]] = None, + forward_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + load_balancing_scheme: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + service: Optional[pulumi.Input[str]] = None, + timeout: Optional[pulumi.Input[str]] = None, + wire_format: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = AuthzExtensionArgs.__new__(AuthzExtensionArgs) + + if authority is None and not opts.urn: + raise TypeError("Missing required property 'authority'") + __props__.__dict__["authority"] = authority + __props__.__dict__["description"] = description + __props__.__dict__["fail_open"] = fail_open + __props__.__dict__["forward_headers"] = forward_headers + __props__.__dict__["labels"] = labels + if load_balancing_scheme is None and not opts.urn: + raise TypeError("Missing required property 'load_balancing_scheme'") + __props__.__dict__["load_balancing_scheme"] = load_balancing_scheme + if location is None and not opts.urn: + raise TypeError("Missing required property 'location'") + __props__.__dict__["location"] = location + __props__.__dict__["metadata"] = metadata + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + if service is None and not opts.urn: + raise TypeError("Missing required property 'service'") + __props__.__dict__["service"] = service + if timeout is None and not opts.urn: + raise TypeError("Missing required property 'timeout'") + __props__.__dict__["timeout"] = timeout + __props__.__dict__["wire_format"] = wire_format + __props__.__dict__["create_time"] = None + __props__.__dict__["effective_labels"] = None + __props__.__dict__["pulumi_labels"] = None + __props__.__dict__["update_time"] = None + secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["effectiveLabels", "pulumiLabels"]) + opts = pulumi.ResourceOptions.merge(opts, secret_opts) + super(AuthzExtension, __self__).__init__( + 'gcp:networkservices/authzExtension:AuthzExtension', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None, + authority: Optional[pulumi.Input[str]] = None, + create_time: Optional[pulumi.Input[str]] = None, + description: Optional[pulumi.Input[str]] = None, + effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + fail_open: Optional[pulumi.Input[bool]] = None, + forward_headers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + load_balancing_scheme: Optional[pulumi.Input[str]] = None, + location: Optional[pulumi.Input[str]] = None, + metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + name: Optional[pulumi.Input[str]] = None, + project: Optional[pulumi.Input[str]] = None, + pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + service: Optional[pulumi.Input[str]] = None, + timeout: Optional[pulumi.Input[str]] = None, + update_time: Optional[pulumi.Input[str]] = None, + wire_format: Optional[pulumi.Input[str]] = None) -> 'AuthzExtension': + """ + Get an existing AuthzExtension resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] authority: The :authority header in the gRPC request sent from Envoy to the extension service. + :param pulumi.Input[str] create_time: The timestamp when the resource was created. + :param pulumi.Input[str] description: A human-readable description of the resource. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + :param pulumi.Input[bool] fail_open: Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + :param pulumi.Input[Sequence[pulumi.Input[str]]] forward_headers: List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + :param pulumi.Input[str] load_balancing_scheme: All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + :param pulumi.Input[str] location: The location of the resource. + + + - - - + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] metadata: The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + :param pulumi.Input[str] name: Identifier. Name of the AuthzExtension resource. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource + and default labels configured on the provider. + :param pulumi.Input[str] service: The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + :param pulumi.Input[str] timeout: Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + :param pulumi.Input[str] update_time: The timestamp when the resource was updated. + :param pulumi.Input[str] wire_format: The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = _AuthzExtensionState.__new__(_AuthzExtensionState) + + __props__.__dict__["authority"] = authority + __props__.__dict__["create_time"] = create_time + __props__.__dict__["description"] = description + __props__.__dict__["effective_labels"] = effective_labels + __props__.__dict__["fail_open"] = fail_open + __props__.__dict__["forward_headers"] = forward_headers + __props__.__dict__["labels"] = labels + __props__.__dict__["load_balancing_scheme"] = load_balancing_scheme + __props__.__dict__["location"] = location + __props__.__dict__["metadata"] = metadata + __props__.__dict__["name"] = name + __props__.__dict__["project"] = project + __props__.__dict__["pulumi_labels"] = pulumi_labels + __props__.__dict__["service"] = service + __props__.__dict__["timeout"] = timeout + __props__.__dict__["update_time"] = update_time + __props__.__dict__["wire_format"] = wire_format + return AuthzExtension(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter + def authority(self) -> pulumi.Output[str]: + """ + The :authority header in the gRPC request sent from Envoy to the extension service. + """ + return pulumi.get(self, "authority") + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + The timestamp when the resource was created. + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + """ + A human-readable description of the resource. + """ + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="effectiveLabels") + def effective_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. + """ + return pulumi.get(self, "effective_labels") + + @property + @pulumi.getter(name="failOpen") + def fail_open(self) -> pulumi.Output[bool]: + """ + Determines how the proxy behaves if the call to the extension fails or times out. + When set to TRUE, request or response processing continues without error. Any subsequent extensions in the extension chain are also executed. When set to FALSE or the default setting of FALSE is used, one of the following happens: + * If response headers have not been delivered to the downstream client, a generic 500 error is returned to the client. The error response can be tailored by configuring a custom error response in the load balancer. + * If response headers have been delivered, then the HTTP stream to the downstream client is reset. + """ + return pulumi.get(self, "fail_open") + + @property + @pulumi.getter(name="forwardHeaders") + def forward_headers(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + List of the HTTP headers to forward to the extension (from the client). If omitted, all headers are sent. Each element is a string indicating the header name. + """ + return pulumi.get(self, "forward_headers") + + @property + @pulumi.getter + def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + Set of labels associated with the AuthzExtension resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + """ + return pulumi.get(self, "labels") + + @property + @pulumi.getter(name="loadBalancingScheme") + def load_balancing_scheme(self) -> pulumi.Output[str]: + """ + All backend services and forwarding rules referenced by this extension must share the same load balancing scheme. + For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service). + Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`. + """ + return pulumi.get(self, "load_balancing_scheme") + + @property + @pulumi.getter + def location(self) -> pulumi.Output[str]: + """ + The location of the resource. + + + - - - + """ + return pulumi.get(self, "location") + + @property + @pulumi.getter + def metadata(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + """ + The metadata provided here is included as part of the metadata_context (of type google.protobuf.Struct) in the ProcessingRequest message sent to the extension server. The metadata is available under the namespace com.google.authz_extension.. The following variables are supported in the metadata Struct: + {forwarding_rule_id} - substituted with the forwarding rule's fully qualified resource name. + """ + return pulumi.get(self, "metadata") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Identifier. Name of the AuthzExtension resource. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + """ + return pulumi.get(self, "project") + + @property + @pulumi.getter(name="pulumiLabels") + def pulumi_labels(self) -> pulumi.Output[Mapping[str, str]]: + """ + The combination of labels configured directly on the resource + and default labels configured on the provider. + """ + return pulumi.get(self, "pulumi_labels") + + @property + @pulumi.getter + def service(self) -> pulumi.Output[str]: + """ + The reference to the service that runs the extension. + To configure a callout extension, service must be a fully-qualified reference to a [backend service](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) in the format: + https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/backendServices/{backendService} or https://www.googleapis.com/compute/v1/projects/{project}/global/backendServices/{backendService}. + """ + return pulumi.get(self, "service") + + @property + @pulumi.getter + def timeout(self) -> pulumi.Output[str]: + """ + Specifies the timeout for each individual message on the stream. The timeout must be between 10-10000 milliseconds. + """ + return pulumi.get(self, "timeout") + + @property + @pulumi.getter(name="updateTime") + def update_time(self) -> pulumi.Output[str]: + """ + The timestamp when the resource was updated. + """ + return pulumi.get(self, "update_time") + + @property + @pulumi.getter(name="wireFormat") + def wire_format(self) -> pulumi.Output[Optional[str]]: + """ + The format of communication supported by the callout extension. + Default value is `EXT_PROC_GRPC`. + Possible values are: `WIRE_FORMAT_UNSPECIFIED`, `EXT_PROC_GRPC`. + """ + return pulumi.get(self, "wire_format") + diff --git a/sdk/python/pulumi_gcp/oracledatabase/autonomous_database.py b/sdk/python/pulumi_gcp/oracledatabase/autonomous_database.py index cec9af9572..5d85c8b152 100644 --- a/sdk/python/pulumi_gcp/oracledatabase/autonomous_database.py +++ b/sdk/python/pulumi_gcp/oracledatabase/autonomous_database.py @@ -526,7 +526,7 @@ def __init__(__self__, autonomous_database_id="my-instance", location="us-east4", project="my-project", - database="testdb", + database="mydatabase", admin_password="123Abpassword", network=default.id, cidr="10.5.0.0/24", @@ -552,7 +552,7 @@ def __init__(__self__, location="us-east4", project="my-project", display_name="autonomousDatabase displayname", - database="testdatabase", + database="mydatabase", admin_password="123Abpassword", network=default.id, cidr="10.5.0.0/24", @@ -657,7 +657,7 @@ def __init__(__self__, autonomous_database_id="my-instance", location="us-east4", project="my-project", - database="testdb", + database="mydatabase", admin_password="123Abpassword", network=default.id, cidr="10.5.0.0/24", @@ -683,7 +683,7 @@ def __init__(__self__, location="us-east4", project="my-project", display_name="autonomousDatabase displayname", - database="testdatabase", + database="mydatabase", admin_password="123Abpassword", network=default.id, cidr="10.5.0.0/24", diff --git a/sdk/python/pulumi_gcp/orgpolicy/_inputs.py b/sdk/python/pulumi_gcp/orgpolicy/_inputs.py index cbd4f914d6..587c177a44 100644 --- a/sdk/python/pulumi_gcp/orgpolicy/_inputs.py +++ b/sdk/python/pulumi_gcp/orgpolicy/_inputs.py @@ -175,6 +175,10 @@ class PolicyDryRunSpecRuleArgsDict(TypedDict): """ If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. """ + parameters: NotRequired[pulumi.Input[str]] + """ + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } + """ values: NotRequired[pulumi.Input['PolicyDryRunSpecRuleValuesArgsDict']] """ List of values to be used for this policy rule. This field can be set only in policies for list constraints. @@ -190,6 +194,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['PolicyDryRunSpecRuleConditionArgs']] = None, deny_all: Optional[pulumi.Input[str]] = None, enforce: Optional[pulumi.Input[str]] = None, + parameters: Optional[pulumi.Input[str]] = None, values: Optional[pulumi.Input['PolicyDryRunSpecRuleValuesArgs']] = None): """ :param pulumi.Input[str] allow_all: Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints. @@ -197,6 +202,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] deny_all: Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints. :param pulumi.Input[str] enforce: If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. + :param pulumi.Input[str] parameters: Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } :param pulumi.Input['PolicyDryRunSpecRuleValuesArgs'] values: List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below. """ @@ -208,6 +214,8 @@ def __init__(__self__, *, pulumi.set(__self__, "deny_all", deny_all) if enforce is not None: pulumi.set(__self__, "enforce", enforce) + if parameters is not None: + pulumi.set(__self__, "parameters", parameters) if values is not None: pulumi.set(__self__, "values", values) @@ -260,6 +268,18 @@ def enforce(self) -> Optional[pulumi.Input[str]]: def enforce(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "enforce", value) + @property + @pulumi.getter + def parameters(self) -> Optional[pulumi.Input[str]]: + """ + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } + """ + return pulumi.get(self, "parameters") + + @parameters.setter + def parameters(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "parameters", value) + @property @pulumi.getter def values(self) -> Optional[pulumi.Input['PolicyDryRunSpecRuleValuesArgs']]: @@ -558,6 +578,10 @@ class PolicySpecRuleArgsDict(TypedDict): """ If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. """ + parameters: NotRequired[pulumi.Input[str]] + """ + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } + """ values: NotRequired[pulumi.Input['PolicySpecRuleValuesArgsDict']] """ List of values to be used for this policy rule. This field can be set only in policies for list constraints. @@ -573,6 +597,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['PolicySpecRuleConditionArgs']] = None, deny_all: Optional[pulumi.Input[str]] = None, enforce: Optional[pulumi.Input[str]] = None, + parameters: Optional[pulumi.Input[str]] = None, values: Optional[pulumi.Input['PolicySpecRuleValuesArgs']] = None): """ :param pulumi.Input[str] allow_all: Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints. @@ -580,6 +605,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] deny_all: Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints. :param pulumi.Input[str] enforce: If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. + :param pulumi.Input[str] parameters: Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } :param pulumi.Input['PolicySpecRuleValuesArgs'] values: List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below. """ @@ -591,6 +617,8 @@ def __init__(__self__, *, pulumi.set(__self__, "deny_all", deny_all) if enforce is not None: pulumi.set(__self__, "enforce", enforce) + if parameters is not None: + pulumi.set(__self__, "parameters", parameters) if values is not None: pulumi.set(__self__, "values", values) @@ -643,6 +671,18 @@ def enforce(self) -> Optional[pulumi.Input[str]]: def enforce(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "enforce", value) + @property + @pulumi.getter + def parameters(self) -> Optional[pulumi.Input[str]]: + """ + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } + """ + return pulumi.get(self, "parameters") + + @parameters.setter + def parameters(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "parameters", value) + @property @pulumi.getter def values(self) -> Optional[pulumi.Input['PolicySpecRuleValuesArgs']]: diff --git a/sdk/python/pulumi_gcp/orgpolicy/outputs.py b/sdk/python/pulumi_gcp/orgpolicy/outputs.py index 20d9e8fa03..f0a6986c30 100644 --- a/sdk/python/pulumi_gcp/orgpolicy/outputs.py +++ b/sdk/python/pulumi_gcp/orgpolicy/outputs.py @@ -144,6 +144,7 @@ def __init__(__self__, *, condition: Optional['outputs.PolicyDryRunSpecRuleCondition'] = None, deny_all: Optional[str] = None, enforce: Optional[str] = None, + parameters: Optional[str] = None, values: Optional['outputs.PolicyDryRunSpecRuleValues'] = None): """ :param str allow_all: Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints. @@ -151,6 +152,7 @@ def __init__(__self__, *, Structure is documented below. :param str deny_all: Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints. :param str enforce: If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. + :param str parameters: Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } :param 'PolicyDryRunSpecRuleValuesArgs' values: List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below. """ @@ -162,6 +164,8 @@ def __init__(__self__, *, pulumi.set(__self__, "deny_all", deny_all) if enforce is not None: pulumi.set(__self__, "enforce", enforce) + if parameters is not None: + pulumi.set(__self__, "parameters", parameters) if values is not None: pulumi.set(__self__, "values", values) @@ -198,6 +202,14 @@ def enforce(self) -> Optional[str]: """ return pulumi.get(self, "enforce") + @property + @pulumi.getter + def parameters(self) -> Optional[str]: + """ + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } + """ + return pulumi.get(self, "parameters") + @property @pulumi.getter def values(self) -> Optional['outputs.PolicyDryRunSpecRuleValues']: @@ -431,6 +443,7 @@ def __init__(__self__, *, condition: Optional['outputs.PolicySpecRuleCondition'] = None, deny_all: Optional[str] = None, enforce: Optional[str] = None, + parameters: Optional[str] = None, values: Optional['outputs.PolicySpecRuleValues'] = None): """ :param str allow_all: Setting this to `"TRUE"` means that all values are allowed. This field can be set only in Policies for list constraints. @@ -438,6 +451,7 @@ def __init__(__self__, *, Structure is documented below. :param str deny_all: Setting this to `"TRUE"` means that all values are denied. This field can be set only in Policies for list constraints. :param str enforce: If `"TRUE"`, then the `Policy` is enforced. If `"FALSE"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints. + :param str parameters: Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } :param 'PolicySpecRuleValuesArgs' values: List of values to be used for this policy rule. This field can be set only in policies for list constraints. Structure is documented below. """ @@ -449,6 +463,8 @@ def __init__(__self__, *, pulumi.set(__self__, "deny_all", deny_all) if enforce is not None: pulumi.set(__self__, "enforce", enforce) + if parameters is not None: + pulumi.set(__self__, "parameters", parameters) if values is not None: pulumi.set(__self__, "values", values) @@ -485,6 +501,14 @@ def enforce(self) -> Optional[str]: """ return pulumi.get(self, "enforce") + @property + @pulumi.getter + def parameters(self) -> Optional[str]: + """ + Optional. Required for Managed Constraints if parameters defined in constraints. Pass parameter values when policy enforcement is enabled. Ensure that parameter value types match those defined in the constraint definition. For example: { \\"allowedLocations\\" : [\\"us-east1\\", \\"us-west1\\"], \\"allowAll\\" : true } + """ + return pulumi.get(self, "parameters") + @property @pulumi.getter def values(self) -> Optional['outputs.PolicySpecRuleValues']: diff --git a/sdk/python/pulumi_gcp/orgpolicy/policy.py b/sdk/python/pulumi_gcp/orgpolicy/policy.py index d45d32ba2e..7371ef2def 100644 --- a/sdk/python/pulumi_gcp/orgpolicy/policy.py +++ b/sdk/python/pulumi_gcp/orgpolicy/policy.py @@ -231,8 +231,8 @@ def __init__(__self__, org_id="123456789", deletion_policy="DELETE") primary = gcp.orgpolicy.Policy("primary", - name=basic.name.apply(lambda name: f"projects/{name}/policies/iam.disableServiceAccountKeyUpload"), - parent=basic.name.apply(lambda name: f"projects/{name}"), + name=basic.project_id.apply(lambda project_id: f"projects/{project_id}/policies/iam.disableServiceAccountKeyUpload"), + parent=basic.project_id.apply(lambda project_id: f"projects/{project_id}"), spec={ "rules": [{ "enforce": "FALSE", @@ -284,8 +284,8 @@ def __init__(__self__, org_id="123456789", deletion_policy="DELETE") primary = gcp.orgpolicy.Policy("primary", - name=basic.name.apply(lambda name: f"projects/{name}/policies/gcp.resourceLocations"), - parent=basic.name.apply(lambda name: f"projects/{name}"), + name=basic.project_id.apply(lambda project_id: f"projects/{project_id}/policies/gcp.resourceLocations"), + parent=basic.project_id.apply(lambda project_id: f"projects/{project_id}"), spec={ "rules": [ { @@ -337,6 +337,34 @@ def __init__(__self__, }], }) ``` + ### Org Policy Policy Parameters Enforce + + ```python + import pulumi + import json + import pulumi_gcp as gcp + + basic = gcp.organizations.Project("basic", + project_id="id", + name="id", + org_id="123456789", + deletion_policy="DELETE") + primary = gcp.orgpolicy.Policy("primary", + name=basic.name.apply(lambda name: f"projects/{name}/policies/compute.managed.restrictDiskCreation"), + parent=basic.name.apply(lambda name: f"projects/{name}"), + spec={ + "rules": [{ + "enforce": "TRUE", + "parameters": json.dumps({ + "isSizeLimitCheck": True, + "allowedDiskTypes": [ + "pd-ssd", + "pd-standard", + ], + }), + }], + }) + ``` ## Import @@ -392,8 +420,8 @@ def __init__(__self__, org_id="123456789", deletion_policy="DELETE") primary = gcp.orgpolicy.Policy("primary", - name=basic.name.apply(lambda name: f"projects/{name}/policies/iam.disableServiceAccountKeyUpload"), - parent=basic.name.apply(lambda name: f"projects/{name}"), + name=basic.project_id.apply(lambda project_id: f"projects/{project_id}/policies/iam.disableServiceAccountKeyUpload"), + parent=basic.project_id.apply(lambda project_id: f"projects/{project_id}"), spec={ "rules": [{ "enforce": "FALSE", @@ -445,8 +473,8 @@ def __init__(__self__, org_id="123456789", deletion_policy="DELETE") primary = gcp.orgpolicy.Policy("primary", - name=basic.name.apply(lambda name: f"projects/{name}/policies/gcp.resourceLocations"), - parent=basic.name.apply(lambda name: f"projects/{name}"), + name=basic.project_id.apply(lambda project_id: f"projects/{project_id}/policies/gcp.resourceLocations"), + parent=basic.project_id.apply(lambda project_id: f"projects/{project_id}"), spec={ "rules": [ { @@ -498,6 +526,34 @@ def __init__(__self__, }], }) ``` + ### Org Policy Policy Parameters Enforce + + ```python + import pulumi + import json + import pulumi_gcp as gcp + + basic = gcp.organizations.Project("basic", + project_id="id", + name="id", + org_id="123456789", + deletion_policy="DELETE") + primary = gcp.orgpolicy.Policy("primary", + name=basic.name.apply(lambda name: f"projects/{name}/policies/compute.managed.restrictDiskCreation"), + parent=basic.name.apply(lambda name: f"projects/{name}"), + spec={ + "rules": [{ + "enforce": "TRUE", + "parameters": json.dumps({ + "isSizeLimitCheck": True, + "allowedDiskTypes": [ + "pd-ssd", + "pd-standard", + ], + }), + }], + }) + ``` ## Import diff --git a/sdk/python/pulumi_gcp/sql/_inputs.py b/sdk/python/pulumi_gcp/sql/_inputs.py index a6bc4e4992..652ed4930c 100644 --- a/sdk/python/pulumi_gcp/sql/_inputs.py +++ b/sdk/python/pulumi_gcp/sql/_inputs.py @@ -772,7 +772,7 @@ class DatabaseInstanceSettingsArgsDict(TypedDict): """ connector_enforcement: NotRequired[pulumi.Input[str]] """ - Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. """ data_cache_config: NotRequired[pulumi.Input['DatabaseInstanceSettingsDataCacheConfigArgsDict']] """ @@ -889,7 +889,7 @@ def __init__(__self__, *, For Postgres and SQL Server instances, ensure that `settings.backup_configuration.point_in_time_recovery_enabled` is set to `true`. Defaults to `ZONAL`. :param pulumi.Input[str] collation: The name of server instance collation. - :param pulumi.Input[str] connector_enforcement: Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + :param pulumi.Input[str] connector_enforcement: Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. :param pulumi.Input['DatabaseInstanceSettingsDataCacheConfigArgs'] data_cache_config: Data cache configurations. :param pulumi.Input[bool] deletion_protection_enabled: Configuration to protect against accidental instance deletion. :param pulumi.Input[bool] disk_autoresize: Enables auto-resizing of the storage size. Defaults to `true`. Note that if `disk_size` is set, future `pulumi up` calls will attempt to delete the instance in order to resize the disk to the value specified in disk_size if it has been resized. To avoid this, ensure that `lifecycle.ignore_changes` is applied to `disk_size`. @@ -1052,7 +1052,7 @@ def collation(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="connectorEnforcement") def connector_enforcement(self) -> Optional[pulumi.Input[str]]: """ - Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. """ return pulumi.get(self, "connector_enforcement") diff --git a/sdk/python/pulumi_gcp/sql/database_instance.py b/sdk/python/pulumi_gcp/sql/database_instance.py index 480a575b35..8cea60cdf4 100644 --- a/sdk/python/pulumi_gcp/sql/database_instance.py +++ b/sdk/python/pulumi_gcp/sql/database_instance.py @@ -41,8 +41,8 @@ def __init__(__self__, *, :param pulumi.Input[str] database_version: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -123,8 +123,8 @@ def database_version(self) -> pulumi.Input[str]: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -369,8 +369,8 @@ def __init__(__self__, *, :param pulumi.Input[str] database_version: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -518,8 +518,8 @@ def database_version(self) -> Optional[pulumi.Input[str]]: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -1044,8 +1044,8 @@ def __init__(__self__, :param pulumi.Input[str] database_version: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -1415,8 +1415,8 @@ def get(resource_name: str, :param pulumi.Input[str] database_version: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) @@ -1531,8 +1531,8 @@ def database_version(self) -> pulumi.Output[str]: The MySQL, PostgreSQL or SQL Server version to use. Supported values include `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `POSTGRES_9_6`,`POSTGRES_10`, `POSTGRES_11`, - `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, - `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. + `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `POSTGRES_16`, `POSTGRES_17`, + `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`. `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`. [Database Version Policies](https://cloud.google.com/sql/docs/db-versions) diff --git a/sdk/python/pulumi_gcp/sql/outputs.py b/sdk/python/pulumi_gcp/sql/outputs.py index f54b5b43de..54963bff52 100644 --- a/sdk/python/pulumi_gcp/sql/outputs.py +++ b/sdk/python/pulumi_gcp/sql/outputs.py @@ -727,7 +727,7 @@ def __init__(__self__, *, For Postgres and SQL Server instances, ensure that `settings.backup_configuration.point_in_time_recovery_enabled` is set to `true`. Defaults to `ZONAL`. :param str collation: The name of server instance collation. - :param str connector_enforcement: Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + :param str connector_enforcement: Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. :param 'DatabaseInstanceSettingsDataCacheConfigArgs' data_cache_config: Data cache configurations. :param bool deletion_protection_enabled: Configuration to protect against accidental instance deletion. :param bool disk_autoresize: Enables auto-resizing of the storage size. Defaults to `true`. Note that if `disk_size` is set, future `pulumi up` calls will attempt to delete the instance in order to resize the disk to the value specified in disk_size if it has been resized. To avoid this, ensure that `lifecycle.ignore_changes` is applied to `disk_size`. @@ -862,7 +862,7 @@ def collation(self) -> Optional[str]: @pulumi.getter(name="connectorEnforcement") def connector_enforcement(self) -> Optional[str]: """ - Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected. + Control the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections, can be `REQUIRED` or `NOT_REQUIRED`. If enabled, all the direct connections are rejected. """ return pulumi.get(self, "connector_enforcement") diff --git a/sdk/python/pulumi_gcp/storage/_inputs.py b/sdk/python/pulumi_gcp/storage/_inputs.py index 6f5995dfa4..1bd2c3d76e 100644 --- a/sdk/python/pulumi_gcp/storage/_inputs.py +++ b/sdk/python/pulumi_gcp/storage/_inputs.py @@ -99,6 +99,8 @@ 'TransferJobTransferSpecGcsDataSinkArgsDict', 'TransferJobTransferSpecGcsDataSourceArgs', 'TransferJobTransferSpecGcsDataSourceArgsDict', + 'TransferJobTransferSpecHdfsDataSourceArgs', + 'TransferJobTransferSpecHdfsDataSourceArgsDict', 'TransferJobTransferSpecHttpDataSourceArgs', 'TransferJobTransferSpecHttpDataSourceArgsDict', 'TransferJobTransferSpecObjectConditionsArgs', @@ -2517,6 +2519,10 @@ class TransferJobTransferSpecArgsDict(TypedDict): """ A Google Cloud Storage data source. Structure documented below. """ + hdfs_data_source: NotRequired[pulumi.Input['TransferJobTransferSpecHdfsDataSourceArgsDict']] + """ + An HDFS data source. Structure documented below. + """ http_data_source: NotRequired[pulumi.Input['TransferJobTransferSpecHttpDataSourceArgsDict']] """ A HTTP URL data source. Structure documented below. @@ -2555,6 +2561,7 @@ def __init__(__self__, *, azure_blob_storage_data_source: Optional[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceArgs']] = None, gcs_data_sink: Optional[pulumi.Input['TransferJobTransferSpecGcsDataSinkArgs']] = None, gcs_data_source: Optional[pulumi.Input['TransferJobTransferSpecGcsDataSourceArgs']] = None, + hdfs_data_source: Optional[pulumi.Input['TransferJobTransferSpecHdfsDataSourceArgs']] = None, http_data_source: Optional[pulumi.Input['TransferJobTransferSpecHttpDataSourceArgs']] = None, object_conditions: Optional[pulumi.Input['TransferJobTransferSpecObjectConditionsArgs']] = None, posix_data_sink: Optional[pulumi.Input['TransferJobTransferSpecPosixDataSinkArgs']] = None, @@ -2567,6 +2574,7 @@ def __init__(__self__, *, :param pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceArgs'] azure_blob_storage_data_source: An Azure Blob Storage data source. Structure documented below. :param pulumi.Input['TransferJobTransferSpecGcsDataSinkArgs'] gcs_data_sink: A Google Cloud Storage data sink. Structure documented below. :param pulumi.Input['TransferJobTransferSpecGcsDataSourceArgs'] gcs_data_source: A Google Cloud Storage data source. Structure documented below. + :param pulumi.Input['TransferJobTransferSpecHdfsDataSourceArgs'] hdfs_data_source: An HDFS data source. Structure documented below. :param pulumi.Input['TransferJobTransferSpecHttpDataSourceArgs'] http_data_source: A HTTP URL data source. Structure documented below. :param pulumi.Input['TransferJobTransferSpecObjectConditionsArgs'] object_conditions: Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' `last_modification_time` do not exclude objects in a data sink. Structure documented below. :param pulumi.Input['TransferJobTransferSpecPosixDataSinkArgs'] posix_data_sink: A POSIX data sink. Structure documented below. @@ -2583,6 +2591,8 @@ def __init__(__self__, *, pulumi.set(__self__, "gcs_data_sink", gcs_data_sink) if gcs_data_source is not None: pulumi.set(__self__, "gcs_data_source", gcs_data_source) + if hdfs_data_source is not None: + pulumi.set(__self__, "hdfs_data_source", hdfs_data_source) if http_data_source is not None: pulumi.set(__self__, "http_data_source", http_data_source) if object_conditions is not None: @@ -2646,6 +2656,18 @@ def gcs_data_source(self) -> Optional[pulumi.Input['TransferJobTransferSpecGcsDa def gcs_data_source(self, value: Optional[pulumi.Input['TransferJobTransferSpecGcsDataSourceArgs']]): pulumi.set(self, "gcs_data_source", value) + @property + @pulumi.getter(name="hdfsDataSource") + def hdfs_data_source(self) -> Optional[pulumi.Input['TransferJobTransferSpecHdfsDataSourceArgs']]: + """ + An HDFS data source. Structure documented below. + """ + return pulumi.get(self, "hdfs_data_source") + + @hdfs_data_source.setter + def hdfs_data_source(self, value: Optional[pulumi.Input['TransferJobTransferSpecHdfsDataSourceArgs']]): + pulumi.set(self, "hdfs_data_source", value) + @property @pulumi.getter(name="httpDataSource") def http_data_source(self) -> Optional[pulumi.Input['TransferJobTransferSpecHttpDataSourceArgs']]: @@ -3121,6 +3143,37 @@ def path(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "path", value) +if not MYPY: + class TransferJobTransferSpecHdfsDataSourceArgsDict(TypedDict): + path: pulumi.Input[str] + """ + Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + """ +elif False: + TransferJobTransferSpecHdfsDataSourceArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class TransferJobTransferSpecHdfsDataSourceArgs: + def __init__(__self__, *, + path: pulumi.Input[str]): + """ + :param pulumi.Input[str] path: Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + """ + pulumi.set(__self__, "path", path) + + @property + @pulumi.getter + def path(self) -> pulumi.Input[str]: + """ + Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + """ + return pulumi.get(self, "path") + + @path.setter + def path(self, value: pulumi.Input[str]): + pulumi.set(self, "path", value) + + if not MYPY: class TransferJobTransferSpecHttpDataSourceArgsDict(TypedDict): list_url: pulumi.Input[str] @@ -3320,8 +3373,6 @@ class TransferJobTransferSpecPosixDataSourceArgsDict(TypedDict): root_directory: pulumi.Input[str] """ Root directory path to the filesystem. - - The `aws_s3_data_source` block supports: """ elif False: TransferJobTransferSpecPosixDataSourceArgsDict: TypeAlias = Mapping[str, Any] @@ -3332,8 +3383,6 @@ def __init__(__self__, *, root_directory: pulumi.Input[str]): """ :param pulumi.Input[str] root_directory: Root directory path to the filesystem. - - The `aws_s3_data_source` block supports: """ pulumi.set(__self__, "root_directory", root_directory) @@ -3342,8 +3391,6 @@ def __init__(__self__, *, def root_directory(self) -> pulumi.Input[str]: """ Root directory path to the filesystem. - - The `aws_s3_data_source` block supports: """ return pulumi.get(self, "root_directory") diff --git a/sdk/python/pulumi_gcp/storage/outputs.py b/sdk/python/pulumi_gcp/storage/outputs.py index 0ec6556dbd..bb0c93594a 100644 --- a/sdk/python/pulumi_gcp/storage/outputs.py +++ b/sdk/python/pulumi_gcp/storage/outputs.py @@ -58,6 +58,7 @@ 'TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentials', 'TransferJobTransferSpecGcsDataSink', 'TransferJobTransferSpecGcsDataSource', + 'TransferJobTransferSpecHdfsDataSource', 'TransferJobTransferSpecHttpDataSource', 'TransferJobTransferSpecObjectConditions', 'TransferJobTransferSpecPosixDataSink', @@ -1942,6 +1943,8 @@ def __key_warning(key: str): suggest = "gcs_data_sink" elif key == "gcsDataSource": suggest = "gcs_data_source" + elif key == "hdfsDataSource": + suggest = "hdfs_data_source" elif key == "httpDataSource": suggest = "http_data_source" elif key == "objectConditions": @@ -1973,6 +1976,7 @@ def __init__(__self__, *, azure_blob_storage_data_source: Optional['outputs.TransferJobTransferSpecAzureBlobStorageDataSource'] = None, gcs_data_sink: Optional['outputs.TransferJobTransferSpecGcsDataSink'] = None, gcs_data_source: Optional['outputs.TransferJobTransferSpecGcsDataSource'] = None, + hdfs_data_source: Optional['outputs.TransferJobTransferSpecHdfsDataSource'] = None, http_data_source: Optional['outputs.TransferJobTransferSpecHttpDataSource'] = None, object_conditions: Optional['outputs.TransferJobTransferSpecObjectConditions'] = None, posix_data_sink: Optional['outputs.TransferJobTransferSpecPosixDataSink'] = None, @@ -1985,6 +1989,7 @@ def __init__(__self__, *, :param 'TransferJobTransferSpecAzureBlobStorageDataSourceArgs' azure_blob_storage_data_source: An Azure Blob Storage data source. Structure documented below. :param 'TransferJobTransferSpecGcsDataSinkArgs' gcs_data_sink: A Google Cloud Storage data sink. Structure documented below. :param 'TransferJobTransferSpecGcsDataSourceArgs' gcs_data_source: A Google Cloud Storage data source. Structure documented below. + :param 'TransferJobTransferSpecHdfsDataSourceArgs' hdfs_data_source: An HDFS data source. Structure documented below. :param 'TransferJobTransferSpecHttpDataSourceArgs' http_data_source: A HTTP URL data source. Structure documented below. :param 'TransferJobTransferSpecObjectConditionsArgs' object_conditions: Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' `last_modification_time` do not exclude objects in a data sink. Structure documented below. :param 'TransferJobTransferSpecPosixDataSinkArgs' posix_data_sink: A POSIX data sink. Structure documented below. @@ -2001,6 +2006,8 @@ def __init__(__self__, *, pulumi.set(__self__, "gcs_data_sink", gcs_data_sink) if gcs_data_source is not None: pulumi.set(__self__, "gcs_data_source", gcs_data_source) + if hdfs_data_source is not None: + pulumi.set(__self__, "hdfs_data_source", hdfs_data_source) if http_data_source is not None: pulumi.set(__self__, "http_data_source", http_data_source) if object_conditions is not None: @@ -2048,6 +2055,14 @@ def gcs_data_source(self) -> Optional['outputs.TransferJobTransferSpecGcsDataSou """ return pulumi.get(self, "gcs_data_source") + @property + @pulumi.getter(name="hdfsDataSource") + def hdfs_data_source(self) -> Optional['outputs.TransferJobTransferSpecHdfsDataSource']: + """ + An HDFS data source. Structure documented below. + """ + return pulumi.get(self, "hdfs_data_source") + @property @pulumi.getter(name="httpDataSource") def http_data_source(self) -> Optional['outputs.TransferJobTransferSpecHttpDataSource']: @@ -2447,6 +2462,24 @@ def path(self) -> Optional[str]: return pulumi.get(self, "path") +@pulumi.output_type +class TransferJobTransferSpecHdfsDataSource(dict): + def __init__(__self__, *, + path: str): + """ + :param str path: Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + """ + pulumi.set(__self__, "path", path) + + @property + @pulumi.getter + def path(self) -> str: + """ + Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'. + """ + return pulumi.get(self, "path") + + @pulumi.output_type class TransferJobTransferSpecHttpDataSource(dict): @staticmethod @@ -2646,8 +2679,6 @@ def __init__(__self__, *, root_directory: str): """ :param str root_directory: Root directory path to the filesystem. - - The `aws_s3_data_source` block supports: """ pulumi.set(__self__, "root_directory", root_directory) @@ -2656,8 +2687,6 @@ def __init__(__self__, *, def root_directory(self) -> str: """ Root directory path to the filesystem. - - The `aws_s3_data_source` block supports: """ return pulumi.get(self, "root_directory") diff --git a/sdk/python/pulumi_gcp/tpu/_inputs.py b/sdk/python/pulumi_gcp/tpu/_inputs.py index ddfaa361c0..ae1f006965 100644 --- a/sdk/python/pulumi_gcp/tpu/_inputs.py +++ b/sdk/python/pulumi_gcp/tpu/_inputs.py @@ -443,16 +443,16 @@ class V2VmNetworkConfigArgsDict(TypedDict): network: NotRequired[pulumi.Input[str]] """ The name of the network for the TPU node. It must be a preexisting Google Compute Engine - network. If both network and subnetwork are specified, the given subnetwork must belong - to the given network. If network is not specified, it will be looked up from the - subnetwork if one is provided, or otherwise use "default". + network. If none is provided, "default" will be used. + """ + queue_count: NotRequired[pulumi.Input[int]] + """ + Specifies networking queue count for TPU VM instance's network interface. """ subnetwork: NotRequired[pulumi.Input[str]] """ The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - must belong to the given network. If subnetwork is not specified, the subnetwork with the - same name as the network will be used. + Engine subnetwork. If none is provided, "default" will be used. """ elif False: V2VmNetworkConfigArgsDict: TypeAlias = Mapping[str, Any] @@ -463,6 +463,7 @@ def __init__(__self__, *, can_ip_forward: Optional[pulumi.Input[bool]] = None, enable_external_ips: Optional[pulumi.Input[bool]] = None, network: Optional[pulumi.Input[str]] = None, + queue_count: Optional[pulumi.Input[int]] = None, subnetwork: Optional[pulumi.Input[str]] = None): """ :param pulumi.Input[bool] can_ip_forward: Allows the TPU node to send and receive packets with non-matching destination or source @@ -470,13 +471,10 @@ def __init__(__self__, *, :param pulumi.Input[bool] enable_external_ips: Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled. :param pulumi.Input[str] network: The name of the network for the TPU node. It must be a preexisting Google Compute Engine - network. If both network and subnetwork are specified, the given subnetwork must belong - to the given network. If network is not specified, it will be looked up from the - subnetwork if one is provided, or otherwise use "default". + network. If none is provided, "default" will be used. + :param pulumi.Input[int] queue_count: Specifies networking queue count for TPU VM instance's network interface. :param pulumi.Input[str] subnetwork: The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - must belong to the given network. If subnetwork is not specified, the subnetwork with the - same name as the network will be used. + Engine subnetwork. If none is provided, "default" will be used. """ if can_ip_forward is not None: pulumi.set(__self__, "can_ip_forward", can_ip_forward) @@ -484,6 +482,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enable_external_ips", enable_external_ips) if network is not None: pulumi.set(__self__, "network", network) + if queue_count is not None: + pulumi.set(__self__, "queue_count", queue_count) if subnetwork is not None: pulumi.set(__self__, "subnetwork", subnetwork) @@ -518,9 +518,7 @@ def enable_external_ips(self, value: Optional[pulumi.Input[bool]]): def network(self) -> Optional[pulumi.Input[str]]: """ The name of the network for the TPU node. It must be a preexisting Google Compute Engine - network. If both network and subnetwork are specified, the given subnetwork must belong - to the given network. If network is not specified, it will be looked up from the - subnetwork if one is provided, or otherwise use "default". + network. If none is provided, "default" will be used. """ return pulumi.get(self, "network") @@ -528,14 +526,24 @@ def network(self) -> Optional[pulumi.Input[str]]: def network(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "network", value) + @property + @pulumi.getter(name="queueCount") + def queue_count(self) -> Optional[pulumi.Input[int]]: + """ + Specifies networking queue count for TPU VM instance's network interface. + """ + return pulumi.get(self, "queue_count") + + @queue_count.setter + def queue_count(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "queue_count", value) + @property @pulumi.getter def subnetwork(self) -> Optional[pulumi.Input[str]]: """ The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - must belong to the given network. If subnetwork is not specified, the subnetwork with the - same name as the network will be used. + Engine subnetwork. If none is provided, "default" will be used. """ return pulumi.get(self, "subnetwork") diff --git a/sdk/python/pulumi_gcp/tpu/outputs.py b/sdk/python/pulumi_gcp/tpu/outputs.py index f744c6c297..12b6ccbe14 100644 --- a/sdk/python/pulumi_gcp/tpu/outputs.py +++ b/sdk/python/pulumi_gcp/tpu/outputs.py @@ -354,6 +354,8 @@ def __key_warning(key: str): suggest = "can_ip_forward" elif key == "enableExternalIps": suggest = "enable_external_ips" + elif key == "queueCount": + suggest = "queue_count" if suggest: pulumi.log.warn(f"Key '{key}' not found in V2VmNetworkConfig. Access the value via the '{suggest}' property getter instead.") @@ -370,6 +372,7 @@ def __init__(__self__, *, can_ip_forward: Optional[bool] = None, enable_external_ips: Optional[bool] = None, network: Optional[str] = None, + queue_count: Optional[int] = None, subnetwork: Optional[str] = None): """ :param bool can_ip_forward: Allows the TPU node to send and receive packets with non-matching destination or source @@ -377,13 +380,10 @@ def __init__(__self__, *, :param bool enable_external_ips: Indicates that external IP addresses would be associated with the TPU workers. If set to false, the specified subnetwork or network should have Private Google Access enabled. :param str network: The name of the network for the TPU node. It must be a preexisting Google Compute Engine - network. If both network and subnetwork are specified, the given subnetwork must belong - to the given network. If network is not specified, it will be looked up from the - subnetwork if one is provided, or otherwise use "default". + network. If none is provided, "default" will be used. + :param int queue_count: Specifies networking queue count for TPU VM instance's network interface. :param str subnetwork: The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - must belong to the given network. If subnetwork is not specified, the subnetwork with the - same name as the network will be used. + Engine subnetwork. If none is provided, "default" will be used. """ if can_ip_forward is not None: pulumi.set(__self__, "can_ip_forward", can_ip_forward) @@ -391,6 +391,8 @@ def __init__(__self__, *, pulumi.set(__self__, "enable_external_ips", enable_external_ips) if network is not None: pulumi.set(__self__, "network", network) + if queue_count is not None: + pulumi.set(__self__, "queue_count", queue_count) if subnetwork is not None: pulumi.set(__self__, "subnetwork", subnetwork) @@ -417,20 +419,24 @@ def enable_external_ips(self) -> Optional[bool]: def network(self) -> Optional[str]: """ The name of the network for the TPU node. It must be a preexisting Google Compute Engine - network. If both network and subnetwork are specified, the given subnetwork must belong - to the given network. If network is not specified, it will be looked up from the - subnetwork if one is provided, or otherwise use "default". + network. If none is provided, "default" will be used. """ return pulumi.get(self, "network") + @property + @pulumi.getter(name="queueCount") + def queue_count(self) -> Optional[int]: + """ + Specifies networking queue count for TPU VM instance's network interface. + """ + return pulumi.get(self, "queue_count") + @property @pulumi.getter def subnetwork(self) -> Optional[str]: """ The name of the subnetwork for the TPU node. It must be a preexisting Google Compute - Engine subnetwork. If both network and subnetwork are specified, the given subnetwork - must belong to the given network. If subnetwork is not specified, the subnetwork with the - same name as the network will be used. + Engine subnetwork. If none is provided, "default" will be used. """ return pulumi.get(self, "subnetwork") diff --git a/sdk/python/pulumi_gcp/tpu/v2_vm.py b/sdk/python/pulumi_gcp/tpu/v2_vm.py index 78ad5ccc6c..bb0fc452ae 100644 --- a/sdk/python/pulumi_gcp/tpu/v2_vm.py +++ b/sdk/python/pulumi_gcp/tpu/v2_vm.py @@ -31,6 +31,7 @@ def __init__(__self__, *, metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, network_config: Optional[pulumi.Input['V2VmNetworkConfigArgs']] = None, + network_configs: Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]]] = None, project: Optional[pulumi.Input[str]] = None, scheduling_config: Optional[pulumi.Input['V2VmSchedulingConfigArgs']] = None, service_account: Optional[pulumi.Input['V2VmServiceAccountArgs']] = None, @@ -64,6 +65,9 @@ def __init__(__self__, *, :param pulumi.Input[str] name: The immutable name of the TPU. :param pulumi.Input['V2VmNetworkConfigArgs'] network_config: Network configurations for the TPU node. Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]] network_configs: Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input['V2VmSchedulingConfigArgs'] scheduling_config: The scheduling options for this node. @@ -95,6 +99,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if network_config is not None: pulumi.set(__self__, "network_config", network_config) + if network_configs is not None: + pulumi.set(__self__, "network_configs", network_configs) if project is not None: pulumi.set(__self__, "project", project) if scheduling_config is not None: @@ -243,6 +249,20 @@ def network_config(self) -> Optional[pulumi.Input['V2VmNetworkConfigArgs']]: def network_config(self, value: Optional[pulumi.Input['V2VmNetworkConfigArgs']]): pulumi.set(self, "network_config", value) + @property + @pulumi.getter(name="networkConfigs") + def network_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]]]: + """ + Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. + """ + return pulumi.get(self, "network_configs") + + @network_configs.setter + def network_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]]]): + pulumi.set(self, "network_configs", value) + @property @pulumi.getter def project(self) -> Optional[pulumi.Input[str]]: @@ -338,6 +358,7 @@ def __init__(__self__, *, multislice_node: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, network_config: Optional[pulumi.Input['V2VmNetworkConfigArgs']] = None, + network_configs: Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]]] = None, network_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkEndpointArgs']]]] = None, project: Optional[pulumi.Input[str]] = None, pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -378,6 +399,9 @@ def __init__(__self__, *, :param pulumi.Input[str] name: The immutable name of the TPU. :param pulumi.Input['V2VmNetworkConfigArgs'] network_config: Network configurations for the TPU node. Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]] network_configs: Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. :param pulumi.Input[Sequence[pulumi.Input['V2VmNetworkEndpointArgs']]] network_endpoints: The network endpoints where TPU workers can be accessed and sent work. It is recommended that runtime clients of the node reach out to the 0th entry in this map first. Structure is documented below. @@ -431,6 +455,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if network_config is not None: pulumi.set(__self__, "network_config", network_config) + if network_configs is not None: + pulumi.set(__self__, "network_configs", network_configs) if network_endpoints is not None: pulumi.set(__self__, "network_endpoints", network_endpoints) if project is not None: @@ -636,6 +662,20 @@ def network_config(self) -> Optional[pulumi.Input['V2VmNetworkConfigArgs']]: def network_config(self, value: Optional[pulumi.Input['V2VmNetworkConfigArgs']]): pulumi.set(self, "network_config", value) + @property + @pulumi.getter(name="networkConfigs") + def network_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]]]: + """ + Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. + """ + return pulumi.get(self, "network_configs") + + @network_configs.setter + def network_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkConfigArgs']]]]): + pulumi.set(self, "network_configs", value) + @property @pulumi.getter(name="networkEndpoints") def network_endpoints(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['V2VmNetworkEndpointArgs']]]]: @@ -807,6 +847,7 @@ def __init__(__self__, metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, network_config: Optional[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]] = None, + network_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]]]] = None, project: Optional[pulumi.Input[str]] = None, runtime_version: Optional[pulumi.Input[str]] = None, scheduling_config: Optional[pulumi.Input[Union['V2VmSchedulingConfigArgs', 'V2VmSchedulingConfigArgsDict']]] = None, @@ -874,6 +915,7 @@ def __init__(__self__, "enable_external_ips": True, "network": network.id, "subnetwork": subnet.id, + "queue_count": 32, }, scheduling_config={ "preemptible": True, @@ -952,6 +994,9 @@ def __init__(__self__, :param pulumi.Input[str] name: The immutable name of the TPU. :param pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']] network_config: Network configurations for the TPU node. Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]]] network_configs: Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] runtime_version: Runtime version for the TPU. @@ -1033,6 +1078,7 @@ def __init__(__self__, "enable_external_ips": True, "network": network.id, "subnetwork": subnet.id, + "queue_count": 32, }, scheduling_config={ "preemptible": True, @@ -1112,6 +1158,7 @@ def _internal_init(__self__, metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, name: Optional[pulumi.Input[str]] = None, network_config: Optional[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]] = None, + network_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]]]] = None, project: Optional[pulumi.Input[str]] = None, runtime_version: Optional[pulumi.Input[str]] = None, scheduling_config: Optional[pulumi.Input[Union['V2VmSchedulingConfigArgs', 'V2VmSchedulingConfigArgsDict']]] = None, @@ -1137,6 +1184,7 @@ def _internal_init(__self__, __props__.__dict__["metadata"] = metadata __props__.__dict__["name"] = name __props__.__dict__["network_config"] = network_config + __props__.__dict__["network_configs"] = network_configs __props__.__dict__["project"] = project if runtime_version is None and not opts.urn: raise TypeError("Missing required property 'runtime_version'") @@ -1182,6 +1230,7 @@ def get(resource_name: str, multislice_node: Optional[pulumi.Input[bool]] = None, name: Optional[pulumi.Input[str]] = None, network_config: Optional[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]] = None, + network_configs: Optional[pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]]]] = None, network_endpoints: Optional[pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkEndpointArgs', 'V2VmNetworkEndpointArgsDict']]]]] = None, project: Optional[pulumi.Input[str]] = None, pulumi_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -1227,6 +1276,9 @@ def get(resource_name: str, :param pulumi.Input[str] name: The immutable name of the TPU. :param pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']] network_config: Network configurations for the TPU node. Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkConfigArgs', 'V2VmNetworkConfigArgsDict']]]] network_configs: Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. :param pulumi.Input[Sequence[pulumi.Input[Union['V2VmNetworkEndpointArgs', 'V2VmNetworkEndpointArgsDict']]]] network_endpoints: The network endpoints where TPU workers can be accessed and sent work. It is recommended that runtime clients of the node reach out to the 0th entry in this map first. Structure is documented below. @@ -1270,6 +1322,7 @@ def get(resource_name: str, __props__.__dict__["multislice_node"] = multislice_node __props__.__dict__["name"] = name __props__.__dict__["network_config"] = network_config + __props__.__dict__["network_configs"] = network_configs __props__.__dict__["network_endpoints"] = network_endpoints __props__.__dict__["project"] = project __props__.__dict__["pulumi_labels"] = pulumi_labels @@ -1408,6 +1461,16 @@ def network_config(self) -> pulumi.Output['outputs.V2VmNetworkConfig']: """ return pulumi.get(self, "network_config") + @property + @pulumi.getter(name="networkConfigs") + def network_configs(self) -> pulumi.Output[Optional[Sequence['outputs.V2VmNetworkConfig']]]: + """ + Repeated network configurations for the TPU node. This field is used to specify multiple + network configs for the TPU node. + Structure is documented below. + """ + return pulumi.get(self, "network_configs") + @property @pulumi.getter(name="networkEndpoints") def network_endpoints(self) -> pulumi.Output[Sequence['outputs.V2VmNetworkEndpoint']]: diff --git a/upstream b/upstream index 3cb3eb06bf..7d938e047e 160000 --- a/upstream +++ b/upstream @@ -1 +1 @@ -Subproject commit 3cb3eb06bf67ded186d86cdf7e0e542dc98e5fdb +Subproject commit 7d938e047ea8b1a83cadf6119477a48e89a84af1