@pulumi/gcp 6.10.0 → 6.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/cloudbuild/workerPool.d.ts +0 -2
  2. package/cloudbuild/workerPool.js +0 -2
  3. package/cloudbuild/workerPool.js.map +1 -1
  4. package/cloudfunctions/function.d.ts +24 -0
  5. package/cloudfunctions/function.js +4 -0
  6. package/cloudfunctions/function.js.map +1 -1
  7. package/cloudfunctions/getFunction.d.ts +2 -0
  8. package/cloudfunctions/getFunction.js.map +1 -1
  9. package/compute/backendService.d.ts +1 -5
  10. package/compute/backendService.js +1 -5
  11. package/compute/backendService.js.map +1 -1
  12. package/compute/backendServiceIamBinding.d.ts +54 -0
  13. package/compute/backendServiceIamBinding.js +65 -0
  14. package/compute/backendServiceIamBinding.js.map +1 -0
  15. package/compute/backendServiceIamMember.d.ts +54 -0
  16. package/compute/backendServiceIamMember.js +65 -0
  17. package/compute/backendServiceIamMember.js.map +1 -0
  18. package/compute/backendServiceIamPolicy.d.ts +47 -0
  19. package/compute/backendServiceIamPolicy.js +58 -0
  20. package/compute/backendServiceIamPolicy.js.map +1 -0
  21. package/compute/getInstanceTemplate.d.ts +5 -5
  22. package/compute/getInstanceTemplate.js +1 -0
  23. package/compute/getInstanceTemplate.js.map +1 -1
  24. package/compute/globalForwardingRule.d.ts +51 -4
  25. package/compute/globalForwardingRule.js +39 -1
  26. package/compute/globalForwardingRule.js.map +1 -1
  27. package/compute/index.d.ts +3 -0
  28. package/compute/index.js +15 -0
  29. package/compute/index.js.map +1 -1
  30. package/compute/regionNetworkEndpointGroup.d.ts +24 -9
  31. package/compute/regionNetworkEndpointGroup.js +2 -0
  32. package/compute/regionNetworkEndpointGroup.js.map +1 -1
  33. package/container/cluster.d.ts +1 -1
  34. package/container/cluster.js +1 -1
  35. package/package.json +2 -2
  36. package/package.json.dev +2 -2
  37. package/servicenetworking/connection.d.ts +6 -0
  38. package/servicenetworking/connection.js.map +1 -1
  39. package/storage/bucket.d.ts +9 -0
  40. package/storage/bucket.js.map +1 -1
  41. package/types/input.d.ts +223 -33
  42. package/types/output.d.ts +245 -33
  43. package/vpcaccess/connector.d.ts +3 -3
package/types/output.d.ts CHANGED
@@ -5548,6 +5548,52 @@ export declare namespace cloudfunctions {
5548
5548
  expression: string;
5549
5549
  title: string;
5550
5550
  }
5551
+ interface FunctionSecretEnvironmentVariable {
5552
+ /**
5553
+ * Name of the environment variable.
5554
+ */
5555
+ key: string;
5556
+ /**
5557
+ * Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
5558
+ */
5559
+ projectId: string;
5560
+ /**
5561
+ * ID of the secret in secret manager (not the full resource name).
5562
+ */
5563
+ secret: string;
5564
+ /**
5565
+ * Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
5566
+ */
5567
+ version: string;
5568
+ }
5569
+ interface FunctionSecretVolume {
5570
+ /**
5571
+ * The path within the container to mount the secret volume. For example, setting the mountPath as "/etc/secrets" would mount the secret value files under the "/etc/secrets" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: "/etc/secrets" Restricted mount paths: "/cloudsql", "/dev/log", "/pod", "/proc", "/var/log".
5572
+ */
5573
+ mountPath: string;
5574
+ /**
5575
+ * Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.
5576
+ */
5577
+ projectId: string;
5578
+ /**
5579
+ * ID of the secret in secret manager (not the full resource name).
5580
+ */
5581
+ secret: string;
5582
+ /**
5583
+ * List of secret versions to mount for this secret. If empty, the "latest" version of the secret will be made available in a file named after the secret under the mount point. Structure is documented below.
5584
+ */
5585
+ versions?: outputs.cloudfunctions.FunctionSecretVolumeVersion[];
5586
+ }
5587
+ interface FunctionSecretVolumeVersion {
5588
+ /**
5589
+ * Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as "/etc/secrets" and path as "/secret_foo" would mount the secret value file at "/etc/secrets/secret_foo".
5590
+ */
5591
+ path: string;
5592
+ /**
5593
+ * Version of the secret (version number or the string "latest"). It is preferable to use "latest" version with secret volumes as secret value changes are reflected immediately.
5594
+ */
5595
+ version: string;
5596
+ }
5551
5597
  interface FunctionSourceRepository {
5552
5598
  deployedUrl: string;
5553
5599
  /**
@@ -5577,6 +5623,22 @@ export declare namespace cloudfunctions {
5577
5623
  */
5578
5624
  retry: boolean;
5579
5625
  }
5626
+ interface GetFunctionSecretEnvironmentVariable {
5627
+ key: string;
5628
+ projectId: string;
5629
+ secret: string;
5630
+ version: string;
5631
+ }
5632
+ interface GetFunctionSecretVolume {
5633
+ mountPath: string;
5634
+ projectId: string;
5635
+ secret: string;
5636
+ versions: outputs.cloudfunctions.GetFunctionSecretVolumeVersion[];
5637
+ }
5638
+ interface GetFunctionSecretVolumeVersion {
5639
+ path: string;
5640
+ version: string;
5641
+ }
5580
5642
  interface GetFunctionSourceRepository {
5581
5643
  deployedUrl: string;
5582
5644
  /**
@@ -6349,15 +6411,15 @@ export declare namespace cloudrun {
6349
6411
  }
6350
6412
  interface ServiceTemplateSpecContainerPort {
6351
6413
  /**
6352
- * Port number.
6414
+ * Port number the container listens on. This must be a valid port number, 0 < x < 65536.
6353
6415
  */
6354
- containerPort: number;
6416
+ containerPort?: number;
6355
6417
  /**
6356
6418
  * Volume's name.
6357
6419
  */
6358
6420
  name: string;
6359
6421
  /**
6360
- * Protocol used on port. Defaults to TCP.
6422
+ * Protocol for port. Must be "TCP". Defaults to "TCP".
6361
6423
  */
6362
6424
  protocol?: string;
6363
6425
  }
@@ -7785,6 +7847,16 @@ export declare namespace compute {
7785
7847
  */
7786
7848
  seconds: number;
7787
7849
  }
7850
+ interface BackendServiceIamBindingCondition {
7851
+ description?: string;
7852
+ expression: string;
7853
+ title: string;
7854
+ }
7855
+ interface BackendServiceIamMemberCondition {
7856
+ description?: string;
7857
+ expression: string;
7858
+ title: string;
7859
+ }
7788
7860
  interface BackendServiceIap {
7789
7861
  /**
7790
7862
  * OAuth2 Client ID for IAP
@@ -7916,7 +7988,17 @@ export declare namespace compute {
7916
7988
  seconds: number;
7917
7989
  }
7918
7990
  interface BackendServiceSecuritySettings {
7991
+ /**
7992
+ * ClientTlsPolicy is a resource that specifies how a client should authenticate
7993
+ * connections to backends of a service. This resource itself does not affect
7994
+ * configuration unless it is attached to a backend service resource.
7995
+ */
7919
7996
  clientTlsPolicy: string;
7997
+ /**
7998
+ * A list of alternate names to verify the subject identity in the certificate.
7999
+ * If specified, the client will verify that the server certificate's subject
8000
+ * alt name matches one of the specified values.
8001
+ */
7920
8002
  subjectAltNames: string[];
7921
8003
  }
7922
8004
  interface DiskDiskEncryptionKey {
@@ -11792,18 +11874,15 @@ export declare namespace compute {
11792
11874
  */
11793
11875
  service?: string;
11794
11876
  /**
11795
- * A template to parse function field from a request URL. URL mask allows
11796
- * for routing to multiple Cloud Functions without having to create
11797
- * multiple Network Endpoint Groups and backend services.
11798
- * For example, request URLs "mydomain.com/function1" and "mydomain.com/function2"
11799
- * can be backed by the same Serverless NEG with URL mask "/". The URL mask
11800
- * will parse them to { function = "function1" } and { function = "function2" } respectively.
11877
+ * A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
11878
+ * on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
11879
+ * The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
11880
+ * App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
11801
11881
  */
11802
11882
  urlMask?: string;
11803
11883
  /**
11804
- * Optional serving version.
11805
- * The version must be 1-63 characters long, and comply with RFC1035.
11806
- * Example value: "v1", "v2".
11884
+ * The optional resource version. The version identified by this value is platform-specific and is follows:
11885
+ * API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag
11807
11886
  */
11808
11887
  version?: string;
11809
11888
  }
@@ -11815,12 +11894,10 @@ export declare namespace compute {
11815
11894
  */
11816
11895
  function?: string;
11817
11896
  /**
11818
- * A template to parse function field from a request URL. URL mask allows
11819
- * for routing to multiple Cloud Functions without having to create
11820
- * multiple Network Endpoint Groups and backend services.
11821
- * For example, request URLs "mydomain.com/function1" and "mydomain.com/function2"
11822
- * can be backed by the same Serverless NEG with URL mask "/". The URL mask
11823
- * will parse them to { function = "function1" } and { function = "function2" } respectively.
11897
+ * A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
11898
+ * on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
11899
+ * The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
11900
+ * App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
11824
11901
  */
11825
11902
  urlMask?: string;
11826
11903
  }
@@ -11839,15 +11916,38 @@ export declare namespace compute {
11839
11916
  */
11840
11917
  tag?: string;
11841
11918
  /**
11842
- * A template to parse function field from a request URL. URL mask allows
11843
- * for routing to multiple Cloud Functions without having to create
11844
- * multiple Network Endpoint Groups and backend services.
11845
- * For example, request URLs "mydomain.com/function1" and "mydomain.com/function2"
11846
- * can be backed by the same Serverless NEG with URL mask "/". The URL mask
11847
- * will parse them to { function = "function1" } and { function = "function2" } respectively.
11919
+ * A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
11920
+ * on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
11921
+ * The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
11922
+ * App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
11848
11923
  */
11849
11924
  urlMask?: string;
11850
11925
  }
11926
+ interface RegionNetworkEndpointGroupServerlessDeployment {
11927
+ /**
11928
+ * The platform of the NEG backend target(s). Possible values:
11929
+ * API Gateway: apigateway.googleapis.com
11930
+ */
11931
+ platform: string;
11932
+ /**
11933
+ * The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask.
11934
+ * The resource identified by this value is platform-specific and is as follows: API Gateway: The gateway ID, App Engine: The service name,
11935
+ * Cloud Functions: The function name, Cloud Run: The service name
11936
+ */
11937
+ resource?: string;
11938
+ /**
11939
+ * A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources
11940
+ * on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources.
11941
+ * The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID,
11942
+ * App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
11943
+ */
11944
+ urlMask: string;
11945
+ /**
11946
+ * The optional resource version. The version identified by this value is platform-specific and is follows:
11947
+ * API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag
11948
+ */
11949
+ version?: string;
11950
+ }
11851
11951
  interface RegionPerInstanceConfigPreservedState {
11852
11952
  /**
11853
11953
  * Stateful disks for the instance.
@@ -13541,6 +13641,8 @@ export declare namespace compute {
13541
13641
  * Action to take when `match` matches the request. Valid values:
13542
13642
  * * "allow" : allow access to target
13543
13643
  * * "deny(status)" : deny access to target, returns the HTTP response code specified (valid values are 403, 404 and 502)
13644
+ * * "rateBasedBan" : limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.
13645
+ * * "threshold" : limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.
13544
13646
  */
13545
13647
  action: string;
13546
13648
  /**
@@ -13562,6 +13664,11 @@ export declare namespace compute {
13562
13664
  * Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.
13563
13665
  */
13564
13666
  priority: number;
13667
+ /**
13668
+ * )
13669
+ * Must be specified if the `action` is "rateBasedBad" or "throttle". Cannot be specified for other actions. Structure is documented below.
13670
+ */
13671
+ rateLimitOptions?: outputs.compute.SecurityPolicyRuleRateLimitOptions;
13565
13672
  }
13566
13673
  interface SecurityPolicyRuleMatch {
13567
13674
  /**
@@ -13598,6 +13705,66 @@ export declare namespace compute {
13598
13705
  */
13599
13706
  expression: string;
13600
13707
  }
13708
+ interface SecurityPolicyRuleRateLimitOptions {
13709
+ /**
13710
+ * Can only be specified if the `action` for the rule is "rateBasedBan".
13711
+ * If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
13712
+ */
13713
+ banDurationSec?: number;
13714
+ /**
13715
+ * Can only be specified if the `action` for the rule is "rateBasedBan".
13716
+ * If specified, the key will be banned for the configured 'ban_duration_sec' when the number of requests that exceed the 'rate_limit_threshold' also
13717
+ * exceed this 'ban_threshold'. Structure is documented below.
13718
+ */
13719
+ banThreshold?: outputs.compute.SecurityPolicyRuleRateLimitOptionsBanThreshold;
13720
+ /**
13721
+ * Action to take for requests that are under the configured rate limit threshold. Valid option is "allow" only.
13722
+ */
13723
+ conformAction: string;
13724
+ /**
13725
+ * Determines the key to enforce the rateLimitThreshold on.
13726
+ * Possible values incude "ALL", "ALL_IPS", "HTTP_HEADER", "IP", "XFF_IP". If not specified, defaults to "ALL".
13727
+ */
13728
+ enforceOnKey?: string;
13729
+ /**
13730
+ * Rate limit key name applicable only for HTTP_HEADER key types. Name of the HTTP header whose value is taken as the key value.
13731
+ */
13732
+ enforceOnKeyName?: string;
13733
+ /**
13734
+ * When a request is denied, returns the HTTP response code specified.
13735
+ * Valid options are "deny()" where valid values for status are 403, 404, 429, and 502.
13736
+ */
13737
+ exceedAction: string;
13738
+ exceedRedirectOptions?: outputs.compute.SecurityPolicyRuleRateLimitOptionsExceedRedirectOptions;
13739
+ /**
13740
+ * Threshold at which to begin ratelimiting. Structure is documented below.
13741
+ */
13742
+ rateLimitThreshold: outputs.compute.SecurityPolicyRuleRateLimitOptionsRateLimitThreshold;
13743
+ }
13744
+ interface SecurityPolicyRuleRateLimitOptionsBanThreshold {
13745
+ /**
13746
+ * Number of HTTP(S) requests for calculating the threshold.
13747
+ */
13748
+ count: number;
13749
+ /**
13750
+ * Interval over which the threshold is computed.
13751
+ */
13752
+ intervalSec: number;
13753
+ }
13754
+ interface SecurityPolicyRuleRateLimitOptionsExceedRedirectOptions {
13755
+ target?: string;
13756
+ type: string;
13757
+ }
13758
+ interface SecurityPolicyRuleRateLimitOptionsRateLimitThreshold {
13759
+ /**
13760
+ * Number of HTTP(S) requests for calculating the threshold.
13761
+ */
13762
+ count: number;
13763
+ /**
13764
+ * Interval over which the threshold is computed.
13765
+ */
13766
+ intervalSec: number;
13767
+ }
13601
13768
  interface SecurityScanConfigAuthentication {
13602
13769
  /**
13603
13770
  * Describes authentication configuration that uses a custom account.
@@ -16119,6 +16286,12 @@ export declare namespace container {
16119
16286
  * Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Defaults to disabled; set `enabled = true` to enable.
16120
16287
  */
16121
16288
  gcePersistentDiskCsiDriverConfig: outputs.container.ClusterAddonsConfigGcePersistentDiskCsiDriverConfig;
16289
+ /**
16290
+ * The status of the Filestore CSI driver addon,
16291
+ * which allows the usage of filestore instance as volumes.
16292
+ * It is disbaled by default; set `enabled = true` to enable.
16293
+ */
16294
+ gcpFilestoreCsiDriverConfig: outputs.container.ClusterAddonsConfigGcpFilestoreCsiDriverConfig;
16122
16295
  /**
16123
16296
  * The status of the Horizontal Pod Autoscaling
16124
16297
  * addon, which increases or decreases the number of replica pods a replication controller
@@ -16186,6 +16359,13 @@ export declare namespace container {
16186
16359
  */
16187
16360
  enabled: boolean;
16188
16361
  }
16362
+ interface ClusterAddonsConfigGcpFilestoreCsiDriverConfig {
16363
+ /**
16364
+ * Enable the PodSecurityPolicy controller for this cluster.
16365
+ * If enabled, pods must be valid under a PodSecurityPolicy to be created.
16366
+ */
16367
+ enabled: boolean;
16368
+ }
16189
16369
  interface ClusterAddonsConfigHorizontalPodAutoscaling {
16190
16370
  /**
16191
16371
  * The status of the Istio addon, which makes it easy to set up Istio for services in a
@@ -16258,6 +16438,11 @@ export declare namespace container {
16258
16438
  resourceLimits?: outputs.container.ClusterClusterAutoscalingResourceLimit[];
16259
16439
  }
16260
16440
  interface ClusterClusterAutoscalingAutoProvisioningDefaults {
16441
+ /**
16442
+ * The image type to use for this node. Note that changing the image type
16443
+ * will delete and recreate all nodes in the node pool.
16444
+ */
16445
+ imageType?: string;
16261
16446
  /**
16262
16447
  * Minimum CPU platform to be used by this instance.
16263
16448
  * The instance may be scheduled on the specified or newer CPU platform. Applicable
@@ -16461,7 +16646,7 @@ export declare namespace container {
16461
16646
  }
16462
16647
  interface ClusterNodeConfig {
16463
16648
  /**
16464
- * The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
16649
+ * The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: <https://cloud.google.com/compute/docs/disks/customer-managed-encryption>
16465
16650
  */
16466
16651
  bootDiskKmsKey?: string;
16467
16652
  /**
@@ -16560,8 +16745,7 @@ export declare namespace container {
16560
16745
  */
16561
16746
  preemptible?: boolean;
16562
16747
  /**
16563
- * ) [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `imageType = "COS_CONTAINERD"` and `nodeVersion = "1.12.7-gke.17"` or later to use it.
16564
- * >>>>>>> v4.3.0
16748
+ * [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `imageType = "COS_CONTAINERD"` and `nodeVersion = "1.12.7-gke.17"` or later to use it.
16565
16749
  * Structure is documented below.
16566
16750
  */
16567
16751
  sandboxConfig?: outputs.container.ClusterNodeConfigSandboxConfig;
@@ -16769,7 +16953,7 @@ export declare namespace container {
16769
16953
  }
16770
16954
  interface ClusterNodePoolNodeConfig {
16771
16955
  /**
16772
- * The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
16956
+ * The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: <https://cloud.google.com/compute/docs/disks/customer-managed-encryption>
16773
16957
  */
16774
16958
  bootDiskKmsKey?: string;
16775
16959
  /**
@@ -16868,8 +17052,7 @@ export declare namespace container {
16868
17052
  */
16869
17053
  preemptible?: boolean;
16870
17054
  /**
16871
- * ) [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `imageType = "COS_CONTAINERD"` and `nodeVersion = "1.12.7-gke.17"` or later to use it.
16872
- * >>>>>>> v4.3.0
17055
+ * [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `imageType = "COS_CONTAINERD"` and `nodeVersion = "1.12.7-gke.17"` or later to use it.
16873
17056
  * Structure is documented below.
16874
17057
  */
16875
17058
  sandboxConfig?: outputs.container.ClusterNodePoolNodeConfigSandboxConfig;
@@ -17138,6 +17321,7 @@ export declare namespace container {
17138
17321
  configConnectorConfigs: outputs.container.GetClusterAddonsConfigConfigConnectorConfig[];
17139
17322
  dnsCacheConfigs: outputs.container.GetClusterAddonsConfigDnsCacheConfig[];
17140
17323
  gcePersistentDiskCsiDriverConfigs: outputs.container.GetClusterAddonsConfigGcePersistentDiskCsiDriverConfig[];
17324
+ gcpFilestoreCsiDriverConfigs: outputs.container.GetClusterAddonsConfigGcpFilestoreCsiDriverConfig[];
17141
17325
  horizontalPodAutoscalings: outputs.container.GetClusterAddonsConfigHorizontalPodAutoscaling[];
17142
17326
  httpLoadBalancings: outputs.container.GetClusterAddonsConfigHttpLoadBalancing[];
17143
17327
  istioConfigs: outputs.container.GetClusterAddonsConfigIstioConfig[];
@@ -17157,6 +17341,9 @@ export declare namespace container {
17157
17341
  interface GetClusterAddonsConfigGcePersistentDiskCsiDriverConfig {
17158
17342
  enabled: boolean;
17159
17343
  }
17344
+ interface GetClusterAddonsConfigGcpFilestoreCsiDriverConfig {
17345
+ enabled: boolean;
17346
+ }
17160
17347
  interface GetClusterAddonsConfigHorizontalPodAutoscaling {
17161
17348
  disabled: boolean;
17162
17349
  }
@@ -17183,6 +17370,7 @@ export declare namespace container {
17183
17370
  resourceLimits: outputs.container.GetClusterClusterAutoscalingResourceLimit[];
17184
17371
  }
17185
17372
  interface GetClusterClusterAutoscalingAutoProvisioningDefault {
17373
+ imageType: string;
17186
17374
  minCpuPlatform: string;
17187
17375
  oauthScopes: string[];
17188
17376
  serviceAccount: string;
@@ -28241,6 +28429,10 @@ export declare namespace spanner {
28241
28429
  }
28242
28430
  export declare namespace sql {
28243
28431
  interface DatabaseInstanceClone {
28432
+ /**
28433
+ * The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression a-z?.
28434
+ */
28435
+ allocatedIpRange?: string;
28244
28436
  /**
28245
28437
  * The timestamp of the point in time that should be restored.
28246
28438
  */
@@ -28394,8 +28586,7 @@ export declare namespace sql {
28394
28586
  */
28395
28587
  backupRetentionSettings: outputs.sql.DatabaseInstanceSettingsBackupConfigurationBackupRetentionSettings;
28396
28588
  /**
28397
- * True if binary logging is enabled. If
28398
- * `settings.backup_configuration.enabled` is false, this must be as well.
28589
+ * True if binary logging is enabled.
28399
28590
  * Cannot be used with Postgres.
28400
28591
  */
28401
28592
  binaryLogEnabled?: boolean;
@@ -28464,7 +28655,7 @@ export declare namespace sql {
28464
28655
  }
28465
28656
  interface DatabaseInstanceSettingsIpConfiguration {
28466
28657
  /**
28467
- * The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression a-z?.
28658
+ * The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression a-z?.
28468
28659
  */
28469
28660
  allocatedIpRange?: string;
28470
28661
  authorizedNetworks?: outputs.sql.DatabaseInstanceSettingsIpConfigurationAuthorizedNetwork[];
@@ -28554,6 +28745,7 @@ export declare namespace sql {
28554
28745
  sha1Fingerprint: string;
28555
28746
  }
28556
28747
  interface GetDatabaseInstanceClone {
28748
+ allocatedIpRange: string;
28557
28749
  pointInTime: string;
28558
28750
  sourceInstanceName: string;
28559
28751
  }
@@ -28963,6 +29155,14 @@ export declare namespace storage {
28963
29155
  * Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' `lastModificationTime` do not exclude objects in a data sink. Structure documented below.
28964
29156
  */
28965
29157
  objectConditions?: outputs.storage.TransferJobTransferSpecObjectConditions;
29158
+ /**
29159
+ * A POSIX data sink. Structure documented below.
29160
+ */
29161
+ posixDataSink?: outputs.storage.TransferJobTransferSpecPosixDataSink;
29162
+ /**
29163
+ * A POSIX filesystem data source. Structure documented below.
29164
+ */
29165
+ posixDataSource?: outputs.storage.TransferJobTransferSpecPosixDataSource;
28966
29166
  /**
28967
29167
  * Characteristics of how to treat files from datasource and sink during job. If the option `deleteObjectsUniqueInSink` is true, object conditions based on objects' `lastModificationTime` are ignored and do not exclude objects in a data source or a data sink. Structure documented below.
28968
29168
  */
@@ -29060,6 +29260,18 @@ export declare namespace storage {
29060
29260
  */
29061
29261
  minTimeElapsedSinceLastModification?: string;
29062
29262
  }
29263
+ interface TransferJobTransferSpecPosixDataSink {
29264
+ /**
29265
+ * Root directory path to the filesystem.
29266
+ */
29267
+ rootDirectory: string;
29268
+ }
29269
+ interface TransferJobTransferSpecPosixDataSource {
29270
+ /**
29271
+ * Root directory path to the filesystem.
29272
+ */
29273
+ rootDirectory: string;
29274
+ }
29063
29275
  interface TransferJobTransferSpecTransferOptions {
29064
29276
  /**
29065
29277
  * Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and `deleteObjectsUniqueInSink` are mutually exclusive.
@@ -182,7 +182,7 @@ export declare class Connector extends pulumi.CustomResource {
182
182
  */
183
183
  readonly name: pulumi.Output<string>;
184
184
  /**
185
- * Name of the VPC network. Required if `ipCidrRange` is set.
185
+ * Name or selfLink of the VPC network. Required if `ipCidrRange` is set.
186
186
  */
187
187
  readonly network: pulumi.Output<string | undefined>;
188
188
  /**
@@ -250,7 +250,7 @@ export interface ConnectorState {
250
250
  */
251
251
  name?: pulumi.Input<string>;
252
252
  /**
253
- * Name of the VPC network. Required if `ipCidrRange` is set.
253
+ * Name or selfLink of the VPC network. Required if `ipCidrRange` is set.
254
254
  */
255
255
  network?: pulumi.Input<string>;
256
256
  /**
@@ -310,7 +310,7 @@ export interface ConnectorArgs {
310
310
  */
311
311
  name?: pulumi.Input<string>;
312
312
  /**
313
- * Name of the VPC network. Required if `ipCidrRange` is set.
313
+ * Name or selfLink of the VPC network. Required if `ipCidrRange` is set.
314
314
  */
315
315
  network?: pulumi.Input<string>;
316
316
  /**