pulumi-aiven 6.37.0a1744182902__py3-none-any.whl → 6.38.0__py3-none-any.whl

pulumi_aiven/outputs.py

@@ -23,6 +23,7 @@ __all__ = [
     'AlloydbomniAlloydbomniUserConfig',
     'AlloydbomniAlloydbomniUserConfigIpFilterObject',
     'AlloydbomniAlloydbomniUserConfigPg',
+    'AlloydbomniAlloydbomniUserConfigPgaudit',
     'AlloydbomniAlloydbomniUserConfigPgbouncer',
     'AlloydbomniAlloydbomniUserConfigPglookout',
     'AlloydbomniAlloydbomniUserConfigPrivateAccess',
@@ -80,6 +81,8 @@ __all__ = [
     'FlinkServiceIntegration',
     'FlinkTag',
     'FlinkTechEmail',
+    'GovernanceAccessAccessData',
+    'GovernanceAccessAccessDataAcl',
     'GrafanaComponent',
     'GrafanaGrafana',
     'GrafanaGrafanaUserConfig',
@@ -132,6 +135,7 @@ __all__ = [
     'KafkaKafkaUserConfigKafka',
     'KafkaKafkaUserConfigKafkaAuthenticationMethods',
     'KafkaKafkaUserConfigKafkaConnectConfig',
+    'KafkaKafkaUserConfigKafkaConnectPluginVersion',
     'KafkaKafkaUserConfigKafkaConnectSecretProvider',
     'KafkaKafkaUserConfigKafkaConnectSecretProviderAws',
     'KafkaKafkaUserConfigKafkaConnectSecretProviderVault',
@@ -235,9 +239,12 @@ __all__ = [
     'OpenSearchServiceIntegration',
     'OpenSearchTag',
     'OpenSearchTechEmail',
+    'OrganizationAddressTimeouts',
+    'OrganizationBillingGroupTimeouts',
     'OrganizationGroupProjectTimeouts',
     'OrganizationPermissionPermission',
     'OrganizationProjectTag',
+    'OrganizationProjectTimeouts',
     'OrganizationTimeouts',
     'OrganizationUserGroupMemberTimeouts',
     'PgComponent',
@@ -350,6 +357,7 @@ __all__ = [
     'GetAlloydbomniAlloydbomniUserConfigResult',
     'GetAlloydbomniAlloydbomniUserConfigIpFilterObjectResult',
     'GetAlloydbomniAlloydbomniUserConfigPgResult',
+    'GetAlloydbomniAlloydbomniUserConfigPgauditResult',
     'GetAlloydbomniAlloydbomniUserConfigPgbouncerResult',
     'GetAlloydbomniAlloydbomniUserConfigPglookoutResult',
     'GetAlloydbomniAlloydbomniUserConfigPrivateAccessResult',
@@ -463,6 +471,7 @@ __all__ = [
     'GetKafkaKafkaUserConfigKafkaResult',
     'GetKafkaKafkaUserConfigKafkaAuthenticationMethodsResult',
     'GetKafkaKafkaUserConfigKafkaConnectConfigResult',
+    'GetKafkaKafkaUserConfigKafkaConnectPluginVersionResult',
     'GetKafkaKafkaUserConfigKafkaConnectSecretProviderResult',
     'GetKafkaKafkaUserConfigKafkaConnectSecretProviderAwsResult',
     'GetKafkaKafkaUserConfigKafkaConnectSecretProviderVaultResult',
@@ -566,7 +575,13 @@ __all__ = [
     'GetOpenSearchServiceIntegrationResult',
     'GetOpenSearchTagResult',
     'GetOpenSearchTechEmailResult',
+    'GetOrganizationAddressTimeoutsResult',
+    'GetOrganizationBillingGroupListBillingGroupResult',
+    'GetOrganizationBillingGroupListTimeoutsResult',
+    'GetOrganizationBillingGroupTimeoutsResult',
     'GetOrganizationProjectTagResult',
+    'GetOrganizationProjectTimeoutsResult',
+    'GetOrganizationTimeoutsResult',
     'GetOrganizationUserListUserResult',
     'GetOrganizationUserListUserUserInfoResult',
     'GetPgComponentResult',
@@ -1144,6 +1159,7 @@ class AlloydbomniAlloydbomniUserConfig(dict):
                  pg_read_replica: Optional[builtins.bool] = None,
                  pg_service_to_fork_from: Optional[builtins.str] = None,
                  pg_version: Optional[builtins.str] = None,
+                 pgaudit: Optional['outputs.AlloydbomniAlloydbomniUserConfigPgaudit'] = None,
                  pgbouncer: Optional['outputs.AlloydbomniAlloydbomniUserConfigPgbouncer'] = None,
                  pglookout: Optional['outputs.AlloydbomniAlloydbomniUserConfigPglookout'] = None,
                  private_access: Optional['outputs.AlloydbomniAlloydbomniUserConfigPrivateAccess'] = None,
@@ -1175,6 +1191,7 @@ class AlloydbomniAlloydbomniUserConfig(dict):
         :param builtins.bool pg_read_replica: Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).
         :param builtins.str pg_service_to_fork_from: Name of the PG Service from which to fork (deprecated, use service*to*fork_from). This has effect only when a new service is being created. Example: `anotherservicename`.
         :param builtins.str pg_version: Enum: `15`, and newer. PostgreSQL major version.
+        :param 'AlloydbomniAlloydbomniUserConfigPgauditArgs' pgaudit: System-wide settings for the pgaudit extension
         :param 'AlloydbomniAlloydbomniUserConfigPgbouncerArgs' pgbouncer: PGBouncer connection pooling settings
         :param 'AlloydbomniAlloydbomniUserConfigPglookoutArgs' pglookout: System-wide settings for pglookout
         :param 'AlloydbomniAlloydbomniUserConfigPrivateAccessArgs' private_access: Allow access to selected service ports from private networks
@@ -1222,6 +1239,8 @@ class AlloydbomniAlloydbomniUserConfig(dict):
             pulumi.set(__self__, "pg_service_to_fork_from", pg_service_to_fork_from)
         if pg_version is not None:
             pulumi.set(__self__, "pg_version", pg_version)
+        if pgaudit is not None:
+            pulumi.set(__self__, "pgaudit", pgaudit)
         if pgbouncer is not None:
             pulumi.set(__self__, "pgbouncer", pgbouncer)
         if pglookout is not None:
@@ -1380,6 +1399,14 @@ class AlloydbomniAlloydbomniUserConfig(dict):
         """
         return pulumi.get(self, "pg_version")
 
+    @property
+    @pulumi.getter
+    def pgaudit(self) -> Optional['outputs.AlloydbomniAlloydbomniUserConfigPgaudit']:
+        """
+        System-wide settings for the pgaudit extension
+        """
+        return pulumi.get(self, "pgaudit")
+
     @property
     @pulumi.getter
     def pgbouncer(self) -> Optional['outputs.AlloydbomniAlloydbomniUserConfigPgbouncer']:
@@ -2213,6 +2240,220 @@ class AlloydbomniAlloydbomniUserConfigPg(dict):
         return pulumi.get(self, "wal_writer_delay")
 
 
+@pulumi.output_type
+class AlloydbomniAlloydbomniUserConfigPgaudit(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "featureEnabled":
+            suggest = "feature_enabled"
+        elif key == "logCatalog":
+            suggest = "log_catalog"
+        elif key == "logClient":
+            suggest = "log_client"
+        elif key == "logLevel":
+            suggest = "log_level"
+        elif key == "logMaxStringLength":
+            suggest = "log_max_string_length"
+        elif key == "logNestedStatements":
+            suggest = "log_nested_statements"
+        elif key == "logParameter":
+            suggest = "log_parameter"
+        elif key == "logParameterMaxSize":
+            suggest = "log_parameter_max_size"
+        elif key == "logRelation":
+            suggest = "log_relation"
+        elif key == "logRows":
+            suggest = "log_rows"
+        elif key == "logStatement":
+            suggest = "log_statement"
+        elif key == "logStatementOnce":
+            suggest = "log_statement_once"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in AlloydbomniAlloydbomniUserConfigPgaudit. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        AlloydbomniAlloydbomniUserConfigPgaudit.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        AlloydbomniAlloydbomniUserConfigPgaudit.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 feature_enabled: Optional[builtins.bool] = None,
+                 log_catalog: Optional[builtins.bool] = None,
+                 log_client: Optional[builtins.bool] = None,
+                 log_level: Optional[builtins.str] = None,
+                 log_max_string_length: Optional[builtins.int] = None,
+                 log_nested_statements: Optional[builtins.bool] = None,
+                 log_parameter: Optional[builtins.bool] = None,
+                 log_parameter_max_size: Optional[builtins.int] = None,
+                 log_relation: Optional[builtins.bool] = None,
+                 log_rows: Optional[builtins.bool] = None,
+                 log_statement: Optional[builtins.bool] = None,
+                 log_statement_once: Optional[builtins.bool] = None,
+                 logs: Optional[Sequence[builtins.str]] = None,
+                 role: Optional[builtins.str] = None):
+        """
+        :param builtins.bool feature_enabled: Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
+        :param builtins.bool log_catalog: Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
+        :param builtins.bool log_client: Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
+        :param builtins.str log_level: Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
+        :param builtins.int log_max_string_length: Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
+        :param builtins.bool log_nested_statements: This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
+        :param builtins.bool log_parameter: Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
+        :param builtins.int log_parameter_max_size: Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with \\n\\n. Default: `0`.
+        :param builtins.bool log_relation: Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. Default: `false`.
+        :param builtins.bool log_rows: Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. Default: `false`.
+        :param builtins.bool log_statement: Specifies whether logging will include the statement text and parameters (if enabled). Default: `true`.
+        :param builtins.bool log_statement_once: Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. Default: `false`.
+        :param Sequence[builtins.str] logs: Specifies which classes of statements will be logged by session audit logging.
+        :param builtins.str role: Specifies the master role to use for object audit logging.
+        """
+        if feature_enabled is not None:
+            pulumi.set(__self__, "feature_enabled", feature_enabled)
+        if log_catalog is not None:
+            pulumi.set(__self__, "log_catalog", log_catalog)
+        if log_client is not None:
+            pulumi.set(__self__, "log_client", log_client)
+        if log_level is not None:
+            pulumi.set(__self__, "log_level", log_level)
+        if log_max_string_length is not None:
+            pulumi.set(__self__, "log_max_string_length", log_max_string_length)
+        if log_nested_statements is not None:
+            pulumi.set(__self__, "log_nested_statements", log_nested_statements)
+        if log_parameter is not None:
+            pulumi.set(__self__, "log_parameter", log_parameter)
+        if log_parameter_max_size is not None:
+            pulumi.set(__self__, "log_parameter_max_size", log_parameter_max_size)
+        if log_relation is not None:
+            pulumi.set(__self__, "log_relation", log_relation)
+        if log_rows is not None:
+            pulumi.set(__self__, "log_rows", log_rows)
+        if log_statement is not None:
+            pulumi.set(__self__, "log_statement", log_statement)
+        if log_statement_once is not None:
+            pulumi.set(__self__, "log_statement_once", log_statement_once)
+        if logs is not None:
+            pulumi.set(__self__, "logs", logs)
+        if role is not None:
+            pulumi.set(__self__, "role", role)
+
+    @property
+    @pulumi.getter(name="featureEnabled")
+    def feature_enabled(self) -> Optional[builtins.bool]:
+        """
+        Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
+        """
+        return pulumi.get(self, "feature_enabled")
+
+    @property
+    @pulumi.getter(name="logCatalog")
+    def log_catalog(self) -> Optional[builtins.bool]:
+        """
+        Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
+        """
+        return pulumi.get(self, "log_catalog")
+
+    @property
+    @pulumi.getter(name="logClient")
+    def log_client(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
+        """
+        return pulumi.get(self, "log_client")
+
+    @property
+    @pulumi.getter(name="logLevel")
+    def log_level(self) -> Optional[builtins.str]:
+        """
+        Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
+        """
+        return pulumi.get(self, "log_level")
+
+    @property
+    @pulumi.getter(name="logMaxStringLength")
+    def log_max_string_length(self) -> Optional[builtins.int]:
+        """
+        Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
+        """
+        return pulumi.get(self, "log_max_string_length")
+
+    @property
+    @pulumi.getter(name="logNestedStatements")
+    def log_nested_statements(self) -> Optional[builtins.bool]:
+        """
+        This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
+        """
+        return pulumi.get(self, "log_nested_statements")
+
+    @property
+    @pulumi.getter(name="logParameter")
+    def log_parameter(self) -> Optional[builtins.bool]:
+        """
+        Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
+        """
+        return pulumi.get(self, "log_parameter")
+
+    @property
+    @pulumi.getter(name="logParameterMaxSize")
+    def log_parameter_max_size(self) -> Optional[builtins.int]:
+        """
+        Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with \\n\\n. Default: `0`.
+        """
+        return pulumi.get(self, "log_parameter_max_size")
+
+    @property
+    @pulumi.getter(name="logRelation")
+    def log_relation(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. Default: `false`.
+        """
+        return pulumi.get(self, "log_relation")
+
+    @property
+    @pulumi.getter(name="logRows")
+    def log_rows(self) -> Optional[builtins.bool]:
+        """
+        Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. Default: `false`.
+        """
+        return pulumi.get(self, "log_rows")
+
+    @property
+    @pulumi.getter(name="logStatement")
+    def log_statement(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether logging will include the statement text and parameters (if enabled). Default: `true`.
+        """
+        return pulumi.get(self, "log_statement")
+
+    @property
+    @pulumi.getter(name="logStatementOnce")
+    def log_statement_once(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. Default: `false`.
+        """
+        return pulumi.get(self, "log_statement_once")
+
+    @property
+    @pulumi.getter
+    def logs(self) -> Optional[Sequence[builtins.str]]:
+        """
+        Specifies which classes of statements will be logged by session audit logging.
+        """
+        return pulumi.get(self, "logs")
+
+    @property
+    @pulumi.getter
+    def role(self) -> Optional[builtins.str]:
+        """
+        Specifies the master role to use for object audit logging.
+        """
+        return pulumi.get(self, "role")
+
+
 @pulumi.output_type
 class AlloydbomniAlloydbomniUserConfigPgbouncer(dict):
     @staticmethod
@@ -2549,6 +2790,8 @@ class AlloydbomniComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in AlloydbomniComponent. Access the value via the '{suggest}' property getter instead.")
@@ -2566,6 +2809,7 @@ class AlloydbomniComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -2575,6 +2819,7 @@ class AlloydbomniComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -2588,6 +2833,8 @@ class AlloydbomniComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -2629,6 +2876,14 @@ class AlloydbomniComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -3188,6 +3443,8 @@ class CassandraComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in CassandraComponent. Access the value via the '{suggest}' property getter instead.")
@@ -3205,6 +3462,7 @@ class CassandraComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -3214,6 +3472,7 @@ class CassandraComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -3227,6 +3486,8 @@ class CassandraComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -3268,6 +3529,14 @@ class CassandraComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -3422,6 +3691,10 @@ class ClickhouseClickhouseUserConfig(dict):
         suggest = None
         if key == "additionalBackupRegions":
             suggest = "additional_backup_regions"
+        elif key == "backupHour":
+            suggest = "backup_hour"
+        elif key == "backupMinute":
+            suggest = "backup_minute"
         elif key == "ipFilterObjects":
             suggest = "ip_filter_objects"
         elif key == "ipFilterStrings":
@@ -3458,6 +3731,8 @@ class ClickhouseClickhouseUserConfig(dict):
 
     def __init__(__self__, *,
                  additional_backup_regions: Optional[builtins.str] = None,
+                 backup_hour: Optional[builtins.int] = None,
+                 backup_minute: Optional[builtins.int] = None,
                  ip_filter_objects: Optional[Sequence['outputs.ClickhouseClickhouseUserConfigIpFilterObject']] = None,
                  ip_filter_strings: Optional[Sequence[builtins.str]] = None,
                  ip_filters: Optional[Sequence[builtins.str]] = None,
@@ -3471,6 +3746,8 @@ class ClickhouseClickhouseUserConfig(dict):
                  static_ips: Optional[builtins.bool] = None):
         """
         :param builtins.str additional_backup_regions: Additional Cloud Regions for Backup Replication.
+        :param builtins.int backup_hour: The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. Example: `3`.
+        :param builtins.int backup_minute: The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. Example: `30`.
         :param Sequence['ClickhouseClickhouseUserConfigIpFilterObjectArgs'] ip_filter_objects: Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`
         :param Sequence[builtins.str] ip_filter_strings: Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`.
         :param Sequence[builtins.str] ip_filters: Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`.
@@ -3485,6 +3762,10 @@ class ClickhouseClickhouseUserConfig(dict):
         """
         if additional_backup_regions is not None:
             pulumi.set(__self__, "additional_backup_regions", additional_backup_regions)
+        if backup_hour is not None:
+            pulumi.set(__self__, "backup_hour", backup_hour)
+        if backup_minute is not None:
+            pulumi.set(__self__, "backup_minute", backup_minute)
         if ip_filter_objects is not None:
             pulumi.set(__self__, "ip_filter_objects", ip_filter_objects)
         if ip_filter_strings is not None:
@@ -3517,6 +3798,22 @@ class ClickhouseClickhouseUserConfig(dict):
         """
         return pulumi.get(self, "additional_backup_regions")
 
+    @property
+    @pulumi.getter(name="backupHour")
+    def backup_hour(self) -> Optional[builtins.int]:
+        """
+        The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. Example: `3`.
+        """
+        return pulumi.get(self, "backup_hour")
+
+    @property
+    @pulumi.getter(name="backupMinute")
+    def backup_minute(self) -> Optional[builtins.int]:
+        """
+        The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. Example: `30`.
+        """
+        return pulumi.get(self, "backup_minute")
+
     @property
     @pulumi.getter(name="ipFilterObjects")
     def ip_filter_objects(self) -> Optional[Sequence['outputs.ClickhouseClickhouseUserConfigIpFilterObject']]:
@@ -3868,6 +4165,8 @@ class ClickhouseComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in ClickhouseComponent. Access the value via the '{suggest}' property getter instead.")
@@ -3885,6 +4184,7 @@ class ClickhouseComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -3894,6 +4194,7 @@ class ClickhouseComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -3907,6 +4208,8 @@ class ClickhouseComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -3948,6 +4251,14 @@ class ClickhouseComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -4187,6 +4498,8 @@ class DragonflyComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in DragonflyComponent. Access the value via the '{suggest}' property getter instead.")
@@ -4204,6 +4517,7 @@ class DragonflyComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -4213,6 +4527,7 @@ class DragonflyComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -4226,6 +4541,8 @@ class DragonflyComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -4267,6 +4584,14 @@ class DragonflyComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -5062,6 +5387,8 @@ class FlinkComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in FlinkComponent. Access the value via the '{suggest}' property getter instead.")
@@ -5079,6 +5406,7 @@ class FlinkComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -5088,6 +5416,7 @@ class FlinkComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -5101,6 +5430,8 @@ class FlinkComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -5142,6 +5473,14 @@ class FlinkComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -6072,6 +6411,197 @@ class FlinkTechEmail(dict):
         return pulumi.get(self, "email")
 
 
+@pulumi.output_type
+class GovernanceAccessAccessData(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "serviceName":
+            suggest = "service_name"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GovernanceAccessAccessData. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GovernanceAccessAccessData.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GovernanceAccessAccessData.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 acls: Sequence['outputs.GovernanceAccessAccessDataAcl'],
+                 project: builtins.str,
+                 service_name: builtins.str,
+                 username: Optional[builtins.str] = None):
+        """
+        :param Sequence['GovernanceAccessAccessDataAclArgs'] acls: The permissions granted to the assigned service user. Maximum length: `54`. Changing this property forces recreation of the resource.
+        :param builtins.str project: The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
+        :param builtins.str service_name: The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
+        :param builtins.str username: The name for the new service user given access. If not provided, the name is automatically generated. Maximum length: `54`. Changing this property forces recreation of the resource.
+        """
+        pulumi.set(__self__, "acls", acls)
+        pulumi.set(__self__, "project", project)
+        pulumi.set(__self__, "service_name", service_name)
+        if username is not None:
+            pulumi.set(__self__, "username", username)
+
+    @property
+    @pulumi.getter
+    def acls(self) -> Sequence['outputs.GovernanceAccessAccessDataAcl']:
+        """
+        The permissions granted to the assigned service user. Maximum length: `54`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "acls")
+
+    @property
+    @pulumi.getter
+    def project(self) -> builtins.str:
+        """
+        The name of the project this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "project")
+
+    @property
+    @pulumi.getter(name="serviceName")
+    def service_name(self) -> builtins.str:
+        """
+        The name of the service that this resource belongs to. To set up proper dependencies please refer to this variable as a reference. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "service_name")
+
+    @property
+    @pulumi.getter
+    def username(self) -> Optional[builtins.str]:
+        """
+        The name for the new service user given access. If not provided, the name is automatically generated. Maximum length: `54`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "username")
+
+
+@pulumi.output_type
+class GovernanceAccessAccessDataAcl(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "permissionType":
+            suggest = "permission_type"
+        elif key == "resourceName":
+            suggest = "resource_name"
+        elif key == "resourceType":
+            suggest = "resource_type"
+        elif key == "patternType":
+            suggest = "pattern_type"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GovernanceAccessAccessDataAcl. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GovernanceAccessAccessDataAcl.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GovernanceAccessAccessDataAcl.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 operation: builtins.str,
+                 permission_type: builtins.str,
+                 resource_name: builtins.str,
+                 resource_type: builtins.str,
+                 host: Optional[builtins.str] = None,
+                 id: Optional[builtins.str] = None,
+                 pattern_type: Optional[builtins.str] = None,
+                 principal: Optional[builtins.str] = None):
+        """
+        :param builtins.str operation: The action that will be allowed for the service user. The possible values are `Read` and `Write`. Changing this property forces recreation of the resource.
+        :param builtins.str permission_type: Explicitly allows or denies the action for the service user on the specified resource. The possible value is `ALLOW`. Changing this property forces recreation of the resource.
+        :param builtins.str resource_name: The name of the resource the permission applies to, such as the topic name or group ID in the Kafka service. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param builtins.str resource_type: The type of resource. The possible value is `Topic`. Changing this property forces recreation of the resource.
+        :param builtins.str host: The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        :param builtins.str id: The ACL ID.
+        :param builtins.str pattern_type: Pattern used to match specified resources. The possible value is `LITERAL`.
+        :param builtins.str principal: Identities in `user:name` format that the permissions apply to.
+        """
+        pulumi.set(__self__, "operation", operation)
+        pulumi.set(__self__, "permission_type", permission_type)
+        pulumi.set(__self__, "resource_name", resource_name)
+        pulumi.set(__self__, "resource_type", resource_type)
+        if host is not None:
+            pulumi.set(__self__, "host", host)
+        if id is not None:
+            pulumi.set(__self__, "id", id)
+        if pattern_type is not None:
+            pulumi.set(__self__, "pattern_type", pattern_type)
+        if principal is not None:
+            pulumi.set(__self__, "principal", principal)
+
+    @property
+    @pulumi.getter
+    def operation(self) -> builtins.str:
+        """
+        The action that will be allowed for the service user. The possible values are `Read` and `Write`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "operation")
+
+    @property
+    @pulumi.getter(name="permissionType")
+    def permission_type(self) -> builtins.str:
+        """
+        Explicitly allows or denies the action for the service user on the specified resource. The possible value is `ALLOW`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "permission_type")
+
+    @property
+    @pulumi.getter(name="resourceName")
+    def resource_name(self) -> builtins.str:
+        """
+        The name of the resource the permission applies to, such as the topic name or group ID in the Kafka service. Maximum length: `256`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "resource_name")
+
+    @property
+    @pulumi.getter(name="resourceType")
+    def resource_type(self) -> builtins.str:
+        """
+        The type of resource. The possible value is `Topic`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "resource_type")
+
+    @property
+    @pulumi.getter
+    def host(self) -> Optional[builtins.str]:
+        """
+        The IP address from which a principal is allowed or denied access to the resource. Use `*` for all hosts. Maximum length: `256`. Changing this property forces recreation of the resource.
+        """
+        return pulumi.get(self, "host")
+
+    @property
+    @pulumi.getter
+    def id(self) -> Optional[builtins.str]:
+        """
+        The ACL ID.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="patternType")
+    def pattern_type(self) -> Optional[builtins.str]:
+        """
+        Pattern used to match specified resources. The possible value is `LITERAL`.
+        """
+        return pulumi.get(self, "pattern_type")
+
+    @property
+    @pulumi.getter
+    def principal(self) -> Optional[builtins.str]:
+        """
+        Identities in `user:name` format that the permissions apply to.
+        """
+        return pulumi.get(self, "principal")
+
+
 @pulumi.output_type
 class GrafanaComponent(dict):
     @staticmethod
@@ -6081,6 +6611,8 @@ class GrafanaComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in GrafanaComponent. Access the value via the '{suggest}' property getter instead.")
@@ -6098,6 +6630,7 @@ class GrafanaComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -6107,6 +6640,7 @@ class GrafanaComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -6120,6 +6654,8 @@ class GrafanaComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -6161,6 +6697,14 @@ class GrafanaComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -7977,6 +8521,8 @@ class InfluxDbComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in InfluxDbComponent. Access the value via the '{suggest}' property getter instead.")
@@ -7994,6 +8540,7 @@ class InfluxDbComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -8003,6 +8550,7 @@ class InfluxDbComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -8016,6 +8564,8 @@ class InfluxDbComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -8057,6 +8607,14 @@ class InfluxDbComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -8792,6 +9350,8 @@ class KafkaComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in KafkaComponent. Access the value via the '{suggest}' property getter instead.")
@@ -8809,6 +9369,7 @@ class KafkaComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -8818,6 +9379,7 @@ class KafkaComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -8831,6 +9393,8 @@ class KafkaComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -8872,6 +9436,14 @@ class KafkaComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -8914,6 +9486,8 @@ class KafkaConnectComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in KafkaConnectComponent. Access the value via the '{suggest}' property getter instead.")
@@ -8931,6 +9505,7 @@ class KafkaConnectComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -8940,6 +9515,7 @@ class KafkaConnectComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -8953,6 +9529,8 @@ class KafkaConnectComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -8994,6 +9572,14 @@ class KafkaConnectComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -10150,6 +10736,8 @@ class KafkaKafkaUserConfig(dict):
             suggest = "kafka_connect"
         elif key == "kafkaConnectConfig":
             suggest = "kafka_connect_config"
+        elif key == "kafkaConnectPluginVersions":
+            suggest = "kafka_connect_plugin_versions"
         elif key == "kafkaConnectSecretProviders":
             suggest = "kafka_connect_secret_providers"
         elif key == "kafkaRest":
@@ -10206,6 +10794,7 @@ class KafkaKafkaUserConfig(dict):
                  kafka_authentication_methods: Optional['outputs.KafkaKafkaUserConfigKafkaAuthenticationMethods'] = None,
                  kafka_connect: Optional[builtins.bool] = None,
                  kafka_connect_config: Optional['outputs.KafkaKafkaUserConfigKafkaConnectConfig'] = None,
+                 kafka_connect_plugin_versions: Optional[Sequence['outputs.KafkaKafkaUserConfigKafkaConnectPluginVersion']] = None,
                  kafka_connect_secret_providers: Optional[Sequence['outputs.KafkaKafkaUserConfigKafkaConnectSecretProvider']] = None,
                  kafka_rest: Optional[builtins.bool] = None,
                  kafka_rest_authorization: Optional[builtins.bool] = None,
@@ -10234,11 +10823,12 @@ class KafkaKafkaUserConfig(dict):
         :param 'KafkaKafkaUserConfigKafkaAuthenticationMethodsArgs' kafka_authentication_methods: Kafka authentication methods
         :param builtins.bool kafka_connect: Enable Kafka Connect service. Default: `false`.
         :param 'KafkaKafkaUserConfigKafkaConnectConfigArgs' kafka_connect_config: Kafka Connect configuration values
+        :param Sequence['KafkaKafkaUserConfigKafkaConnectPluginVersionArgs'] kafka_connect_plugin_versions: The plugin selected by the user
         :param builtins.bool kafka_rest: Enable Kafka-REST service. Default: `false`.
         :param builtins.bool kafka_rest_authorization: Enable authorization in Kafka-REST service.
         :param 'KafkaKafkaUserConfigKafkaRestConfigArgs' kafka_rest_config: Kafka REST configuration
         :param 'KafkaKafkaUserConfigKafkaSaslMechanismsArgs' kafka_sasl_mechanisms: Kafka SASL mechanisms
-        :param builtins.str kafka_version: Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, and newer. Kafka major version.
+        :param builtins.str kafka_version: Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, `3.9`, and newer. Kafka major version.
         :param builtins.bool letsencrypt_sasl_privatelink: Use Letsencrypt CA for Kafka SASL via Privatelink.
         :param 'KafkaKafkaUserConfigPrivateAccessArgs' private_access: Allow access to selected service ports from private networks
         :param 'KafkaKafkaUserConfigPrivatelinkAccessArgs' privatelink_access: Allow access to selected service components through Privatelink
@@ -10272,6 +10862,8 @@ class KafkaKafkaUserConfig(dict):
             pulumi.set(__self__, "kafka_connect", kafka_connect)
         if kafka_connect_config is not None:
             pulumi.set(__self__, "kafka_connect_config", kafka_connect_config)
+        if kafka_connect_plugin_versions is not None:
+            pulumi.set(__self__, "kafka_connect_plugin_versions", kafka_connect_plugin_versions)
         if kafka_connect_secret_providers is not None:
             pulumi.set(__self__, "kafka_connect_secret_providers", kafka_connect_secret_providers)
         if kafka_rest is not None:
@@ -10395,6 +10987,14 @@ class KafkaKafkaUserConfig(dict):
         """
         return pulumi.get(self, "kafka_connect_config")
 
+    @property
+    @pulumi.getter(name="kafkaConnectPluginVersions")
+    def kafka_connect_plugin_versions(self) -> Optional[Sequence['outputs.KafkaKafkaUserConfigKafkaConnectPluginVersion']]:
+        """
+        The plugin selected by the user
+        """
+        return pulumi.get(self, "kafka_connect_plugin_versions")
+
     @property
     @pulumi.getter(name="kafkaConnectSecretProviders")
     def kafka_connect_secret_providers(self) -> Optional[Sequence['outputs.KafkaKafkaUserConfigKafkaConnectSecretProvider']]:
@@ -10436,7 +11036,7 @@ class KafkaKafkaUserConfig(dict):
     @pulumi.getter(name="kafkaVersion")
     def kafka_version(self) -> Optional[builtins.str]:
         """
-        Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, and newer. Kafka major version.
+        Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, `3.9`, and newer. Kafka major version.
         """
         return pulumi.get(self, "kafka_version")
 
@@ -11513,6 +12113,52 @@ class KafkaKafkaUserConfigKafkaConnectConfig(dict):
         return pulumi.get(self, "session_timeout_ms")
 
 
+@pulumi.output_type
+class KafkaKafkaUserConfigKafkaConnectPluginVersion(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "pluginName":
+            suggest = "plugin_name"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in KafkaKafkaUserConfigKafkaConnectPluginVersion. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        KafkaKafkaUserConfigKafkaConnectPluginVersion.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        KafkaKafkaUserConfigKafkaConnectPluginVersion.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 plugin_name: builtins.str,
+                 version: builtins.str):
+        """
+        :param builtins.str plugin_name: The name of the plugin. Example: `debezium-connector`.
+        :param builtins.str version: The version of the plugin. Example: `2.5.0`.
+        """
+        pulumi.set(__self__, "plugin_name", plugin_name)
+        pulumi.set(__self__, "version", version)
+
+    @property
+    @pulumi.getter(name="pluginName")
+    def plugin_name(self) -> builtins.str:
+        """
+        The name of the plugin. Example: `debezium-connector`.
+        """
+        return pulumi.get(self, "plugin_name")
+
+    @property
+    @pulumi.getter
+    def version(self) -> builtins.str:
+        """
+        The version of the plugin. Example: `2.5.0`.
+        """
+        return pulumi.get(self, "version")
+
+
 @pulumi.output_type
 class KafkaKafkaUserConfigKafkaConnectSecretProvider(dict):
     def __init__(__self__, *,
@@ -12404,6 +13050,8 @@ class KafkaMirrorMakerComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in KafkaMirrorMakerComponent. Access the value via the '{suggest}' property getter instead.")
@@ -12421,6 +13069,7 @@ class KafkaMirrorMakerComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -12430,6 +13079,7 @@ class KafkaMirrorMakerComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -12443,6 +13093,8 @@ class KafkaMirrorMakerComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -12484,6 +13136,14 @@ class KafkaMirrorMakerComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -13173,33 +13833,33 @@ class KafkaTopicConfig(dict):
                  segment_ms: Optional[builtins.str] = None,
                  unclean_leader_election_enable: Optional[builtins.bool] = None):
         """
-        :param builtins.str cleanup_policy: cleanup.policy value. The possible values are `compact`, `compact,delete` and `delete`.
-        :param builtins.str compression_type: compression.type value. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
-        :param builtins.str delete_retention_ms: delete.retention.ms value
-        :param builtins.str file_delete_delay_ms: file.delete.delay.ms value
-        :param builtins.str flush_messages: flush.messages value
-        :param builtins.str flush_ms: flush.ms value
-        :param builtins.str index_interval_bytes: index.interval.bytes value
-        :param builtins.str local_retention_bytes: local.retention.bytes value
-        :param builtins.str local_retention_ms: local.retention.ms value
-        :param builtins.str max_compaction_lag_ms: max.compaction.lag.ms value
-        :param builtins.str max_message_bytes: max.message.bytes value
-        :param builtins.bool message_downconversion_enable: message.downconversion.enable value
-        :param builtins.str message_format_version: message.format.version value. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0` and `3.9-IV1`.
-        :param builtins.str message_timestamp_difference_max_ms: message.timestamp.difference.max.ms value
-        :param builtins.str message_timestamp_type: message.timestamp.type value. The possible values are `CreateTime` and `LogAppendTime`.
-        :param builtins.float min_cleanable_dirty_ratio: min.cleanable.dirty.ratio value
-        :param builtins.str min_compaction_lag_ms: min.compaction.lag.ms value
-        :param builtins.str min_insync_replicas: min.insync.replicas value
-        :param builtins.bool preallocate: preallocate value
-        :param builtins.bool remote_storage_enable: remote.storage.enable value
-        :param builtins.str retention_bytes: retention.bytes value
-        :param builtins.str retention_ms: retention.ms value
-        :param builtins.str segment_bytes: segment.bytes value
-        :param builtins.str segment_index_bytes: segment.index.bytes value
-        :param builtins.str segment_jitter_ms: segment.jitter.ms value
-        :param builtins.str segment_ms: segment.ms value
-        :param builtins.bool unclean_leader_election_enable: unclean.leader.election.enable value; This field is deprecated and no longer functional.
+        :param builtins.str cleanup_policy: The retention policy to use on old segments. Possible values include 'delete', 'compact', or a comma-separated list of them. The default policy ('delete') will discard old segments when their retention time or size limit has been reached. The 'compact' setting will enable log compaction on the topic. The possible values are `compact`, `compact,delete` and `delete`.
+        :param builtins.str compression_type: Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
+        :param builtins.str delete_retention_ms: The amount of time to retain delete tombstone markers for log compacted topics. This setting also gives a bound on the time in which a consumer must complete a read if they begin from offset 0 to ensure that they get a valid snapshot of the final stage (otherwise delete tombstones may be collected before they complete their scan).
+        :param builtins.str file_delete_delay_ms: The time to wait before deleting a file from the filesystem.
+        :param builtins.str flush_messages: This setting allows specifying an interval at which we will force an fsync of data written to the log. For example if this was set to 1 we would fsync after every message; if it were 5 we would fsync after every five messages. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
+        :param builtins.str flush_ms: This setting allows specifying a time interval at which we will force an fsync of data written to the log. For example if this was set to 1000 we would fsync after 1000 ms had passed. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
+        :param builtins.str index_interval_bytes: This setting controls how frequently Kafka adds an index entry to its offset index. The default setting ensures that we index a message roughly every 4096 bytes. More indexing allows reads to jump closer to the exact position in the log but makes the index larger. You probably don't need to change this.
+        :param builtins.str local_retention_bytes: This configuration controls the maximum bytes tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the limit is equal to overall retention time. If set to -1, no limit is applied but it's possible only if overall retention is also -1.
+        :param builtins.str local_retention_ms: This configuration controls the maximum time tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the time limit is equal to overall retention time. If set to -1, no time limit is applied but it's possible only if overall retention is also -1.
+        :param builtins.str max_compaction_lag_ms: The maximum time a message will remain ineligible for compaction in the log. Only applicable for logs that are being compacted.
+        :param builtins.str max_message_bytes: The largest record batch size allowed by Kafka (after compression if compression is enabled). If this is increased and there are consumers older than 0.10.2, the consumers' fetch size must also be increased so that the they can fetch record batches this large. In the latest message format version, records are always grouped into batches for efficiency. In previous message format versions, uncompressed records are not grouped into batches and this limit only applies to a single record in that case.
+        :param builtins.bool message_downconversion_enable: This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. When set to false, broker will not perform down-conversion for consumers expecting an older message format. The broker responds with UNSUPPORTED_VERSION error for consume requests from such older clients. This configuration does not apply to any message format conversion that might be required for replication to followers.
+        :param builtins.str message_format_version: Specify the message format version the broker will use to append messages to the logs. The value should be a valid ApiVersion. Some examples are: 0.8.2, 0.9.0.0, 0.10.0, check ApiVersion for more details. By setting a particular message format version, the user is certifying that all the existing messages on disk are smaller or equal than the specified version. Setting this value incorrectly will cause consumers with older versions to break as they will receive messages with a format that they don't understand. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0`, `3.9-IV1`, `4.0`, `4.0-IV0`, `4.1` and `4.1-IV0`.
+        :param builtins.str message_timestamp_difference_max_ms: The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. If message.timestamp.type=CreateTime, a message will be rejected if the difference in timestamp exceeds this threshold. This configuration is ignored if message.timestamp.type=LogAppendTime.
+        :param builtins.str message_timestamp_type: Define whether the timestamp in the message is message create time or log append time. The possible values are `CreateTime` and `LogAppendTime`.
+        :param builtins.float min_cleanable_dirty_ratio: This configuration controls how frequently the log compactor will attempt to clean the log (assuming log compaction is enabled). By default we will avoid cleaning a log where more than 50% of the log has been compacted. This ratio bounds the maximum space wasted in the log by duplicates (at 50% at most 50% of the log could be duplicates). A higher ratio will mean fewer, more efficient cleanings but will mean more wasted space in the log. If the max.compaction.lag.ms or the min.compaction.lag.ms configurations are also specified, then the log compactor considers the log to be eligible for compaction as soon as either: (i) the dirty ratio threshold has been met and the log has had dirty (uncompacted) records for at least the min.compaction.lag.ms duration, or (ii) if the log has had dirty (uncompacted) records for at most the max.compaction.lag.ms period.
+        :param builtins.str min_compaction_lag_ms: The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.
+        :param builtins.str min_insync_replicas: When a producer sets acks to 'all' (or '-1'), this configuration specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful. If this minimum cannot be met, then the producer will raise an exception (either NotEnoughReplicas or NotEnoughReplicasAfterAppend). When used together, min.insync.replicas and acks allow you to enforce greater durability guarantees. A typical scenario would be to create a topic with a replication factor of 3, set min.insync.replicas to 2, and produce with acks of 'all'. This will ensure that the producer raises an exception if a majority of replicas do not receive a write.
+        :param builtins.bool preallocate: True if we should preallocate the file on disk when creating a new log segment.
+        :param builtins.bool remote_storage_enable: Indicates whether tiered storage should be enabled.
+        :param builtins.str retention_bytes: This configuration controls the maximum size a partition (which consists of log segments) can grow to before we will discard old log segments to free up space if we are using the 'delete' retention policy. By default there is no size limit only a time limit. Since this limit is enforced at the partition level, multiply it by the number of partitions to compute the topic retention in bytes.
+        :param builtins.str retention_ms: This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space if we are using the 'delete' retention policy. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied.
+        :param builtins.str segment_bytes: This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
+        :param builtins.str segment_index_bytes: This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
+        :param builtins.str segment_jitter_ms: The maximum random jitter subtracted from the scheduled segment roll time to avoid thundering herds of segment rolling
+        :param builtins.str segment_ms: This configuration controls the period of time after which Kafka will force the log to roll even if the segment file isn't full to ensure that retention can delete or compact old data. Setting this to a very low value has consequences, and the Aiven management plane ignores values less than 10 seconds.
+        :param builtins.bool unclean_leader_election_enable: Indicates whether to enable replicas not in the ISR set to be elected as leader as a last resort, even though doing so may result in data loss.
         """
         if cleanup_policy is not None:
             pulumi.set(__self__, "cleanup_policy", cleanup_policy)
@@ -13260,7 +13920,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="cleanupPolicy")
     def cleanup_policy(self) -> Optional[builtins.str]:
         """
-        cleanup.policy value. The possible values are `compact`, `compact,delete` and `delete`.
+        The retention policy to use on old segments. Possible values include 'delete', 'compact', or a comma-separated list of them. The default policy ('delete') will discard old segments when their retention time or size limit has been reached. The 'compact' setting will enable log compaction on the topic. The possible values are `compact`, `compact,delete` and `delete`.
         """
         return pulumi.get(self, "cleanup_policy")
 
@@ -13268,7 +13928,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="compressionType")
     def compression_type(self) -> Optional[builtins.str]:
         """
-        compression.type value. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
+        Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
         """
         return pulumi.get(self, "compression_type")
 
@@ -13276,7 +13936,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="deleteRetentionMs")
     def delete_retention_ms(self) -> Optional[builtins.str]:
         """
-        delete.retention.ms value
+        The amount of time to retain delete tombstone markers for log compacted topics. This setting also gives a bound on the time in which a consumer must complete a read if they begin from offset 0 to ensure that they get a valid snapshot of the final stage (otherwise delete tombstones may be collected before they complete their scan).
         """
         return pulumi.get(self, "delete_retention_ms")
 
@@ -13284,7 +13944,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="fileDeleteDelayMs")
     def file_delete_delay_ms(self) -> Optional[builtins.str]:
         """
-        file.delete.delay.ms value
+        The time to wait before deleting a file from the filesystem.
         """
         return pulumi.get(self, "file_delete_delay_ms")
 
@@ -13292,7 +13952,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="flushMessages")
     def flush_messages(self) -> Optional[builtins.str]:
         """
-        flush.messages value
+        This setting allows specifying an interval at which we will force an fsync of data written to the log. For example if this was set to 1 we would fsync after every message; if it were 5 we would fsync after every five messages. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
         """
         return pulumi.get(self, "flush_messages")
 
@@ -13300,7 +13960,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="flushMs")
     def flush_ms(self) -> Optional[builtins.str]:
         """
-        flush.ms value
+        This setting allows specifying a time interval at which we will force an fsync of data written to the log. For example if this was set to 1000 we would fsync after 1000 ms had passed. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
         """
         return pulumi.get(self, "flush_ms")
 
@@ -13308,7 +13968,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="indexIntervalBytes")
     def index_interval_bytes(self) -> Optional[builtins.str]:
         """
-        index.interval.bytes value
+        This setting controls how frequently Kafka adds an index entry to its offset index. The default setting ensures that we index a message roughly every 4096 bytes. More indexing allows reads to jump closer to the exact position in the log but makes the index larger. You probably don't need to change this.
         """
         return pulumi.get(self, "index_interval_bytes")
 
@@ -13316,7 +13976,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="localRetentionBytes")
     def local_retention_bytes(self) -> Optional[builtins.str]:
         """
-        local.retention.bytes value
+        This configuration controls the maximum bytes tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the limit is equal to overall retention time. If set to -1, no limit is applied but it's possible only if overall retention is also -1.
         """
         return pulumi.get(self, "local_retention_bytes")
 
@@ -13324,7 +13984,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="localRetentionMs")
     def local_retention_ms(self) -> Optional[builtins.str]:
         """
-        local.retention.ms value
+        This configuration controls the maximum time tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the time limit is equal to overall retention time. If set to -1, no time limit is applied but it's possible only if overall retention is also -1.
         """
         return pulumi.get(self, "local_retention_ms")
 
@@ -13332,7 +13992,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="maxCompactionLagMs")
     def max_compaction_lag_ms(self) -> Optional[builtins.str]:
         """
-        max.compaction.lag.ms value
+        The maximum time a message will remain ineligible for compaction in the log. Only applicable for logs that are being compacted.
         """
         return pulumi.get(self, "max_compaction_lag_ms")
 
@@ -13340,7 +14000,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="maxMessageBytes")
     def max_message_bytes(self) -> Optional[builtins.str]:
         """
-        max.message.bytes value
+        The largest record batch size allowed by Kafka (after compression if compression is enabled). If this is increased and there are consumers older than 0.10.2, the consumers' fetch size must also be increased so that the they can fetch record batches this large. In the latest message format version, records are always grouped into batches for efficiency. In previous message format versions, uncompressed records are not grouped into batches and this limit only applies to a single record in that case.
         """
         return pulumi.get(self, "max_message_bytes")
 
@@ -13348,7 +14008,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="messageDownconversionEnable")
     def message_downconversion_enable(self) -> Optional[builtins.bool]:
         """
-        message.downconversion.enable value
+        This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. When set to false, broker will not perform down-conversion for consumers expecting an older message format. The broker responds with UNSUPPORTED_VERSION error for consume requests from such older clients. This configuration does not apply to any message format conversion that might be required for replication to followers.
         """
         return pulumi.get(self, "message_downconversion_enable")
 
@@ -13356,7 +14016,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="messageFormatVersion")
     def message_format_version(self) -> Optional[builtins.str]:
         """
-        message.format.version value. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0` and `3.9-IV1`.
+        Specify the message format version the broker will use to append messages to the logs. The value should be a valid ApiVersion. Some examples are: 0.8.2, 0.9.0.0, 0.10.0, check ApiVersion for more details. By setting a particular message format version, the user is certifying that all the existing messages on disk are smaller or equal than the specified version. Setting this value incorrectly will cause consumers with older versions to break as they will receive messages with a format that they don't understand. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0`, `3.9-IV1`, `4.0`, `4.0-IV0`, `4.1` and `4.1-IV0`.
         """
         return pulumi.get(self, "message_format_version")
 
@@ -13364,7 +14024,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="messageTimestampDifferenceMaxMs")
     def message_timestamp_difference_max_ms(self) -> Optional[builtins.str]:
         """
-        message.timestamp.difference.max.ms value
+        The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. If message.timestamp.type=CreateTime, a message will be rejected if the difference in timestamp exceeds this threshold. This configuration is ignored if message.timestamp.type=LogAppendTime.
         """
         return pulumi.get(self, "message_timestamp_difference_max_ms")
 
@@ -13372,7 +14032,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="messageTimestampType")
     def message_timestamp_type(self) -> Optional[builtins.str]:
         """
-        message.timestamp.type value. The possible values are `CreateTime` and `LogAppendTime`.
+        Define whether the timestamp in the message is message create time or log append time. The possible values are `CreateTime` and `LogAppendTime`.
         """
         return pulumi.get(self, "message_timestamp_type")
 
@@ -13380,7 +14040,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="minCleanableDirtyRatio")
     def min_cleanable_dirty_ratio(self) -> Optional[builtins.float]:
         """
-        min.cleanable.dirty.ratio value
+        This configuration controls how frequently the log compactor will attempt to clean the log (assuming log compaction is enabled). By default we will avoid cleaning a log where more than 50% of the log has been compacted. This ratio bounds the maximum space wasted in the log by duplicates (at 50% at most 50% of the log could be duplicates). A higher ratio will mean fewer, more efficient cleanings but will mean more wasted space in the log. If the max.compaction.lag.ms or the min.compaction.lag.ms configurations are also specified, then the log compactor considers the log to be eligible for compaction as soon as either: (i) the dirty ratio threshold has been met and the log has had dirty (uncompacted) records for at least the min.compaction.lag.ms duration, or (ii) if the log has had dirty (uncompacted) records for at most the max.compaction.lag.ms period.
         """
         return pulumi.get(self, "min_cleanable_dirty_ratio")
 
@@ -13388,7 +14048,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="minCompactionLagMs")
     def min_compaction_lag_ms(self) -> Optional[builtins.str]:
         """
-        min.compaction.lag.ms value
+        The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.
         """
         return pulumi.get(self, "min_compaction_lag_ms")
 
@@ -13396,7 +14056,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="minInsyncReplicas")
     def min_insync_replicas(self) -> Optional[builtins.str]:
         """
-        min.insync.replicas value
+        When a producer sets acks to 'all' (or '-1'), this configuration specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful. If this minimum cannot be met, then the producer will raise an exception (either NotEnoughReplicas or NotEnoughReplicasAfterAppend). When used together, min.insync.replicas and acks allow you to enforce greater durability guarantees. A typical scenario would be to create a topic with a replication factor of 3, set min.insync.replicas to 2, and produce with acks of 'all'. This will ensure that the producer raises an exception if a majority of replicas do not receive a write.
         """
         return pulumi.get(self, "min_insync_replicas")
 
@@ -13404,7 +14064,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter
     def preallocate(self) -> Optional[builtins.bool]:
         """
-        preallocate value
+        True if we should preallocate the file on disk when creating a new log segment.
         """
         return pulumi.get(self, "preallocate")
 
@@ -13412,7 +14072,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="remoteStorageEnable")
     def remote_storage_enable(self) -> Optional[builtins.bool]:
         """
-        remote.storage.enable value
+        Indicates whether tiered storage should be enabled.
         """
         return pulumi.get(self, "remote_storage_enable")
 
@@ -13420,7 +14080,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="retentionBytes")
     def retention_bytes(self) -> Optional[builtins.str]:
         """
-        retention.bytes value
+        This configuration controls the maximum size a partition (which consists of log segments) can grow to before we will discard old log segments to free up space if we are using the 'delete' retention policy. By default there is no size limit only a time limit. Since this limit is enforced at the partition level, multiply it by the number of partitions to compute the topic retention in bytes.
         """
         return pulumi.get(self, "retention_bytes")
 
@@ -13428,7 +14088,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="retentionMs")
     def retention_ms(self) -> Optional[builtins.str]:
         """
-        retention.ms value
+        This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space if we are using the 'delete' retention policy. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied.
         """
         return pulumi.get(self, "retention_ms")
 
@@ -13436,7 +14096,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="segmentBytes")
     def segment_bytes(self) -> Optional[builtins.str]:
         """
-        segment.bytes value
+        This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
         """
         return pulumi.get(self, "segment_bytes")
 
@@ -13444,7 +14104,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="segmentIndexBytes")
     def segment_index_bytes(self) -> Optional[builtins.str]:
         """
-        segment.index.bytes value
+        This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
         """
         return pulumi.get(self, "segment_index_bytes")
 
@@ -13452,7 +14112,7 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="segmentJitterMs")
     def segment_jitter_ms(self) -> Optional[builtins.str]:
         """
-        segment.jitter.ms value
+        The maximum random jitter subtracted from the scheduled segment roll time to avoid thundering herds of segment rolling
         """
         return pulumi.get(self, "segment_jitter_ms")
 
@@ -13460,16 +14120,15 @@ class KafkaTopicConfig(dict):
     @pulumi.getter(name="segmentMs")
     def segment_ms(self) -> Optional[builtins.str]:
         """
-        segment.ms value
+        This configuration controls the period of time after which Kafka will force the log to roll even if the segment file isn't full to ensure that retention can delete or compact old data. Setting this to a very low value has consequences, and the Aiven management plane ignores values less than 10 seconds.
         """
         return pulumi.get(self, "segment_ms")
 
     @property
     @pulumi.getter(name="uncleanLeaderElectionEnable")
-    @_utilities.deprecated("""This field is deprecated and no longer functional.""")
     def unclean_leader_election_enable(self) -> Optional[builtins.bool]:
         """
-        unclean.leader.election.enable value; This field is deprecated and no longer functional.
+        Indicates whether to enable replicas not in the ISR set to be elected as leader as a last resort, even though doing so may result in data loss.
         """
         return pulumi.get(self, "unclean_leader_election_enable")
 
@@ -13513,6 +14172,8 @@ class M3AggregatorComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in M3AggregatorComponent. Access the value via the '{suggest}' property getter instead.")
@@ -13530,6 +14191,7 @@ class M3AggregatorComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -13539,6 +14201,7 @@ class M3AggregatorComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -13552,6 +14215,8 @@ class M3AggregatorComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -13593,6 +14258,14 @@ class M3AggregatorComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -13943,6 +14616,8 @@ class M3DbComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in M3DbComponent. Access the value via the '{suggest}' property getter instead.")
@@ -13960,6 +14635,7 @@ class M3DbComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -13969,6 +14645,7 @@ class M3DbComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -13982,6 +14659,8 @@ class M3DbComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -14023,6 +14702,14 @@ class M3DbComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -15199,6 +15886,8 @@ class MySqlComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in MySqlComponent. Access the value via the '{suggest}' property getter instead.")
@@ -15216,6 +15905,7 @@ class MySqlComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -15225,6 +15915,7 @@ class MySqlComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -15238,6 +15929,8 @@ class MySqlComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -15279,6 +15972,14 @@ class MySqlComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -16646,6 +17347,8 @@ class OpenSearchComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in OpenSearchComponent. Access the value via the '{suggest}' property getter instead.")
@@ -16663,6 +17366,7 @@ class OpenSearchComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -16672,6 +17376,7 @@ class OpenSearchComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -16685,6 +17390,8 @@ class OpenSearchComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -16726,6 +17433,14 @@ class OpenSearchComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -16787,11 +17502,11 @@ class OpenSearchOpensearch(dict):
                  uris: Optional[Sequence[builtins.str]] = None,
                  username: Optional[builtins.str] = None):
         """
-        :param builtins.str kibana_uri: URI for Kibana dashboard frontend
-        :param builtins.str opensearch_dashboards_uri: URI for OpenSearch dashboard frontend
-        :param builtins.str password: OpenSearch password
+        :param builtins.str kibana_uri: URI for Kibana dashboard frontend.
+        :param builtins.str opensearch_dashboards_uri: URI for OpenSearch dashboard frontend.
+        :param builtins.str password: OpenSearch password.
         :param Sequence[builtins.str] uris: OpenSearch server URIs.
-        :param builtins.str username: OpenSearch username
+        :param builtins.str username: OpenSearch username.
         """
         if kibana_uri is not None:
             pulumi.set(__self__, "kibana_uri", kibana_uri)
@@ -16809,7 +17524,7 @@ class OpenSearchOpensearch(dict):
     @_utilities.deprecated("""This field was added by mistake and has never worked. It will be removed in future versions.""")
     def kibana_uri(self) -> Optional[builtins.str]:
         """
-        URI for Kibana dashboard frontend
+        URI for Kibana dashboard frontend.
         """
         return pulumi.get(self, "kibana_uri")
 
@@ -16817,7 +17532,7 @@ class OpenSearchOpensearch(dict):
     @pulumi.getter(name="opensearchDashboardsUri")
     def opensearch_dashboards_uri(self) -> Optional[builtins.str]:
         """
-        URI for OpenSearch dashboard frontend
+        URI for OpenSearch dashboard frontend.
         """
         return pulumi.get(self, "opensearch_dashboards_uri")
 
@@ -16825,7 +17540,7 @@ class OpenSearchOpensearch(dict):
     @pulumi.getter
     def password(self) -> Optional[builtins.str]:
         """
-        OpenSearch password
+        OpenSearch password.
         """
         return pulumi.get(self, "password")
 
@@ -16841,7 +17556,7 @@ class OpenSearchOpensearch(dict):
     @pulumi.getter
     def username(self) -> Optional[builtins.str]:
         """
-        OpenSearch username
+        OpenSearch username.
         """
         return pulumi.get(self, "username")
 
@@ -17297,7 +18012,7 @@ class OpenSearchOpensearchUserConfigAzureMigration(dict):
         :param builtins.str endpoint_suffix: Defines the DNS suffix for Azure Storage endpoints.
         :param builtins.bool include_aliases: Whether to restore aliases alongside their associated indexes. Default is true.
         :param builtins.str key: Azure account secret key. One of key or sas_token should be specified.
-        :param builtins.bool readonly: Whether the repository is read-only. Default: `false`.
+        :param builtins.bool readonly: Whether the repository is read-only. Default: `true`.
         :param builtins.bool restore_global_state: If true, restore the cluster state. Defaults to false.
         :param builtins.str sas_token: A shared access signatures (SAS) token. One of key or sas_token should be specified.
         """
@@ -17407,7 +18122,7 @@ class OpenSearchOpensearchUserConfigAzureMigration(dict):
     @pulumi.getter
     def readonly(self) -> Optional[builtins.bool]:
         """
-        Whether the repository is read-only. Default: `false`.
+        Whether the repository is read-only. Default: `true`.
         """
         return pulumi.get(self, "readonly")
 
@@ -17475,7 +18190,7 @@ class OpenSearchOpensearchUserConfigGcsMigration(dict):
         :param builtins.str chunk_size: Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository.
         :param builtins.bool compress: When set to true metadata files are stored in compressed format.
         :param builtins.bool include_aliases: Whether to restore aliases alongside their associated indexes. Default is true.
-        :param builtins.bool readonly: Whether the repository is read-only. Default: `false`.
+        :param builtins.bool readonly: Whether the repository is read-only. Default: `true`.
         :param builtins.bool restore_global_state: If true, restore the cluster state. Defaults to false.
         """
         pulumi.set(__self__, "base_path", base_path)
@@ -17562,7 +18277,7 @@ class OpenSearchOpensearchUserConfigGcsMigration(dict):
     @pulumi.getter
     def readonly(self) -> Optional[builtins.bool]:
         """
-        Whether the repository is read-only. Default: `false`.
+        Whether the repository is read-only. Default: `true`.
         """
         return pulumi.get(self, "readonly")
 
@@ -18030,6 +18745,8 @@ class OpenSearchOpensearchUserConfigOpensearch(dict):
             suggest = "email_sender_username"
         elif key == "enableRemoteBackedStorage":
             suggest = "enable_remote_backed_storage"
+        elif key == "enableSearchableSnapshots":
+            suggest = "enable_searchable_snapshots"
         elif key == "enableSecurityAudit":
             suggest = "enable_security_audit"
         elif key == "httpMaxContentLength":
@@ -18133,6 +18850,7 @@ class OpenSearchOpensearchUserConfigOpensearch(dict):
                  email_sender_password: Optional[builtins.str] = None,
                  email_sender_username: Optional[builtins.str] = None,
                  enable_remote_backed_storage: Optional[builtins.bool] = None,
+                 enable_searchable_snapshots: Optional[builtins.bool] = None,
                  enable_security_audit: Optional[builtins.bool] = None,
                  http_max_content_length: Optional[builtins.int] = None,
                  http_max_header_size: Optional[builtins.int] = None,
@@ -18185,6 +18903,7 @@ class OpenSearchOpensearchUserConfigOpensearch(dict):
         :param builtins.str email_sender_password: Sender password for Opensearch alerts to authenticate with SMTP server. Example: `very-secure-mail-password`.
         :param builtins.str email_sender_username: Sender username for Opensearch alerts. Example: `jane@example.com`.
         :param builtins.bool enable_remote_backed_storage: Enable remote-backed storage.
+        :param builtins.bool enable_searchable_snapshots: Enable searchable snapshots.
         :param builtins.bool enable_security_audit: Enable/Disable security audit.
         :param builtins.int http_max_content_length: Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.
         :param builtins.int http_max_header_size: The max size of allowed headers, in bytes. Example: `8192`.
@@ -18249,6 +18968,8 @@ class OpenSearchOpensearchUserConfigOpensearch(dict):
             pulumi.set(__self__, "email_sender_username", email_sender_username)
         if enable_remote_backed_storage is not None:
             pulumi.set(__self__, "enable_remote_backed_storage", enable_remote_backed_storage)
+        if enable_searchable_snapshots is not None:
+            pulumi.set(__self__, "enable_searchable_snapshots", enable_searchable_snapshots)
         if enable_security_audit is not None:
             pulumi.set(__self__, "enable_security_audit", enable_security_audit)
         if http_max_content_length is not None:
@@ -18423,6 +19144,14 @@ class OpenSearchOpensearchUserConfigOpensearch(dict):
         """
         return pulumi.get(self, "enable_remote_backed_storage")
 
+    @property
+    @pulumi.getter(name="enableSearchableSnapshots")
+    def enable_searchable_snapshots(self) -> Optional[builtins.bool]:
+        """
+        Enable searchable snapshots.
+        """
+        return pulumi.get(self, "enable_searchable_snapshots")
+
     @property
     @pulumi.getter(name="enableSecurityAudit")
     def enable_security_audit(self) -> Optional[builtins.bool]:
@@ -20454,7 +21183,7 @@ class OpenSearchOpensearchUserConfigS3Migration(dict):
         :param builtins.bool compress: When set to true metadata files are stored in compressed format.
         :param builtins.str endpoint: The S3 service endpoint to connect to. If you are using an S3-compatible service then you should set this to the service’s endpoint.
         :param builtins.bool include_aliases: Whether to restore aliases alongside their associated indexes. Default is true.
-        :param builtins.bool readonly: Whether the repository is read-only. Default: `false`.
+        :param builtins.bool readonly: Whether the repository is read-only. Default: `true`.
         :param builtins.bool restore_global_state: If true, restore the cluster state. Defaults to false.
         :param builtins.bool server_side_encryption: When set to true files are encrypted on server side.
         """
@@ -20572,7 +21301,7 @@ class OpenSearchOpensearchUserConfigS3Migration(dict):
     @pulumi.getter
     def readonly(self) -> Optional[builtins.bool]:
         """
-        Whether the repository is read-only. Default: `false`.
+        Whether the repository is read-only. Default: `true`.
         """
         return pulumi.get(self, "readonly")
 
@@ -20808,6 +21537,116 @@ class OpenSearchTechEmail(dict):
         return pulumi.get(self, "email")
 
 
+@pulumi.output_type
+class OrganizationAddressTimeouts(dict):
+    def __init__(__self__, *,
+                 create: Optional[builtins.str] = None,
+                 delete: Optional[builtins.str] = None,
+                 read: Optional[builtins.str] = None,
+                 update: Optional[builtins.str] = None):
+        """
+        :param builtins.str create: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        :param builtins.str delete: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+        :param builtins.str update: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if create is not None:
+            pulumi.set(__self__, "create", create)
+        if delete is not None:
+            pulumi.set(__self__, "delete", delete)
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+        if update is not None:
+            pulumi.set(__self__, "update", update)
+
+    @property
+    @pulumi.getter
+    def create(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "create")
+
+    @property
+    @pulumi.getter
+    def delete(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+        """
+        return pulumi.get(self, "delete")
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+        """
+        return pulumi.get(self, "read")
+
+    @property
+    @pulumi.getter
+    def update(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "update")
+
+
+@pulumi.output_type
+class OrganizationBillingGroupTimeouts(dict):
+    def __init__(__self__, *,
+                 create: Optional[builtins.str] = None,
+                 delete: Optional[builtins.str] = None,
+                 read: Optional[builtins.str] = None,
+                 update: Optional[builtins.str] = None):
+        """
+        :param builtins.str create: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        :param builtins.str delete: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+        :param builtins.str update: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if create is not None:
+            pulumi.set(__self__, "create", create)
+        if delete is not None:
+            pulumi.set(__self__, "delete", delete)
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+        if update is not None:
+            pulumi.set(__self__, "update", update)
+
+    @property
+    @pulumi.getter
+    def create(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "create")
+
+    @property
+    @pulumi.getter
+    def delete(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+        """
+        return pulumi.get(self, "delete")
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+        """
+        return pulumi.get(self, "read")
+
+    @property
+    @pulumi.getter
+    def update(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "update")
+
+
 @pulumi.output_type
 class OrganizationGroupProjectTimeouts(dict):
     def __init__(__self__, *,
@@ -20979,6 +21818,61 @@ class OrganizationProjectTag(dict):
         return pulumi.get(self, "value")
 
 
+@pulumi.output_type
+class OrganizationProjectTimeouts(dict):
+    def __init__(__self__, *,
+                 create: Optional[builtins.str] = None,
+                 delete: Optional[builtins.str] = None,
+                 read: Optional[builtins.str] = None,
+                 update: Optional[builtins.str] = None):
+        """
+        :param builtins.str create: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        :param builtins.str delete: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+        :param builtins.str update: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if create is not None:
+            pulumi.set(__self__, "create", create)
+        if delete is not None:
+            pulumi.set(__self__, "delete", delete)
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+        if update is not None:
+            pulumi.set(__self__, "update", update)
+
+    @property
+    @pulumi.getter
+    def create(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "create")
+
+    @property
+    @pulumi.getter
+    def delete(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+        """
+        return pulumi.get(self, "delete")
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+        """
+        return pulumi.get(self, "read")
+
+    @property
+    @pulumi.getter
+    def update(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "update")
+
+
 @pulumi.output_type
 class OrganizationTimeouts(dict):
     def __init__(__self__, *,
@@ -21098,6 +21992,8 @@ class PgComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in PgComponent. Access the value via the '{suggest}' property getter instead.")
@@ -21115,6 +22011,7 @@ class PgComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -21124,6 +22021,7 @@ class PgComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -21137,6 +22035,8 @@ class PgComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -21178,6 +22078,14 @@ class PgComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -21837,7 +22745,6 @@ class PgPgUserConfig(dict):
 
     @property
     @pulumi.getter
-    @_utilities.deprecated("""This property is deprecated.""")
     def pgaudit(self) -> Optional['outputs.PgPgUserConfigPgaudit']:
         """
         System-wide settings for the pgaudit extension
@@ -23000,7 +23907,7 @@ class PgPgUserConfigPgaudit(dict):
         :param builtins.bool feature_enabled: Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
         :param builtins.bool log_catalog: Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
         :param builtins.bool log_client: Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
-        :param builtins.str log_level: Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `notice`, `warning`, `log`. Specifies the log level that will be used for log entries. Default: `log`.
+        :param builtins.str log_level: Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
         :param builtins.int log_max_string_length: Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
         :param builtins.bool log_nested_statements: This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
         :param builtins.bool log_parameter: Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
@@ -23043,7 +23950,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="featureEnabled")
-    @_utilities.deprecated("""This property is deprecated.""")
     def feature_enabled(self) -> Optional[builtins.bool]:
         """
         Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
@@ -23052,7 +23958,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logCatalog")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_catalog(self) -> Optional[builtins.bool]:
         """
         Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
@@ -23061,7 +23966,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logClient")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_client(self) -> Optional[builtins.bool]:
         """
         Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
@@ -23070,16 +23974,14 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logLevel")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_level(self) -> Optional[builtins.str]:
         """
-        Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `notice`, `warning`, `log`. Specifies the log level that will be used for log entries. Default: `log`.
+        Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
         """
         return pulumi.get(self, "log_level")
 
     @property
     @pulumi.getter(name="logMaxStringLength")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_max_string_length(self) -> Optional[builtins.int]:
         """
         Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
@@ -23088,7 +23990,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logNestedStatements")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_nested_statements(self) -> Optional[builtins.bool]:
         """
         This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
@@ -23097,7 +23998,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logParameter")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_parameter(self) -> Optional[builtins.bool]:
         """
         Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
@@ -23106,7 +24006,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logParameterMaxSize")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_parameter_max_size(self) -> Optional[builtins.int]:
         """
         Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with \\n\\n. Default: `0`.
@@ -23115,7 +24014,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logRelation")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_relation(self) -> Optional[builtins.bool]:
         """
         Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. Default: `false`.
@@ -23124,7 +24022,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logRows")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_rows(self) -> Optional[builtins.bool]:
         """
         Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. Default: `false`.
@@ -23133,7 +24030,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logStatement")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_statement(self) -> Optional[builtins.bool]:
         """
         Specifies whether logging will include the statement text and parameters (if enabled). Default: `true`.
@@ -23142,7 +24038,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter(name="logStatementOnce")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_statement_once(self) -> Optional[builtins.bool]:
         """
         Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. Default: `false`.
@@ -23151,7 +24046,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter
-    @_utilities.deprecated("""This property is deprecated.""")
     def logs(self) -> Optional[Sequence[builtins.str]]:
         """
         Specifies which classes of statements will be logged by session audit logging.
@@ -23160,7 +24054,6 @@ class PgPgUserConfigPgaudit(dict):
 
     @property
     @pulumi.getter
-    @_utilities.deprecated("""This property is deprecated.""")
     def role(self) -> Optional[builtins.str]:
         """
         Specifies the master role to use for object audit logging.
@@ -23664,6 +24557,8 @@ class RedisComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in RedisComponent. Access the value via the '{suggest}' property getter instead.")
@@ -23681,6 +24576,7 @@ class RedisComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -23690,6 +24586,7 @@ class RedisComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -23703,6 +24600,8 @@ class RedisComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -23744,6 +24643,14 @@ class RedisComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -28158,6 +29065,8 @@ class ThanosComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in ThanosComponent. Access the value via the '{suggest}' property getter instead.")
@@ -28175,6 +29084,7 @@ class ThanosComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -28184,6 +29094,7 @@ class ThanosComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -28197,6 +29108,8 @@ class ThanosComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -28238,6 +29151,14 @@ class ThanosComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -29123,6 +30044,8 @@ class ValkeyComponent(dict):
             suggest = "connection_uri"
         elif key == "kafkaAuthenticationMethod":
             suggest = "kafka_authentication_method"
+        elif key == "kafkaSslCa":
+            suggest = "kafka_ssl_ca"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in ValkeyComponent. Access the value via the '{suggest}' property getter instead.")
@@ -29140,6 +30063,7 @@ class ValkeyComponent(dict):
                  connection_uri: Optional[builtins.str] = None,
                  host: Optional[builtins.str] = None,
                  kafka_authentication_method: Optional[builtins.str] = None,
+                 kafka_ssl_ca: Optional[builtins.str] = None,
                  port: Optional[builtins.int] = None,
                  route: Optional[builtins.str] = None,
                  ssl: Optional[builtins.bool] = None,
@@ -29149,6 +30073,7 @@ class ValkeyComponent(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -29162,6 +30087,8 @@ class ValkeyComponent(dict):
             pulumi.set(__self__, "host", host)
         if kafka_authentication_method is not None:
             pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        if kafka_ssl_ca is not None:
+            pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         if port is not None:
             pulumi.set(__self__, "port", port)
         if route is not None:
@@ -29203,6 +30130,14 @@ class ValkeyComponent(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> Optional[builtins.str]:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> Optional[builtins.int]:
@@ -30408,6 +31343,7 @@ class GetAlloydbomniAlloydbomniUserConfigResult(dict):
                  pg_read_replica: Optional[builtins.bool] = None,
                  pg_service_to_fork_from: Optional[builtins.str] = None,
                  pg_version: Optional[builtins.str] = None,
+                 pgaudit: Optional['outputs.GetAlloydbomniAlloydbomniUserConfigPgauditResult'] = None,
                  pgbouncer: Optional['outputs.GetAlloydbomniAlloydbomniUserConfigPgbouncerResult'] = None,
                  pglookout: Optional['outputs.GetAlloydbomniAlloydbomniUserConfigPglookoutResult'] = None,
                  private_access: Optional['outputs.GetAlloydbomniAlloydbomniUserConfigPrivateAccessResult'] = None,
@@ -30439,6 +31375,7 @@ class GetAlloydbomniAlloydbomniUserConfigResult(dict):
         :param builtins.bool pg_read_replica: Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).
         :param builtins.str pg_service_to_fork_from: Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created. Example: `anotherservicename`.
         :param builtins.str pg_version: Enum: `15`, and newer. PostgreSQL major version.
+        :param 'GetAlloydbomniAlloydbomniUserConfigPgauditArgs' pgaudit: System-wide settings for the pgaudit extension
         :param 'GetAlloydbomniAlloydbomniUserConfigPgbouncerArgs' pgbouncer: PGBouncer connection pooling settings
         :param 'GetAlloydbomniAlloydbomniUserConfigPglookoutArgs' pglookout: System-wide settings for pglookout
         :param 'GetAlloydbomniAlloydbomniUserConfigPrivateAccessArgs' private_access: Allow access to selected service ports from private networks
@@ -30486,6 +31423,8 @@ class GetAlloydbomniAlloydbomniUserConfigResult(dict):
             pulumi.set(__self__, "pg_service_to_fork_from", pg_service_to_fork_from)
         if pg_version is not None:
             pulumi.set(__self__, "pg_version", pg_version)
+        if pgaudit is not None:
+            pulumi.set(__self__, "pgaudit", pgaudit)
         if pgbouncer is not None:
             pulumi.set(__self__, "pgbouncer", pgbouncer)
         if pglookout is not None:
@@ -30644,6 +31583,14 @@ class GetAlloydbomniAlloydbomniUserConfigResult(dict):
         """
         return pulumi.get(self, "pg_version")
 
+    @property
+    @pulumi.getter
+    def pgaudit(self) -> Optional['outputs.GetAlloydbomniAlloydbomniUserConfigPgauditResult']:
+        """
+        System-wide settings for the pgaudit extension
+        """
+        return pulumi.get(self, "pgaudit")
+
     @property
     @pulumi.getter
     def pgbouncer(self) -> Optional['outputs.GetAlloydbomniAlloydbomniUserConfigPgbouncerResult']:
@@ -31370,6 +32317,181 @@ class GetAlloydbomniAlloydbomniUserConfigPgResult(dict):
         return pulumi.get(self, "wal_writer_delay")
 
 
+@pulumi.output_type
+class GetAlloydbomniAlloydbomniUserConfigPgauditResult(dict):
+    def __init__(__self__, *,
+                 feature_enabled: Optional[builtins.bool] = None,
+                 log_catalog: Optional[builtins.bool] = None,
+                 log_client: Optional[builtins.bool] = None,
+                 log_level: Optional[builtins.str] = None,
+                 log_max_string_length: Optional[builtins.int] = None,
+                 log_nested_statements: Optional[builtins.bool] = None,
+                 log_parameter: Optional[builtins.bool] = None,
+                 log_parameter_max_size: Optional[builtins.int] = None,
+                 log_relation: Optional[builtins.bool] = None,
+                 log_rows: Optional[builtins.bool] = None,
+                 log_statement: Optional[builtins.bool] = None,
+                 log_statement_once: Optional[builtins.bool] = None,
+                 logs: Optional[Sequence[builtins.str]] = None,
+                 role: Optional[builtins.str] = None):
+        """
+        :param builtins.bool feature_enabled: Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
+        :param builtins.bool log_catalog: Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
+        :param builtins.bool log_client: Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
+        :param builtins.str log_level: Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
+        :param builtins.int log_max_string_length: Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
+        :param builtins.bool log_nested_statements: This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
+        :param builtins.bool log_parameter: Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
+        :param builtins.int log_parameter_max_size: Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with <long param suppressed>. Default: `0`.
+        :param builtins.bool log_relation: Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. Default: `false`.
+        :param builtins.bool log_rows: Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. Default: `false`.
+        :param builtins.bool log_statement: Specifies whether logging will include the statement text and parameters (if enabled). Default: `true`.
+        :param builtins.bool log_statement_once: Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. Default: `false`.
+        :param Sequence[builtins.str] logs: Specifies which classes of statements will be logged by session audit logging.
+        :param builtins.str role: Specifies the master role to use for object audit logging.
+        """
+        if feature_enabled is not None:
+            pulumi.set(__self__, "feature_enabled", feature_enabled)
+        if log_catalog is not None:
+            pulumi.set(__self__, "log_catalog", log_catalog)
+        if log_client is not None:
+            pulumi.set(__self__, "log_client", log_client)
+        if log_level is not None:
+            pulumi.set(__self__, "log_level", log_level)
+        if log_max_string_length is not None:
+            pulumi.set(__self__, "log_max_string_length", log_max_string_length)
+        if log_nested_statements is not None:
+            pulumi.set(__self__, "log_nested_statements", log_nested_statements)
+        if log_parameter is not None:
+            pulumi.set(__self__, "log_parameter", log_parameter)
+        if log_parameter_max_size is not None:
+            pulumi.set(__self__, "log_parameter_max_size", log_parameter_max_size)
+        if log_relation is not None:
+            pulumi.set(__self__, "log_relation", log_relation)
+        if log_rows is not None:
+            pulumi.set(__self__, "log_rows", log_rows)
+        if log_statement is not None:
+            pulumi.set(__self__, "log_statement", log_statement)
+        if log_statement_once is not None:
+            pulumi.set(__self__, "log_statement_once", log_statement_once)
+        if logs is not None:
+            pulumi.set(__self__, "logs", logs)
+        if role is not None:
+            pulumi.set(__self__, "role", role)
+
+    @property
+    @pulumi.getter(name="featureEnabled")
+    def feature_enabled(self) -> Optional[builtins.bool]:
+        """
+        Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
+        """
+        return pulumi.get(self, "feature_enabled")
+
+    @property
+    @pulumi.getter(name="logCatalog")
+    def log_catalog(self) -> Optional[builtins.bool]:
+        """
+        Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
+        """
+        return pulumi.get(self, "log_catalog")
+
+    @property
+    @pulumi.getter(name="logClient")
+    def log_client(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
+        """
+        return pulumi.get(self, "log_client")
+
+    @property
+    @pulumi.getter(name="logLevel")
+    def log_level(self) -> Optional[builtins.str]:
+        """
+        Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
+        """
+        return pulumi.get(self, "log_level")
+
+    @property
+    @pulumi.getter(name="logMaxStringLength")
+    def log_max_string_length(self) -> Optional[builtins.int]:
+        """
+        Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
+        """
+        return pulumi.get(self, "log_max_string_length")
+
+    @property
+    @pulumi.getter(name="logNestedStatements")
+    def log_nested_statements(self) -> Optional[builtins.bool]:
+        """
+        This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
+        """
+        return pulumi.get(self, "log_nested_statements")
+
+    @property
+    @pulumi.getter(name="logParameter")
+    def log_parameter(self) -> Optional[builtins.bool]:
+        """
+        Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
+        """
+        return pulumi.get(self, "log_parameter")
+
+    @property
+    @pulumi.getter(name="logParameterMaxSize")
+    def log_parameter_max_size(self) -> Optional[builtins.int]:
+        """
+        Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with <long param suppressed>. Default: `0`.
+        """
+        return pulumi.get(self, "log_parameter_max_size")
+
+    @property
+    @pulumi.getter(name="logRelation")
+    def log_relation(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. Default: `false`.
+        """
+        return pulumi.get(self, "log_relation")
+
+    @property
+    @pulumi.getter(name="logRows")
+    def log_rows(self) -> Optional[builtins.bool]:
+        """
+        Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. Default: `false`.
+        """
+        return pulumi.get(self, "log_rows")
+
+    @property
+    @pulumi.getter(name="logStatement")
+    def log_statement(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether logging will include the statement text and parameters (if enabled). Default: `true`.
+        """
+        return pulumi.get(self, "log_statement")
+
+    @property
+    @pulumi.getter(name="logStatementOnce")
+    def log_statement_once(self) -> Optional[builtins.bool]:
+        """
+        Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. Default: `false`.
+        """
+        return pulumi.get(self, "log_statement_once")
+
+    @property
+    @pulumi.getter
+    def logs(self) -> Optional[Sequence[builtins.str]]:
+        """
+        Specifies which classes of statements will be logged by session audit logging.
+        """
+        return pulumi.get(self, "logs")
+
+    @property
+    @pulumi.getter
+    def role(self) -> Optional[builtins.str]:
+        """
+        Specifies the master role to use for object audit logging.
+        """
+        return pulumi.get(self, "role")
+
+
 @pulumi.output_type
 class GetAlloydbomniAlloydbomniUserConfigPgbouncerResult(dict):
     def __init__(__self__, *,
@@ -31652,6 +32774,7 @@ class GetAlloydbomniComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -31661,6 +32784,7 @@ class GetAlloydbomniComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -31670,6 +32794,7 @@ class GetAlloydbomniComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -31707,6 +32832,14 @@ class GetAlloydbomniComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -32176,6 +33309,7 @@ class GetCassandaComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -32185,6 +33319,7 @@ class GetCassandaComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -32194,6 +33329,7 @@ class GetCassandaComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -32231,6 +33367,14 @@ class GetCassandaComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -32700,6 +33844,7 @@ class GetCassandraComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -32709,6 +33854,7 @@ class GetCassandraComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -32718,6 +33864,7 @@ class GetCassandraComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -32755,6 +33902,14 @@ class GetCassandraComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -32886,6 +34041,8 @@ class GetClickhouseClickhouseResult(dict):
 class GetClickhouseClickhouseUserConfigResult(dict):
     def __init__(__self__, *,
                  additional_backup_regions: Optional[builtins.str] = None,
+                 backup_hour: Optional[builtins.int] = None,
+                 backup_minute: Optional[builtins.int] = None,
                  ip_filter_objects: Optional[Sequence['outputs.GetClickhouseClickhouseUserConfigIpFilterObjectResult']] = None,
                  ip_filter_strings: Optional[Sequence[builtins.str]] = None,
                  ip_filters: Optional[Sequence[builtins.str]] = None,
@@ -32899,6 +34056,8 @@ class GetClickhouseClickhouseUserConfigResult(dict):
                  static_ips: Optional[builtins.bool] = None):
         """
         :param builtins.str additional_backup_regions: Additional Cloud Regions for Backup Replication.
+        :param builtins.int backup_hour: The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. Example: `3`.
+        :param builtins.int backup_minute: The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. Example: `30`.
         :param Sequence['GetClickhouseClickhouseUserConfigIpFilterObjectArgs'] ip_filter_objects: Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`
         :param Sequence[builtins.str] ip_filter_strings: Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`.
         :param Sequence[builtins.str] ip_filters: Allow incoming connections from CIDR address block, e.g. `10.20.0.0/16`.
@@ -32913,6 +34072,10 @@ class GetClickhouseClickhouseUserConfigResult(dict):
         """
         if additional_backup_regions is not None:
             pulumi.set(__self__, "additional_backup_regions", additional_backup_regions)
+        if backup_hour is not None:
+            pulumi.set(__self__, "backup_hour", backup_hour)
+        if backup_minute is not None:
+            pulumi.set(__self__, "backup_minute", backup_minute)
         if ip_filter_objects is not None:
             pulumi.set(__self__, "ip_filter_objects", ip_filter_objects)
         if ip_filter_strings is not None:
@@ -32945,6 +34108,22 @@ class GetClickhouseClickhouseUserConfigResult(dict):
         """
         return pulumi.get(self, "additional_backup_regions")
 
+    @property
+    @pulumi.getter(name="backupHour")
+    def backup_hour(self) -> Optional[builtins.int]:
+        """
+        The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed. Example: `3`.
+        """
+        return pulumi.get(self, "backup_hour")
+
+    @property
+    @pulumi.getter(name="backupMinute")
+    def backup_minute(self) -> Optional[builtins.int]:
+        """
+        The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed. Example: `30`.
+        """
+        return pulumi.get(self, "backup_minute")
+
     @property
     @pulumi.getter(name="ipFilterObjects")
     def ip_filter_objects(self) -> Optional[Sequence['outputs.GetClickhouseClickhouseUserConfigIpFilterObjectResult']]:
@@ -33237,6 +34416,7 @@ class GetClickhouseComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -33246,6 +34426,7 @@ class GetClickhouseComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -33255,6 +34436,7 @@ class GetClickhouseComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -33292,6 +34474,14 @@ class GetClickhouseComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -33408,6 +34598,7 @@ class GetDragonflyComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -33417,6 +34608,7 @@ class GetDragonflyComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -33426,6 +34618,7 @@ class GetDragonflyComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -33463,6 +34656,14 @@ class GetDragonflyComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -34114,6 +35315,7 @@ class GetFlinkComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -34123,6 +35325,7 @@ class GetFlinkComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -34132,6 +35335,7 @@ class GetFlinkComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -34169,6 +35373,14 @@ class GetFlinkComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -34548,6 +35760,7 @@ class GetGrafanaComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -34557,6 +35770,7 @@ class GetGrafanaComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -34566,6 +35780,7 @@ class GetGrafanaComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -34603,6 +35818,14 @@ class GetGrafanaComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -36076,6 +37299,7 @@ class GetInfluxDbComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -36085,6 +37309,7 @@ class GetInfluxDbComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -36094,6 +37319,7 @@ class GetInfluxDbComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -36131,6 +37357,14 @@ class GetInfluxDbComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -36701,6 +37935,7 @@ class GetKafkaComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -36710,6 +37945,7 @@ class GetKafkaComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -36719,6 +37955,7 @@ class GetKafkaComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -36756,6 +37993,14 @@ class GetKafkaComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -36796,6 +38041,7 @@ class GetKafkaConnectComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -36805,6 +38051,7 @@ class GetKafkaConnectComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -36814,6 +38061,7 @@ class GetKafkaConnectComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -36851,6 +38099,14 @@ class GetKafkaConnectComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -37748,6 +39004,7 @@ class GetKafkaKafkaUserConfigResult(dict):
                  kafka_authentication_methods: Optional['outputs.GetKafkaKafkaUserConfigKafkaAuthenticationMethodsResult'] = None,
                  kafka_connect: Optional[builtins.bool] = None,
                  kafka_connect_config: Optional['outputs.GetKafkaKafkaUserConfigKafkaConnectConfigResult'] = None,
+                 kafka_connect_plugin_versions: Optional[Sequence['outputs.GetKafkaKafkaUserConfigKafkaConnectPluginVersionResult']] = None,
                  kafka_connect_secret_providers: Optional[Sequence['outputs.GetKafkaKafkaUserConfigKafkaConnectSecretProviderResult']] = None,
                  kafka_rest: Optional[builtins.bool] = None,
                  kafka_rest_authorization: Optional[builtins.bool] = None,
@@ -37776,11 +39033,12 @@ class GetKafkaKafkaUserConfigResult(dict):
         :param 'GetKafkaKafkaUserConfigKafkaAuthenticationMethodsArgs' kafka_authentication_methods: Kafka authentication methods
         :param builtins.bool kafka_connect: Enable Kafka Connect service. Default: `false`.
         :param 'GetKafkaKafkaUserConfigKafkaConnectConfigArgs' kafka_connect_config: Kafka Connect configuration values
+        :param Sequence['GetKafkaKafkaUserConfigKafkaConnectPluginVersionArgs'] kafka_connect_plugin_versions: The plugin selected by the user
         :param builtins.bool kafka_rest: Enable Kafka-REST service. Default: `false`.
         :param builtins.bool kafka_rest_authorization: Enable authorization in Kafka-REST service.
         :param 'GetKafkaKafkaUserConfigKafkaRestConfigArgs' kafka_rest_config: Kafka REST configuration
         :param 'GetKafkaKafkaUserConfigKafkaSaslMechanismsArgs' kafka_sasl_mechanisms: Kafka SASL mechanisms
-        :param builtins.str kafka_version: Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, and newer. Kafka major version.
+        :param builtins.str kafka_version: Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, `3.9`, and newer. Kafka major version.
         :param builtins.bool letsencrypt_sasl_privatelink: Use Letsencrypt CA for Kafka SASL via Privatelink.
         :param 'GetKafkaKafkaUserConfigPrivateAccessArgs' private_access: Allow access to selected service ports from private networks
         :param 'GetKafkaKafkaUserConfigPrivatelinkAccessArgs' privatelink_access: Allow access to selected service components through Privatelink
@@ -37814,6 +39072,8 @@ class GetKafkaKafkaUserConfigResult(dict):
             pulumi.set(__self__, "kafka_connect", kafka_connect)
         if kafka_connect_config is not None:
             pulumi.set(__self__, "kafka_connect_config", kafka_connect_config)
+        if kafka_connect_plugin_versions is not None:
+            pulumi.set(__self__, "kafka_connect_plugin_versions", kafka_connect_plugin_versions)
         if kafka_connect_secret_providers is not None:
             pulumi.set(__self__, "kafka_connect_secret_providers", kafka_connect_secret_providers)
         if kafka_rest is not None:
@@ -37937,6 +39197,14 @@ class GetKafkaKafkaUserConfigResult(dict):
         """
         return pulumi.get(self, "kafka_connect_config")
 
+    @property
+    @pulumi.getter(name="kafkaConnectPluginVersions")
+    def kafka_connect_plugin_versions(self) -> Optional[Sequence['outputs.GetKafkaKafkaUserConfigKafkaConnectPluginVersionResult']]:
+        """
+        The plugin selected by the user
+        """
+        return pulumi.get(self, "kafka_connect_plugin_versions")
+
     @property
     @pulumi.getter(name="kafkaConnectSecretProviders")
     def kafka_connect_secret_providers(self) -> Optional[Sequence['outputs.GetKafkaKafkaUserConfigKafkaConnectSecretProviderResult']]:
@@ -37978,7 +39246,7 @@ class GetKafkaKafkaUserConfigResult(dict):
     @pulumi.getter(name="kafkaVersion")
     def kafka_version(self) -> Optional[builtins.str]:
         """
-        Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, and newer. Kafka major version.
+        Enum: `3.1`, `3.2`, `3.3`, `3.4`, `3.5`, `3.6`, `3.7`, `3.8`, `3.9`, and newer. Kafka major version.
         """
         return pulumi.get(self, "kafka_version")
 
@@ -38901,6 +40169,35 @@ class GetKafkaKafkaUserConfigKafkaConnectConfigResult(dict):
         return pulumi.get(self, "session_timeout_ms")
 
 
+@pulumi.output_type
+class GetKafkaKafkaUserConfigKafkaConnectPluginVersionResult(dict):
+    def __init__(__self__, *,
+                 plugin_name: builtins.str,
+                 version: builtins.str):
+        """
+        :param builtins.str plugin_name: The name of the plugin. Example: `debezium-connector`.
+        :param builtins.str version: The version of the plugin. Example: `2.5.0`.
+        """
+        pulumi.set(__self__, "plugin_name", plugin_name)
+        pulumi.set(__self__, "version", version)
+
+    @property
+    @pulumi.getter(name="pluginName")
+    def plugin_name(self) -> builtins.str:
+        """
+        The name of the plugin. Example: `debezium-connector`.
+        """
+        return pulumi.get(self, "plugin_name")
+
+    @property
+    @pulumi.getter
+    def version(self) -> builtins.str:
+        """
+        The version of the plugin. Example: `2.5.0`.
+        """
+        return pulumi.get(self, "version")
+
+
 @pulumi.output_type
 class GetKafkaKafkaUserConfigKafkaConnectSecretProviderResult(dict):
     def __init__(__self__, *,
@@ -39589,6 +40886,7 @@ class GetKafkaMirrorMakerComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -39598,6 +40896,7 @@ class GetKafkaMirrorMakerComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -39607,6 +40906,7 @@ class GetKafkaMirrorMakerComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -39644,6 +40944,14 @@ class GetKafkaMirrorMakerComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -40158,33 +41466,33 @@ class GetKafkaTopicConfigResult(dict):
                  segment_ms: Optional[builtins.str] = None,
                  unclean_leader_election_enable: Optional[builtins.bool] = None):
         """
-        :param builtins.str cleanup_policy: cleanup.policy value. The possible values are `compact`, `compact,delete` and `delete`.
-        :param builtins.str compression_type: compression.type value. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
-        :param builtins.str delete_retention_ms: delete.retention.ms value
-        :param builtins.str file_delete_delay_ms: file.delete.delay.ms value
-        :param builtins.str flush_messages: flush.messages value
-        :param builtins.str flush_ms: flush.ms value
-        :param builtins.str index_interval_bytes: index.interval.bytes value
-        :param builtins.str local_retention_bytes: local.retention.bytes value
-        :param builtins.str local_retention_ms: local.retention.ms value
-        :param builtins.str max_compaction_lag_ms: max.compaction.lag.ms value
-        :param builtins.str max_message_bytes: max.message.bytes value
-        :param builtins.bool message_downconversion_enable: message.downconversion.enable value
-        :param builtins.str message_format_version: message.format.version value. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0` and `3.9-IV1`.
-        :param builtins.str message_timestamp_difference_max_ms: message.timestamp.difference.max.ms value
-        :param builtins.str message_timestamp_type: message.timestamp.type value. The possible values are `CreateTime` and `LogAppendTime`.
-        :param builtins.float min_cleanable_dirty_ratio: min.cleanable.dirty.ratio value
-        :param builtins.str min_compaction_lag_ms: min.compaction.lag.ms value
-        :param builtins.str min_insync_replicas: min.insync.replicas value
-        :param builtins.bool preallocate: preallocate value
-        :param builtins.bool remote_storage_enable: remote.storage.enable value
-        :param builtins.str retention_bytes: retention.bytes value
-        :param builtins.str retention_ms: retention.ms value
-        :param builtins.str segment_bytes: segment.bytes value
-        :param builtins.str segment_index_bytes: segment.index.bytes value
-        :param builtins.str segment_jitter_ms: segment.jitter.ms value
-        :param builtins.str segment_ms: segment.ms value
-        :param builtins.bool unclean_leader_election_enable: unclean.leader.election.enable value; This field is deprecated and no longer functional.
+        :param builtins.str cleanup_policy: The retention policy to use on old segments. Possible values include 'delete', 'compact', or a comma-separated list of them. The default policy ('delete') will discard old segments when their retention time or size limit has been reached. The 'compact' setting will enable log compaction on the topic. The possible values are `compact`, `compact,delete` and `delete`.
+        :param builtins.str compression_type: Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
+        :param builtins.str delete_retention_ms: The amount of time to retain delete tombstone markers for log compacted topics. This setting also gives a bound on the time in which a consumer must complete a read if they begin from offset 0 to ensure that they get a valid snapshot of the final stage (otherwise delete tombstones may be collected before they complete their scan).
+        :param builtins.str file_delete_delay_ms: The time to wait before deleting a file from the filesystem.
+        :param builtins.str flush_messages: This setting allows specifying an interval at which we will force an fsync of data written to the log. For example if this was set to 1 we would fsync after every message; if it were 5 we would fsync after every five messages. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
+        :param builtins.str flush_ms: This setting allows specifying a time interval at which we will force an fsync of data written to the log. For example if this was set to 1000 we would fsync after 1000 ms had passed. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
+        :param builtins.str index_interval_bytes: This setting controls how frequently Kafka adds an index entry to its offset index. The default setting ensures that we index a message roughly every 4096 bytes. More indexing allows reads to jump closer to the exact position in the log but makes the index larger. You probably don't need to change this.
+        :param builtins.str local_retention_bytes: This configuration controls the maximum bytes tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the limit is equal to overall retention time. If set to -1, no limit is applied but it's possible only if overall retention is also -1.
+        :param builtins.str local_retention_ms: This configuration controls the maximum time tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the time limit is equal to overall retention time. If set to -1, no time limit is applied but it's possible only if overall retention is also -1.
+        :param builtins.str max_compaction_lag_ms: The maximum time a message will remain ineligible for compaction in the log. Only applicable for logs that are being compacted.
+        :param builtins.str max_message_bytes: The largest record batch size allowed by Kafka (after compression if compression is enabled). If this is increased and there are consumers older than 0.10.2, the consumers' fetch size must also be increased so that the they can fetch record batches this large. In the latest message format version, records are always grouped into batches for efficiency. In previous message format versions, uncompressed records are not grouped into batches and this limit only applies to a single record in that case.
+        :param builtins.bool message_downconversion_enable: This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. When set to false, broker will not perform down-conversion for consumers expecting an older message format. The broker responds with UNSUPPORTED_VERSION error for consume requests from such older clients. This configuration does not apply to any message format conversion that might be required for replication to followers.
+        :param builtins.str message_format_version: Specify the message format version the broker will use to append messages to the logs. The value should be a valid ApiVersion. Some examples are: 0.8.2, 0.9.0.0, 0.10.0, check ApiVersion for more details. By setting a particular message format version, the user is certifying that all the existing messages on disk are smaller or equal than the specified version. Setting this value incorrectly will cause consumers with older versions to break as they will receive messages with a format that they don't understand. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0`, `3.9-IV1`, `4.0`, `4.0-IV0`, `4.1` and `4.1-IV0`.
+        :param builtins.str message_timestamp_difference_max_ms: The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. If message.timestamp.type=CreateTime, a message will be rejected if the difference in timestamp exceeds this threshold. This configuration is ignored if message.timestamp.type=LogAppendTime.
+        :param builtins.str message_timestamp_type: Define whether the timestamp in the message is message create time or log append time. The possible values are `CreateTime` and `LogAppendTime`.
+        :param builtins.float min_cleanable_dirty_ratio: This configuration controls how frequently the log compactor will attempt to clean the log (assuming log compaction is enabled). By default we will avoid cleaning a log where more than 50% of the log has been compacted. This ratio bounds the maximum space wasted in the log by duplicates (at 50% at most 50% of the log could be duplicates). A higher ratio will mean fewer, more efficient cleanings but will mean more wasted space in the log. If the max.compaction.lag.ms or the min.compaction.lag.ms configurations are also specified, then the log compactor considers the log to be eligible for compaction as soon as either: (i) the dirty ratio threshold has been met and the log has had dirty (uncompacted) records for at least the min.compaction.lag.ms duration, or (ii) if the log has had dirty (uncompacted) records for at most the max.compaction.lag.ms period.
+        :param builtins.str min_compaction_lag_ms: The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.
+        :param builtins.str min_insync_replicas: When a producer sets acks to 'all' (or '-1'), this configuration specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful. If this minimum cannot be met, then the producer will raise an exception (either NotEnoughReplicas or NotEnoughReplicasAfterAppend). When used together, min.insync.replicas and acks allow you to enforce greater durability guarantees. A typical scenario would be to create a topic with a replication factor of 3, set min.insync.replicas to 2, and produce with acks of 'all'. This will ensure that the producer raises an exception if a majority of replicas do not receive a write.
+        :param builtins.bool preallocate: True if we should preallocate the file on disk when creating a new log segment.
+        :param builtins.bool remote_storage_enable: Indicates whether tiered storage should be enabled.
+        :param builtins.str retention_bytes: This configuration controls the maximum size a partition (which consists of log segments) can grow to before we will discard old log segments to free up space if we are using the 'delete' retention policy. By default there is no size limit only a time limit. Since this limit is enforced at the partition level, multiply it by the number of partitions to compute the topic retention in bytes.
+        :param builtins.str retention_ms: This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space if we are using the 'delete' retention policy. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied.
+        :param builtins.str segment_bytes: This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
+        :param builtins.str segment_index_bytes: This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
+        :param builtins.str segment_jitter_ms: The maximum random jitter subtracted from the scheduled segment roll time to avoid thundering herds of segment rolling
+        :param builtins.str segment_ms: This configuration controls the period of time after which Kafka will force the log to roll even if the segment file isn't full to ensure that retention can delete or compact old data. Setting this to a very low value has consequences, and the Aiven management plane ignores values less than 10 seconds.
+        :param builtins.bool unclean_leader_election_enable: Indicates whether to enable replicas not in the ISR set to be elected as leader as a last resort, even though doing so may result in data loss.
         """
         if cleanup_policy is not None:
             pulumi.set(__self__, "cleanup_policy", cleanup_policy)
@@ -40245,7 +41553,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="cleanupPolicy")
     def cleanup_policy(self) -> Optional[builtins.str]:
         """
-        cleanup.policy value. The possible values are `compact`, `compact,delete` and `delete`.
+        The retention policy to use on old segments. Possible values include 'delete', 'compact', or a comma-separated list of them. The default policy ('delete') will discard old segments when their retention time or size limit has been reached. The 'compact' setting will enable log compaction on the topic. The possible values are `compact`, `compact,delete` and `delete`.
         """
         return pulumi.get(self, "cleanup_policy")
 
@@ -40253,7 +41561,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="compressionType")
     def compression_type(self) -> Optional[builtins.str]:
         """
-        compression.type value. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
+        Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer. The possible values are `gzip`, `lz4`, `producer`, `snappy`, `uncompressed` and `zstd`.
         """
         return pulumi.get(self, "compression_type")
 
@@ -40261,7 +41569,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="deleteRetentionMs")
     def delete_retention_ms(self) -> Optional[builtins.str]:
         """
-        delete.retention.ms value
+        The amount of time to retain delete tombstone markers for log compacted topics. This setting also gives a bound on the time in which a consumer must complete a read if they begin from offset 0 to ensure that they get a valid snapshot of the final stage (otherwise delete tombstones may be collected before they complete their scan).
         """
         return pulumi.get(self, "delete_retention_ms")
 
@@ -40269,7 +41577,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="fileDeleteDelayMs")
     def file_delete_delay_ms(self) -> Optional[builtins.str]:
         """
-        file.delete.delay.ms value
+        The time to wait before deleting a file from the filesystem.
         """
         return pulumi.get(self, "file_delete_delay_ms")
 
@@ -40277,7 +41585,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="flushMessages")
     def flush_messages(self) -> Optional[builtins.str]:
         """
-        flush.messages value
+        This setting allows specifying an interval at which we will force an fsync of data written to the log. For example if this was set to 1 we would fsync after every message; if it were 5 we would fsync after every five messages. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
         """
         return pulumi.get(self, "flush_messages")
 
@@ -40285,7 +41593,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="flushMs")
     def flush_ms(self) -> Optional[builtins.str]:
         """
-        flush.ms value
+        This setting allows specifying a time interval at which we will force an fsync of data written to the log. For example if this was set to 1000 we would fsync after 1000 ms had passed. In general we recommend you not set this and use replication for durability and allow the operating system's background flush capabilities as it is more efficient.
         """
         return pulumi.get(self, "flush_ms")
 
@@ -40293,7 +41601,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="indexIntervalBytes")
     def index_interval_bytes(self) -> Optional[builtins.str]:
         """
-        index.interval.bytes value
+        This setting controls how frequently Kafka adds an index entry to its offset index. The default setting ensures that we index a message roughly every 4096 bytes. More indexing allows reads to jump closer to the exact position in the log but makes the index larger. You probably don't need to change this.
         """
         return pulumi.get(self, "index_interval_bytes")
 
@@ -40301,7 +41609,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="localRetentionBytes")
     def local_retention_bytes(self) -> Optional[builtins.str]:
         """
-        local.retention.bytes value
+        This configuration controls the maximum bytes tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the limit is equal to overall retention time. If set to -1, no limit is applied but it's possible only if overall retention is also -1.
         """
         return pulumi.get(self, "local_retention_bytes")
 
@@ -40309,7 +41617,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="localRetentionMs")
     def local_retention_ms(self) -> Optional[builtins.str]:
         """
-        local.retention.ms value
+        This configuration controls the maximum time tiered storage will retain segment files locally before it will discard old log segments to free up space. If set to -2, the time limit is equal to overall retention time. If set to -1, no time limit is applied but it's possible only if overall retention is also -1.
         """
         return pulumi.get(self, "local_retention_ms")
 
@@ -40317,7 +41625,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="maxCompactionLagMs")
     def max_compaction_lag_ms(self) -> Optional[builtins.str]:
         """
-        max.compaction.lag.ms value
+        The maximum time a message will remain ineligible for compaction in the log. Only applicable for logs that are being compacted.
         """
         return pulumi.get(self, "max_compaction_lag_ms")
 
@@ -40325,7 +41633,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="maxMessageBytes")
     def max_message_bytes(self) -> Optional[builtins.str]:
         """
-        max.message.bytes value
+        The largest record batch size allowed by Kafka (after compression if compression is enabled). If this is increased and there are consumers older than 0.10.2, the consumers' fetch size must also be increased so that the they can fetch record batches this large. In the latest message format version, records are always grouped into batches for efficiency. In previous message format versions, uncompressed records are not grouped into batches and this limit only applies to a single record in that case.
         """
         return pulumi.get(self, "max_message_bytes")
 
@@ -40333,7 +41641,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="messageDownconversionEnable")
     def message_downconversion_enable(self) -> Optional[builtins.bool]:
         """
-        message.downconversion.enable value
+        This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. When set to false, broker will not perform down-conversion for consumers expecting an older message format. The broker responds with UNSUPPORTED_VERSION error for consume requests from such older clients. This configuration does not apply to any message format conversion that might be required for replication to followers.
         """
         return pulumi.get(self, "message_downconversion_enable")
 
@@ -40341,7 +41649,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="messageFormatVersion")
     def message_format_version(self) -> Optional[builtins.str]:
         """
-        message.format.version value. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0` and `3.9-IV1`.
+        Specify the message format version the broker will use to append messages to the logs. The value should be a valid ApiVersion. Some examples are: 0.8.2, 0.9.0.0, 0.10.0, check ApiVersion for more details. By setting a particular message format version, the user is certifying that all the existing messages on disk are smaller or equal than the specified version. Setting this value incorrectly will cause consumers with older versions to break as they will receive messages with a format that they don't understand. The possible values are `0.10.0`, `0.10.0-IV0`, `0.10.0-IV1`, `0.10.1`, `0.10.1-IV0`, `0.10.1-IV1`, `0.10.1-IV2`, `0.10.2`, `0.10.2-IV0`, `0.11.0`, `0.11.0-IV0`, `0.11.0-IV1`, `0.11.0-IV2`, `0.8.0`, `0.8.1`, `0.8.2`, `0.9.0`, `1.0`, `1.0-IV0`, `1.1`, `1.1-IV0`, `2.0`, `2.0-IV0`, `2.0-IV1`, `2.1`, `2.1-IV0`, `2.1-IV1`, `2.1-IV2`, `2.2`, `2.2-IV0`, `2.2-IV1`, `2.3`, `2.3-IV0`, `2.3-IV1`, `2.4`, `2.4-IV0`, `2.4-IV1`, `2.5`, `2.5-IV0`, `2.6`, `2.6-IV0`, `2.7`, `2.7-IV0`, `2.7-IV1`, `2.7-IV2`, `2.8`, `2.8-IV0`, `2.8-IV1`, `3.0`, `3.0-IV0`, `3.0-IV1`, `3.1`, `3.1-IV0`, `3.2`, `3.2-IV0`, `3.3`, `3.3-IV0`, `3.3-IV1`, `3.3-IV2`, `3.3-IV3`, `3.4`, `3.4-IV0`, `3.5`, `3.5-IV0`, `3.5-IV1`, `3.5-IV2`, `3.6`, `3.6-IV0`, `3.6-IV1`, `3.6-IV2`, `3.7`, `3.7-IV0`, `3.7-IV1`, `3.7-IV2`, `3.7-IV3`, `3.7-IV4`, `3.8`, `3.8-IV0`, `3.9`, `3.9-IV0`, `3.9-IV1`, `4.0`, `4.0-IV0`, `4.1` and `4.1-IV0`.
         """
         return pulumi.get(self, "message_format_version")
 
@@ -40349,7 +41657,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="messageTimestampDifferenceMaxMs")
     def message_timestamp_difference_max_ms(self) -> Optional[builtins.str]:
         """
-        message.timestamp.difference.max.ms value
+        The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. If message.timestamp.type=CreateTime, a message will be rejected if the difference in timestamp exceeds this threshold. This configuration is ignored if message.timestamp.type=LogAppendTime.
         """
         return pulumi.get(self, "message_timestamp_difference_max_ms")
 
@@ -40357,7 +41665,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="messageTimestampType")
     def message_timestamp_type(self) -> Optional[builtins.str]:
         """
-        message.timestamp.type value. The possible values are `CreateTime` and `LogAppendTime`.
+        Define whether the timestamp in the message is message create time or log append time. The possible values are `CreateTime` and `LogAppendTime`.
         """
         return pulumi.get(self, "message_timestamp_type")
 
@@ -40365,7 +41673,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="minCleanableDirtyRatio")
     def min_cleanable_dirty_ratio(self) -> Optional[builtins.float]:
         """
-        min.cleanable.dirty.ratio value
+        This configuration controls how frequently the log compactor will attempt to clean the log (assuming log compaction is enabled). By default we will avoid cleaning a log where more than 50% of the log has been compacted. This ratio bounds the maximum space wasted in the log by duplicates (at 50% at most 50% of the log could be duplicates). A higher ratio will mean fewer, more efficient cleanings but will mean more wasted space in the log. If the max.compaction.lag.ms or the min.compaction.lag.ms configurations are also specified, then the log compactor considers the log to be eligible for compaction as soon as either: (i) the dirty ratio threshold has been met and the log has had dirty (uncompacted) records for at least the min.compaction.lag.ms duration, or (ii) if the log has had dirty (uncompacted) records for at most the max.compaction.lag.ms period.
         """
         return pulumi.get(self, "min_cleanable_dirty_ratio")
 
@@ -40373,7 +41681,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="minCompactionLagMs")
     def min_compaction_lag_ms(self) -> Optional[builtins.str]:
         """
-        min.compaction.lag.ms value
+        The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.
         """
         return pulumi.get(self, "min_compaction_lag_ms")
 
@@ -40381,7 +41689,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="minInsyncReplicas")
     def min_insync_replicas(self) -> Optional[builtins.str]:
         """
-        min.insync.replicas value
+        When a producer sets acks to 'all' (or '-1'), this configuration specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful. If this minimum cannot be met, then the producer will raise an exception (either NotEnoughReplicas or NotEnoughReplicasAfterAppend). When used together, min.insync.replicas and acks allow you to enforce greater durability guarantees. A typical scenario would be to create a topic with a replication factor of 3, set min.insync.replicas to 2, and produce with acks of 'all'. This will ensure that the producer raises an exception if a majority of replicas do not receive a write.
         """
         return pulumi.get(self, "min_insync_replicas")
 
@@ -40389,7 +41697,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter
     def preallocate(self) -> Optional[builtins.bool]:
         """
-        preallocate value
+        True if we should preallocate the file on disk when creating a new log segment.
         """
         return pulumi.get(self, "preallocate")
 
@@ -40397,7 +41705,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="remoteStorageEnable")
     def remote_storage_enable(self) -> Optional[builtins.bool]:
         """
-        remote.storage.enable value
+        Indicates whether tiered storage should be enabled.
         """
         return pulumi.get(self, "remote_storage_enable")
 
@@ -40405,7 +41713,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="retentionBytes")
     def retention_bytes(self) -> Optional[builtins.str]:
         """
-        retention.bytes value
+        This configuration controls the maximum size a partition (which consists of log segments) can grow to before we will discard old log segments to free up space if we are using the 'delete' retention policy. By default there is no size limit only a time limit. Since this limit is enforced at the partition level, multiply it by the number of partitions to compute the topic retention in bytes.
         """
         return pulumi.get(self, "retention_bytes")
 
@@ -40413,7 +41721,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="retentionMs")
     def retention_ms(self) -> Optional[builtins.str]:
         """
-        retention.ms value
+        This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space if we are using the 'delete' retention policy. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied.
         """
         return pulumi.get(self, "retention_ms")
 
@@ -40421,7 +41729,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="segmentBytes")
     def segment_bytes(self) -> Optional[builtins.str]:
         """
-        segment.bytes value
+        This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
         """
         return pulumi.get(self, "segment_bytes")
 
@@ -40429,7 +41737,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="segmentIndexBytes")
     def segment_index_bytes(self) -> Optional[builtins.str]:
         """
-        segment.index.bytes value
+        This configuration controls the size of the index that maps offsets to file positions. We preallocate this index file and shrink it only after log rolls. You generally should not need to change this setting.
         """
         return pulumi.get(self, "segment_index_bytes")
 
@@ -40437,7 +41745,7 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="segmentJitterMs")
     def segment_jitter_ms(self) -> Optional[builtins.str]:
         """
-        segment.jitter.ms value
+        The maximum random jitter subtracted from the scheduled segment roll time to avoid thundering herds of segment rolling
         """
         return pulumi.get(self, "segment_jitter_ms")
 
@@ -40445,16 +41753,15 @@ class GetKafkaTopicConfigResult(dict):
     @pulumi.getter(name="segmentMs")
     def segment_ms(self) -> Optional[builtins.str]:
         """
-        segment.ms value
+        This configuration controls the period of time after which Kafka will force the log to roll even if the segment file isn't full to ensure that retention can delete or compact old data. Setting this to a very low value has consequences, and the Aiven management plane ignores values less than 10 seconds.
         """
         return pulumi.get(self, "segment_ms")
 
     @property
     @pulumi.getter(name="uncleanLeaderElectionEnable")
-    @_utilities.deprecated("""This field is deprecated and no longer functional.""")
     def unclean_leader_election_enable(self) -> Optional[builtins.bool]:
         """
-        unclean.leader.election.enable value; This field is deprecated and no longer functional.
+        Indicates whether to enable replicas not in the ISR set to be elected as leader as a last resort, even though doing so may result in data loss.
         """
         return pulumi.get(self, "unclean_leader_election_enable")
 
@@ -40496,6 +41803,7 @@ class GetM3AggregatorComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -40505,6 +41813,7 @@ class GetM3AggregatorComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -40514,6 +41823,7 @@ class GetM3AggregatorComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -40551,6 +41861,14 @@ class GetM3AggregatorComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -40830,6 +42148,7 @@ class GetM3DbComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -40839,6 +42158,7 @@ class GetM3DbComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -40848,6 +42168,7 @@ class GetM3DbComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -40885,6 +42206,14 @@ class GetM3DbComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -41838,6 +43167,7 @@ class GetMySqlComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -41847,6 +43177,7 @@ class GetMySqlComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -41856,6 +43187,7 @@ class GetMySqlComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -41893,6 +43225,14 @@ class GetMySqlComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -43043,6 +44383,7 @@ class GetOpenSearchComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -43052,6 +44393,7 @@ class GetOpenSearchComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -43061,6 +44403,7 @@ class GetOpenSearchComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -43098,6 +44441,14 @@ class GetOpenSearchComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -43140,11 +44491,11 @@ class GetOpenSearchOpensearchResult(dict):
                  uris: Sequence[builtins.str],
                  username: builtins.str):
         """
-        :param builtins.str kibana_uri: URI for Kibana dashboard frontend
-        :param builtins.str opensearch_dashboards_uri: URI for OpenSearch dashboard frontend
-        :param builtins.str password: OpenSearch password
+        :param builtins.str kibana_uri: URI for Kibana dashboard frontend.
+        :param builtins.str opensearch_dashboards_uri: URI for OpenSearch dashboard frontend.
+        :param builtins.str password: OpenSearch password.
         :param Sequence[builtins.str] uris: OpenSearch server URIs.
-        :param builtins.str username: OpenSearch username
+        :param builtins.str username: OpenSearch username.
         """
         pulumi.set(__self__, "kibana_uri", kibana_uri)
         pulumi.set(__self__, "opensearch_dashboards_uri", opensearch_dashboards_uri)
@@ -43157,7 +44508,7 @@ class GetOpenSearchOpensearchResult(dict):
     @_utilities.deprecated("""This field was added by mistake and has never worked. It will be removed in future versions.""")
     def kibana_uri(self) -> builtins.str:
         """
-        URI for Kibana dashboard frontend
+        URI for Kibana dashboard frontend.
         """
         return pulumi.get(self, "kibana_uri")
 
@@ -43165,7 +44516,7 @@ class GetOpenSearchOpensearchResult(dict):
     @pulumi.getter(name="opensearchDashboardsUri")
     def opensearch_dashboards_uri(self) -> builtins.str:
         """
-        URI for OpenSearch dashboard frontend
+        URI for OpenSearch dashboard frontend.
         """
         return pulumi.get(self, "opensearch_dashboards_uri")
 
@@ -43173,7 +44524,7 @@ class GetOpenSearchOpensearchResult(dict):
     @pulumi.getter
     def password(self) -> builtins.str:
         """
-        OpenSearch password
+        OpenSearch password.
         """
         return pulumi.get(self, "password")
 
@@ -43189,7 +44540,7 @@ class GetOpenSearchOpensearchResult(dict):
     @pulumi.getter
     def username(self) -> builtins.str:
         """
-        OpenSearch username
+        OpenSearch username.
         """
         return pulumi.get(self, "username")
 
@@ -43553,7 +44904,7 @@ class GetOpenSearchOpensearchUserConfigAzureMigrationResult(dict):
         :param builtins.str endpoint_suffix: Defines the DNS suffix for Azure Storage endpoints.
         :param builtins.bool include_aliases: Whether to restore aliases alongside their associated indexes. Default is true.
         :param builtins.str key: Azure account secret key. One of key or sas_token should be specified.
-        :param builtins.bool readonly: Whether the repository is read-only. Default: `false`.
+        :param builtins.bool readonly: Whether the repository is read-only. Default: `true`.
         :param builtins.bool restore_global_state: If true, restore the cluster state. Defaults to false.
         :param builtins.str sas_token: A shared access signatures (SAS) token. One of key or sas_token should be specified.
         """
@@ -43663,7 +45014,7 @@ class GetOpenSearchOpensearchUserConfigAzureMigrationResult(dict):
     @pulumi.getter
     def readonly(self) -> Optional[builtins.bool]:
         """
-        Whether the repository is read-only. Default: `false`.
+        Whether the repository is read-only. Default: `true`.
         """
         return pulumi.get(self, "readonly")
 
@@ -43706,7 +45057,7 @@ class GetOpenSearchOpensearchUserConfigGcsMigrationResult(dict):
         :param builtins.str chunk_size: Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository.
         :param builtins.bool compress: When set to true metadata files are stored in compressed format.
         :param builtins.bool include_aliases: Whether to restore aliases alongside their associated indexes. Default is true.
-        :param builtins.bool readonly: Whether the repository is read-only. Default: `false`.
+        :param builtins.bool readonly: Whether the repository is read-only. Default: `true`.
         :param builtins.bool restore_global_state: If true, restore the cluster state. Defaults to false.
         """
         pulumi.set(__self__, "base_path", base_path)
@@ -43793,7 +45144,7 @@ class GetOpenSearchOpensearchUserConfigGcsMigrationResult(dict):
     @pulumi.getter
     def readonly(self) -> Optional[builtins.bool]:
         """
-        Whether the repository is read-only. Default: `false`.
+        Whether the repository is read-only. Default: `true`.
         """
         return pulumi.get(self, "readonly")
 
@@ -44149,6 +45500,7 @@ class GetOpenSearchOpensearchUserConfigOpensearchResult(dict):
                  email_sender_password: Optional[builtins.str] = None,
                  email_sender_username: Optional[builtins.str] = None,
                  enable_remote_backed_storage: Optional[builtins.bool] = None,
+                 enable_searchable_snapshots: Optional[builtins.bool] = None,
                  enable_security_audit: Optional[builtins.bool] = None,
                  http_max_content_length: Optional[builtins.int] = None,
                  http_max_header_size: Optional[builtins.int] = None,
@@ -44201,6 +45553,7 @@ class GetOpenSearchOpensearchUserConfigOpensearchResult(dict):
         :param builtins.str email_sender_password: Sender password for Opensearch alerts to authenticate with SMTP server. Example: `very-secure-mail-password`.
         :param builtins.str email_sender_username: Sender username for Opensearch alerts. Example: `jane@example.com`.
         :param builtins.bool enable_remote_backed_storage: Enable remote-backed storage.
+        :param builtins.bool enable_searchable_snapshots: Enable searchable snapshots.
         :param builtins.bool enable_security_audit: Enable/Disable security audit.
         :param builtins.int http_max_content_length: Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.
         :param builtins.int http_max_header_size: The max size of allowed headers, in bytes. Example: `8192`.
@@ -44265,6 +45618,8 @@ class GetOpenSearchOpensearchUserConfigOpensearchResult(dict):
             pulumi.set(__self__, "email_sender_username", email_sender_username)
         if enable_remote_backed_storage is not None:
             pulumi.set(__self__, "enable_remote_backed_storage", enable_remote_backed_storage)
+        if enable_searchable_snapshots is not None:
+            pulumi.set(__self__, "enable_searchable_snapshots", enable_searchable_snapshots)
         if enable_security_audit is not None:
             pulumi.set(__self__, "enable_security_audit", enable_security_audit)
         if http_max_content_length is not None:
@@ -44439,6 +45794,14 @@ class GetOpenSearchOpensearchUserConfigOpensearchResult(dict):
         """
         return pulumi.get(self, "enable_remote_backed_storage")
 
+    @property
+    @pulumi.getter(name="enableSearchableSnapshots")
+    def enable_searchable_snapshots(self) -> Optional[builtins.bool]:
+        """
+        Enable searchable snapshots.
+        """
+        return pulumi.get(self, "enable_searchable_snapshots")
+
     @property
     @pulumi.getter(name="enableSecurityAudit")
     def enable_security_audit(self) -> Optional[builtins.bool]:
@@ -46038,7 +47401,7 @@ class GetOpenSearchOpensearchUserConfigS3MigrationResult(dict):
         :param builtins.bool compress: When set to true metadata files are stored in compressed format.
         :param builtins.str endpoint: The S3 service endpoint to connect to. If you are using an S3-compatible service then you should set this to the service’s endpoint.
         :param builtins.bool include_aliases: Whether to restore aliases alongside their associated indexes. Default is true.
-        :param builtins.bool readonly: Whether the repository is read-only. Default: `false`.
+        :param builtins.bool readonly: Whether the repository is read-only. Default: `true`.
         :param builtins.bool restore_global_state: If true, restore the cluster state. Defaults to false.
         :param builtins.bool server_side_encryption: When set to true files are encrypted on server side.
         """
@@ -46156,7 +47519,7 @@ class GetOpenSearchOpensearchUserConfigS3MigrationResult(dict):
     @pulumi.getter
     def readonly(self) -> Optional[builtins.bool]:
         """
-        Whether the repository is read-only. Default: `false`.
+        Whether the repository is read-only. Default: `true`.
         """
         return pulumi.get(self, "readonly")
 
@@ -46346,6 +47709,191 @@ class GetOpenSearchTechEmailResult(dict):
         return pulumi.get(self, "email")
 
 
+@pulumi.output_type
+class GetOrganizationAddressTimeoutsResult(dict):
+    def __init__(__self__, *,
+                 read: Optional[builtins.str] = None):
+        """
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "read")
+
+
+@pulumi.output_type
+class GetOrganizationBillingGroupListBillingGroupResult(dict):
+    def __init__(__self__, *,
+                 billing_address_id: builtins.str,
+                 billing_contact_emails: Sequence[builtins.str],
+                 billing_currency: builtins.str,
+                 billing_emails: Sequence[builtins.str],
+                 billing_group_id: builtins.str,
+                 billing_group_name: builtins.str,
+                 custom_invoice_text: builtins.str,
+                 organization_id: builtins.str,
+                 payment_method_id: builtins.str,
+                 shipping_address_id: builtins.str,
+                 vat_id: builtins.str):
+        """
+        :param builtins.str billing_address_id: Billing address ID.
+        :param Sequence[builtins.str] billing_contact_emails: List of billing contact emails.
+        :param builtins.str billing_currency: Acceptable currencies for a billing group. The possible values are `AUD`, `CAD`, `CHF`, `DKK`, `EUR`, `GBP`, `JPY`, `NOK`, `NZD`, `SEK`, `SGD` and `USD`.
+        :param Sequence[builtins.str] billing_emails: List of billing contact emails.
+        :param builtins.str billing_group_id: Billing group ID.
+        :param builtins.str billing_group_name: Billing Group Name.
+        :param builtins.str custom_invoice_text: Extra billing text.
+        :param builtins.str organization_id: Organization ID.
+        :param builtins.str payment_method_id: Payment method ID.
+        :param builtins.str shipping_address_id: Shipping address ID.
+        :param builtins.str vat_id: VAT ID.
+        """
+        pulumi.set(__self__, "billing_address_id", billing_address_id)
+        pulumi.set(__self__, "billing_contact_emails", billing_contact_emails)
+        pulumi.set(__self__, "billing_currency", billing_currency)
+        pulumi.set(__self__, "billing_emails", billing_emails)
+        pulumi.set(__self__, "billing_group_id", billing_group_id)
+        pulumi.set(__self__, "billing_group_name", billing_group_name)
+        pulumi.set(__self__, "custom_invoice_text", custom_invoice_text)
+        pulumi.set(__self__, "organization_id", organization_id)
+        pulumi.set(__self__, "payment_method_id", payment_method_id)
+        pulumi.set(__self__, "shipping_address_id", shipping_address_id)
+        pulumi.set(__self__, "vat_id", vat_id)
+
+    @property
+    @pulumi.getter(name="billingAddressId")
+    def billing_address_id(self) -> builtins.str:
+        """
+        Billing address ID.
+        """
+        return pulumi.get(self, "billing_address_id")
+
+    @property
+    @pulumi.getter(name="billingContactEmails")
+    def billing_contact_emails(self) -> Sequence[builtins.str]:
+        """
+        List of billing contact emails.
+        """
+        return pulumi.get(self, "billing_contact_emails")
+
+    @property
+    @pulumi.getter(name="billingCurrency")
+    def billing_currency(self) -> builtins.str:
+        """
+        Acceptable currencies for a billing group. The possible values are `AUD`, `CAD`, `CHF`, `DKK`, `EUR`, `GBP`, `JPY`, `NOK`, `NZD`, `SEK`, `SGD` and `USD`.
+        """
+        return pulumi.get(self, "billing_currency")
+
+    @property
+    @pulumi.getter(name="billingEmails")
+    def billing_emails(self) -> Sequence[builtins.str]:
+        """
+        List of billing contact emails.
+        """
+        return pulumi.get(self, "billing_emails")
+
+    @property
+    @pulumi.getter(name="billingGroupId")
+    def billing_group_id(self) -> builtins.str:
+        """
+        Billing group ID.
+        """
+        return pulumi.get(self, "billing_group_id")
+
+    @property
+    @pulumi.getter(name="billingGroupName")
+    def billing_group_name(self) -> builtins.str:
+        """
+        Billing Group Name.
+        """
+        return pulumi.get(self, "billing_group_name")
+
+    @property
+    @pulumi.getter(name="customInvoiceText")
+    def custom_invoice_text(self) -> builtins.str:
+        """
+        Extra billing text.
+        """
+        return pulumi.get(self, "custom_invoice_text")
+
+    @property
+    @pulumi.getter(name="organizationId")
+    def organization_id(self) -> builtins.str:
+        """
+        Organization ID.
+        """
+        return pulumi.get(self, "organization_id")
+
+    @property
+    @pulumi.getter(name="paymentMethodId")
+    def payment_method_id(self) -> builtins.str:
+        """
+        Payment method ID.
+        """
+        return pulumi.get(self, "payment_method_id")
+
+    @property
+    @pulumi.getter(name="shippingAddressId")
+    def shipping_address_id(self) -> builtins.str:
+        """
+        Shipping address ID.
+        """
+        return pulumi.get(self, "shipping_address_id")
+
+    @property
+    @pulumi.getter(name="vatId")
+    def vat_id(self) -> builtins.str:
+        """
+        VAT ID.
+        """
+        return pulumi.get(self, "vat_id")
+
+
+@pulumi.output_type
+class GetOrganizationBillingGroupListTimeoutsResult(dict):
+    def __init__(__self__, *,
+                 read: Optional[builtins.str] = None):
+        """
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "read")
+
+
+@pulumi.output_type
+class GetOrganizationBillingGroupTimeoutsResult(dict):
+    def __init__(__self__, *,
+                 read: Optional[builtins.str] = None):
+        """
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "read")
+
+
 @pulumi.output_type
 class GetOrganizationProjectTagResult(dict):
     def __init__(__self__, *,
@@ -46375,6 +47923,44 @@ class GetOrganizationProjectTagResult(dict):
         return pulumi.get(self, "value")
 
 
+@pulumi.output_type
+class GetOrganizationProjectTimeoutsResult(dict):
+    def __init__(__self__, *,
+                 read: Optional[builtins.str] = None):
+        """
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "read")
+
+
+@pulumi.output_type
+class GetOrganizationTimeoutsResult(dict):
+    def __init__(__self__, *,
+                 read: Optional[builtins.str] = None):
+        """
+        :param builtins.str read: A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        if read is not None:
+            pulumi.set(__self__, "read", read)
+
+    @property
+    @pulumi.getter
+    def read(self) -> Optional[builtins.str]:
+        """
+        A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+        """
+        return pulumi.get(self, "read")
+
+
 @pulumi.output_type
 class GetOrganizationUserListUserResult(dict):
     def __init__(__self__, *,
@@ -46384,10 +47970,10 @@ class GetOrganizationUserListUserResult(dict):
                  user_id: builtins.str,
                  user_infos: Sequence['outputs.GetOrganizationUserListUserUserInfoResult']):
         """
-        :param builtins.bool is_super_admin: Super admin state of the organization user
-        :param builtins.str join_time: Join time
-        :param builtins.str last_activity_time: Last activity time
-        :param builtins.str user_id: User ID
+        :param builtins.bool is_super_admin: Indicates whether the user is a [super admin](https://aiven.io/docs/platform/concepts/permissions).
+        :param builtins.str join_time: Date and time when the user joined the organization.
+        :param builtins.str last_activity_time: Last activity time.
+        :param builtins.str user_id: User ID.
         """
         pulumi.set(__self__, "is_super_admin", is_super_admin)
         pulumi.set(__self__, "join_time", join_time)
@@ -46399,7 +47985,7 @@ class GetOrganizationUserListUserResult(dict):
     @pulumi.getter(name="isSuperAdmin")
     def is_super_admin(self) -> builtins.bool:
         """
-        Super admin state of the organization user
+        Indicates whether the user is a [super admin](https://aiven.io/docs/platform/concepts/permissions).
         """
         return pulumi.get(self, "is_super_admin")
 
@@ -46407,7 +47993,7 @@ class GetOrganizationUserListUserResult(dict):
     @pulumi.getter(name="joinTime")
     def join_time(self) -> builtins.str:
         """
-        Join time
+        Date and time when the user joined the organization.
         """
         return pulumi.get(self, "join_time")
 
@@ -46415,7 +48001,7 @@ class GetOrganizationUserListUserResult(dict):
     @pulumi.getter(name="lastActivityTime")
     def last_activity_time(self) -> builtins.str:
         """
-        Last activity time
+        Last activity time.
         """
         return pulumi.get(self, "last_activity_time")
 
@@ -46423,7 +48009,7 @@ class GetOrganizationUserListUserResult(dict):
     @pulumi.getter(name="userId")
     def user_id(self) -> builtins.str:
         """
-        User ID
+        User ID.
         """
         return pulumi.get(self, "user_id")
 
@@ -46450,15 +48036,15 @@ class GetOrganizationUserListUserUserInfoResult(dict):
         """
         :param builtins.str city: City
         :param builtins.str country: Country
-        :param builtins.str create_time: Creation time
+        :param builtins.str create_time: Date and time when the user was created.
         :param builtins.str department: Department
-        :param builtins.bool is_application_user: Is Application User
-        :param builtins.str job_title: Job Title
-        :param builtins.bool managed_by_scim: Managed By Scim
-        :param builtins.str managing_organization_id: Managing Organization ID
-        :param builtins.str real_name: Real Name
+        :param builtins.bool is_application_user: Inidicates whether the user is an [application user](https://aiven.io/docs/platform/concepts/application-users).
+        :param builtins.str job_title: Job title
+        :param builtins.bool managed_by_scim: Indicates whether the user is managed by [System for Cross-domain Identity Management (SCIM)](https://aiven.io/docs/platform/howto/list-identity-providers).
+        :param builtins.str managing_organization_id: The ID of the organization that [manages the user](https://aiven.io/docs/platform/concepts/managed-users).
+        :param builtins.str real_name: Full name of the user.
         :param builtins.str state: State
-        :param builtins.str user_email: User Email
+        :param builtins.str user_email: Email address.
         """
         pulumi.set(__self__, "city", city)
         pulumi.set(__self__, "country", country)
@@ -46492,7 +48078,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="createTime")
     def create_time(self) -> builtins.str:
         """
-        Creation time
+        Date and time when the user was created.
         """
         return pulumi.get(self, "create_time")
 
@@ -46508,7 +48094,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="isApplicationUser")
     def is_application_user(self) -> builtins.bool:
         """
-        Is Application User
+        Inidicates whether the user is an [application user](https://aiven.io/docs/platform/concepts/application-users).
         """
         return pulumi.get(self, "is_application_user")
 
@@ -46516,7 +48102,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="jobTitle")
     def job_title(self) -> builtins.str:
         """
-        Job Title
+        Job title
         """
         return pulumi.get(self, "job_title")
 
@@ -46524,7 +48110,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="managedByScim")
     def managed_by_scim(self) -> builtins.bool:
         """
-        Managed By Scim
+        Indicates whether the user is managed by [System for Cross-domain Identity Management (SCIM)](https://aiven.io/docs/platform/howto/list-identity-providers).
         """
         return pulumi.get(self, "managed_by_scim")
 
@@ -46532,7 +48118,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="managingOrganizationId")
     def managing_organization_id(self) -> builtins.str:
         """
-        Managing Organization ID
+        The ID of the organization that [manages the user](https://aiven.io/docs/platform/concepts/managed-users).
         """
         return pulumi.get(self, "managing_organization_id")
 
@@ -46540,7 +48126,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="realName")
     def real_name(self) -> builtins.str:
         """
-        Real Name
+        Full name of the user.
         """
         return pulumi.get(self, "real_name")
 
@@ -46556,7 +48142,7 @@ class GetOrganizationUserListUserUserInfoResult(dict):
     @pulumi.getter(name="userEmail")
     def user_email(self) -> builtins.str:
         """
-        User Email
+        Email address.
         """
         return pulumi.get(self, "user_email")
 
@@ -46568,6 +48154,7 @@ class GetPgComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -46577,6 +48164,7 @@ class GetPgComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -46586,6 +48174,7 @@ class GetPgComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -46623,6 +48212,14 @@ class GetPgComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -47157,7 +48754,6 @@ class GetPgPgUserConfigResult(dict):
 
     @property
     @pulumi.getter
-    @_utilities.deprecated("""This property is deprecated.""")
     def pgaudit(self) -> Optional['outputs.GetPgPgUserConfigPgauditResult']:
         """
         System-wide settings for the pgaudit extension
@@ -48128,7 +49724,7 @@ class GetPgPgUserConfigPgauditResult(dict):
         :param builtins.bool feature_enabled: Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
         :param builtins.bool log_catalog: Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
         :param builtins.bool log_client: Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
-        :param builtins.str log_level: Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `notice`, `warning`, `log`. Specifies the log level that will be used for log entries. Default: `log`.
+        :param builtins.str log_level: Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
         :param builtins.int log_max_string_length: Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
         :param builtins.bool log_nested_statements: This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
         :param builtins.bool log_parameter: Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
@@ -48171,7 +49767,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="featureEnabled")
-    @_utilities.deprecated("""This property is deprecated.""")
     def feature_enabled(self) -> Optional[builtins.bool]:
         """
         Enable pgaudit extension. When enabled, pgaudit extension will be automatically installed.Otherwise, extension will be uninstalled but auditing configurations will be preserved. Default: `false`.
@@ -48180,7 +49775,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logCatalog")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_catalog(self) -> Optional[builtins.bool]:
         """
         Specifies that session logging should be enabled in the casewhere all relations in a statement are in pg_catalog. Default: `true`.
@@ -48189,7 +49783,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logClient")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_client(self) -> Optional[builtins.bool]:
         """
         Specifies whether log messages will be visible to a client process such as psql. Default: `false`.
@@ -48198,16 +49791,14 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logLevel")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_level(self) -> Optional[builtins.str]:
         """
-        Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `notice`, `warning`, `log`. Specifies the log level that will be used for log entries. Default: `log`.
+        Enum: `debug1`, `debug2`, `debug3`, `debug4`, `debug5`, `info`, `log`, `notice`, `warning`. Specifies the log level that will be used for log entries. Default: `log`.
         """
         return pulumi.get(self, "log_level")
 
     @property
     @pulumi.getter(name="logMaxStringLength")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_max_string_length(self) -> Optional[builtins.int]:
         """
         Crop parameters representation and whole statements if they exceed this threshold. A (default) value of -1 disable the truncation. Default: `-1`.
@@ -48216,7 +49807,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logNestedStatements")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_nested_statements(self) -> Optional[builtins.bool]:
         """
         This GUC allows to turn off logging nested statements, that is, statements that are executed as part of another ExecutorRun. Default: `true`.
@@ -48225,7 +49815,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logParameter")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_parameter(self) -> Optional[builtins.bool]:
         """
         Specifies that audit logging should include the parameters that were passed with the statement. Default: `false`.
@@ -48234,7 +49823,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logParameterMaxSize")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_parameter_max_size(self) -> Optional[builtins.int]:
         """
         Specifies that parameter values longer than this setting (in bytes) should not be logged, but replaced with <long param suppressed>. Default: `0`.
@@ -48243,7 +49831,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logRelation")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_relation(self) -> Optional[builtins.bool]:
         """
         Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement. Default: `false`.
@@ -48252,7 +49839,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logRows")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_rows(self) -> Optional[builtins.bool]:
         """
         Specifies that audit logging should include the rows retrieved or affected by a statement. When enabled the rows field will be included after the parameter field. Default: `false`.
@@ -48261,7 +49847,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logStatement")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_statement(self) -> Optional[builtins.bool]:
         """
         Specifies whether logging will include the statement text and parameters (if enabled). Default: `true`.
@@ -48270,7 +49855,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter(name="logStatementOnce")
-    @_utilities.deprecated("""This property is deprecated.""")
     def log_statement_once(self) -> Optional[builtins.bool]:
         """
         Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry. Default: `false`.
@@ -48279,7 +49863,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter
-    @_utilities.deprecated("""This property is deprecated.""")
     def logs(self) -> Optional[Sequence[builtins.str]]:
         """
         Specifies which classes of statements will be logged by session audit logging.
@@ -48288,7 +49871,6 @@ class GetPgPgUserConfigPgauditResult(dict):
 
     @property
     @pulumi.getter
-    @_utilities.deprecated("""This property is deprecated.""")
     def role(self) -> Optional[builtins.str]:
         """
         Specifies the master role to use for object audit logging.
@@ -48702,6 +50284,7 @@ class GetRedisComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -48711,6 +50294,7 @@ class GetRedisComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -48720,6 +50304,7 @@ class GetRedisComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -48757,6 +50342,14 @@ class GetRedisComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -52229,6 +53822,7 @@ class GetThanosComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -52238,6 +53832,7 @@ class GetThanosComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -52247,6 +53842,7 @@ class GetThanosComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -52284,6 +53880,14 @@ class GetThanosComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int:
@@ -52964,6 +54568,7 @@ class GetValkeyComponentResult(dict):
                  connection_uri: builtins.str,
                  host: builtins.str,
                  kafka_authentication_method: builtins.str,
+                 kafka_ssl_ca: builtins.str,
                  port: builtins.int,
                  route: builtins.str,
                  ssl: builtins.bool,
@@ -52973,6 +54578,7 @@ class GetValkeyComponentResult(dict):
         :param builtins.str connection_uri: Connection info for connecting to the service component. This is a combination of host and port.
         :param builtins.str host: Host name for connecting to the service component
         :param builtins.str kafka_authentication_method: Kafka authentication method. This is a value specific to the 'kafka' service component
+        :param builtins.str kafka_ssl_ca: Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
         :param builtins.int port: Port number for connecting to the service component
         :param builtins.str route: Network access route
         :param builtins.bool ssl: Whether the endpoint is encrypted or accepts plaintext. By default endpoints are always encrypted and this property is only included for service components they may disable encryption
@@ -52982,6 +54588,7 @@ class GetValkeyComponentResult(dict):
         pulumi.set(__self__, "connection_uri", connection_uri)
         pulumi.set(__self__, "host", host)
         pulumi.set(__self__, "kafka_authentication_method", kafka_authentication_method)
+        pulumi.set(__self__, "kafka_ssl_ca", kafka_ssl_ca)
         pulumi.set(__self__, "port", port)
         pulumi.set(__self__, "route", route)
         pulumi.set(__self__, "ssl", ssl)
@@ -53019,6 +54626,14 @@ class GetValkeyComponentResult(dict):
         """
         return pulumi.get(self, "kafka_authentication_method")
 
+    @property
+    @pulumi.getter(name="kafkaSslCa")
+    def kafka_ssl_ca(self) -> builtins.str:
+        """
+        Kafka certificate used. The possible values are `letsencrypt` and `project_ca`.
+        """
+        return pulumi.get(self, "kafka_ssl_ca")
+
     @property
     @pulumi.getter
     def port(self) -> builtins.int: