pulumi-docker 4.6.0b1__py3-none-any.whl → 4.6.0b3__py3-none-any.whl

pulumi_docker/buildx/image.py

@@ -17,23 +17,33 @@ __all__ = ['ImageArgs', 'Image']
 @pulumi.input_type
 class ImageArgs:
     def __init__(__self__, *,
+                 add_hosts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  build_args: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  build_on_preview: Optional[pulumi.Input[bool]] = None,
                  builder: Optional[pulumi.Input['BuilderConfigArgs']] = None,
-                 cache_from: Optional[pulumi.Input[Sequence[pulumi.Input['CacheFromEntryArgs']]]] = None,
-                 cache_to: Optional[pulumi.Input[Sequence[pulumi.Input['CacheToEntryArgs']]]] = None,
+                 cache_from: Optional[pulumi.Input[Sequence[pulumi.Input['CacheFromArgs']]]] = None,
+                 cache_to: Optional[pulumi.Input[Sequence[pulumi.Input['CacheToArgs']]]] = None,
                  context: Optional[pulumi.Input['BuildContextArgs']] = None,
                  dockerfile: Optional[pulumi.Input['DockerfileArgs']] = None,
-                 exports: Optional[pulumi.Input[Sequence[pulumi.Input['ExportEntryArgs']]]] = None,
+                 exec_: Optional[pulumi.Input[bool]] = None,
+                 exports: Optional[pulumi.Input[Sequence[pulumi.Input['ExportArgs']]]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 load: Optional[pulumi.Input[bool]] = None,
+                 network: Optional[pulumi.Input['NetworkMode']] = None,
+                 no_cache: Optional[pulumi.Input[bool]] = None,
                  platforms: Optional[pulumi.Input[Sequence[pulumi.Input['Platform']]]] = None,
                  pull: Optional[pulumi.Input[bool]] = None,
+                 push: Optional[pulumi.Input[bool]] = None,
                  registries: Optional[pulumi.Input[Sequence[pulumi.Input['RegistryAuthArgs']]]] = None,
                  secrets: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 ssh: Optional[pulumi.Input[Sequence[pulumi.Input['SSHArgs']]]] = None,
                  tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 targets: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+                 target: Optional[pulumi.Input[str]] = None):
         """
         The set of arguments for constructing a Image resource.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] add_hosts: Custom `host:ip` mappings to use during the build.
+               
+               Equivalent to Docker's `--add-host` flag.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] build_args: `ARG` names and values to set during the build.
                
                These variables are accessed like environment variables inside `RUN`
@@ -41,22 +51,98 @@ class ImageArgs:
                
                Build arguments are persisted in the image, so you should use `secrets`
                if these arguments are sensitive.
-        :param pulumi.Input[bool] build_on_preview: When `true`, attempt to build the image during previews. The image will
-               not be pushed to registries, however caches will still populated.
+               
+               Equivalent to Docker's `--build-arg` flag.
+        :param pulumi.Input[bool] build_on_preview: By default, preview behavior depends on the execution environment. If
+               Pulumi detects the operation is running on a CI system (GitHub Actions,
+               Travis CI, Azure Pipelines, etc.) then it will build images during
+               previews as a safeguard. Otherwise, if not running on CI, previews will
+               not build images.
+               
+               Setting this to `false` forces previews to never perform builds, and
+               setting it to `true` will always build the image during previews.
+               
+               Images built during previews are never exported to registries, however
+               cache manifests are still exported.
+               
+               On-disk Dockerfiles are always validated for syntactic correctness
+               regardless of this setting.
         :param pulumi.Input['BuilderConfigArgs'] builder: Builder configuration.
-        :param pulumi.Input[Sequence[pulumi.Input['CacheFromEntryArgs']]] cache_from: External cache configuration.
-        :param pulumi.Input[Sequence[pulumi.Input['CacheToEntryArgs']]] cache_to: Cache export configuration.
+        :param pulumi.Input[Sequence[pulumi.Input['CacheFromArgs']]] cache_from: Cache export configuration.
+               
+               Equivalent to Docker's `--cache-from` flag.
+        :param pulumi.Input[Sequence[pulumi.Input['CacheToArgs']]] cache_to: Cache import configuration.
+               
+               Equivalent to Docker's `--cache-to` flag.
         :param pulumi.Input['BuildContextArgs'] context: Build context settings.
+               
+               Equivalent to Docker's `PATH | URL | -` positional argument.
         :param pulumi.Input['DockerfileArgs'] dockerfile: Dockerfile settings.
-        :param pulumi.Input[Sequence[pulumi.Input['ExportEntryArgs']]] exports: Controls where images are persisted after building.
+               
+               Equivalent to Docker's `--file` flag.
+        :param pulumi.Input[bool] exec_: Use `exec` mode to build this image.
+               
+               By default the provider embeds a v25 Docker client with v0.12 buildx
+               support. This helps ensure consistent behavior across environments and
+               is compatible with alternative build backends (e.g. `buildkitd`), but
+               it may not be desirable if you require a specific version of buildx.
+               For example you may want to run a custom `docker-buildx` binary with
+               support for [Docker Build
+               Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
+               
+               When this is set to `true` the provider will instead execute the
+               `docker-buildx` binary directly to perform its operations. The user is
+               responsible for ensuring this binary exists, with correct permissions
+               and pre-configured builders, at a path Docker expects (e.g.
+               `~/.docker/cli-plugins`).
+               
+               Debugging `exec` mode may be more difficult as Pulumi will not be able
+               to surface fine-grained errors and warnings. Additionally credentials
+               are temporarily written to disk in order to provide them to the
+               `docker-buildx` binary.
+        :param pulumi.Input[Sequence[pulumi.Input['ExportArgs']]] exports: Controls where images are persisted after building.
                
                Images are only stored in the local cache unless `exports` are
                explicitly configured.
+               
+               Exporting to multiple destinations requires a daemon running BuildKit
+               0.13 or later.
+               
+               Equivalent to Docker's `--output` flag.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Attach arbitrary key/value metadata to the image.
-        :param pulumi.Input[Sequence[pulumi.Input['Platform']]] platforms: Set target platform(s) for the build. Defaults to the host's platform
+               
+               Equivalent to Docker's `--label` flag.
+        :param pulumi.Input[bool] load: When `true` the build will automatically include a `docker` export.
+               
+               Defaults to `false`.
+               
+               Equivalent to Docker's `--load` flag.
+        :param pulumi.Input['NetworkMode'] network: Set the network mode for `RUN` instructions. Defaults to `default`.
+               
+               For custom networks, configure your builder with `--driver-opt network=...`.
+               
+               Equivalent to Docker's `--network` flag.
+        :param pulumi.Input[bool] no_cache: Do not import cache manifests when building the image.
+               
+               Equivalent to Docker's `--no-cache` flag.
+        :param pulumi.Input[Sequence[pulumi.Input['Platform']]] platforms: Set target platform(s) for the build. Defaults to the host's platform.
+               
+               Equivalent to Docker's `--platform` flag.
         :param pulumi.Input[bool] pull: Always pull referenced images.
+               
+               Equivalent to Docker's `--pull` flag.
+        :param pulumi.Input[bool] push: When `true` the build will automatically include a `registry` export.
+               
+               Defaults to `false`.
+               
+               Equivalent to Docker's `--push` flag.
         :param pulumi.Input[Sequence[pulumi.Input['RegistryAuthArgs']]] registries: Registry credentials. Required if reading or exporting to private
                repositories.
+               
+               Credentials are kept in-memory and do not pollute pre-existing
+               credentials on the host.
+               
+               Similar to `docker login`.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] secrets: A mapping of secret names to their corresponding values.
                
                Unlike the Docker CLI, these can be passed by value and do not need to
@@ -64,14 +150,25 @@ class ImageArgs:
                
                Build arguments and environment variables are persistent in the final
                image, so you should use this for sensitive values.
+               
+               Similar to Docker's `--secret` flag.
+        :param pulumi.Input[Sequence[pulumi.Input['SSHArgs']]] ssh: SSH agent socket or keys to expose to the build.
+               
+               Equivalent to Docker's `--ssh` flag.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: Name and optionally a tag (format: `name:tag`).
                
                If exporting to a registry, the name should include the fully qualified
                registry address (e.g. `docker.io/pulumi/pulumi:latest`).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] targets: Set the target build stage(s) to build.
+               
+               Equivalent to Docker's `--tag` flag.
+        :param pulumi.Input[str] target: Set the target build stage(s) to build.
                
                If not specified all targets will be built by default.
+               
+               Equivalent to Docker's `--target` flag.
         """
+        if add_hosts is not None:
+            pulumi.set(__self__, "add_hosts", add_hosts)
         if build_args is not None:
             pulumi.set(__self__, "build_args", build_args)
         if build_on_preview is not None:
@@ -86,22 +183,50 @@ class ImageArgs:
             pulumi.set(__self__, "context", context)
         if dockerfile is not None:
             pulumi.set(__self__, "dockerfile", dockerfile)
+        if exec_ is not None:
+            pulumi.set(__self__, "exec_", exec_)
         if exports is not None:
             pulumi.set(__self__, "exports", exports)
         if labels is not None:
             pulumi.set(__self__, "labels", labels)
+        if load is not None:
+            pulumi.set(__self__, "load", load)
+        if network is None:
+            network = 'default'
+        if network is not None:
+            pulumi.set(__self__, "network", network)
+        if no_cache is not None:
+            pulumi.set(__self__, "no_cache", no_cache)
         if platforms is not None:
             pulumi.set(__self__, "platforms", platforms)
         if pull is not None:
             pulumi.set(__self__, "pull", pull)
+        if push is not None:
+            pulumi.set(__self__, "push", push)
         if registries is not None:
             pulumi.set(__self__, "registries", registries)
         if secrets is not None:
             pulumi.set(__self__, "secrets", secrets)
+        if ssh is not None:
+            pulumi.set(__self__, "ssh", ssh)
         if tags is not None:
             pulumi.set(__self__, "tags", tags)
-        if targets is not None:
-            pulumi.set(__self__, "targets", targets)
+        if target is not None:
+            pulumi.set(__self__, "target", target)
+
+    @property
+    @pulumi.getter(name="addHosts")
+    def add_hosts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Custom `host:ip` mappings to use during the build.
+
+        Equivalent to Docker's `--add-host` flag.
+        """
+        return pulumi.get(self, "add_hosts")
+
+    @add_hosts.setter
+    def add_hosts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "add_hosts", value)
 
     @property
     @pulumi.getter(name="buildArgs")
@@ -114,6 +239,8 @@ class ImageArgs:
 
         Build arguments are persisted in the image, so you should use `secrets`
         if these arguments are sensitive.
+
+        Equivalent to Docker's `--build-arg` flag.
         """
         return pulumi.get(self, "build_args")
 
@@ -125,8 +252,20 @@ class ImageArgs:
     @pulumi.getter(name="buildOnPreview")
     def build_on_preview(self) -> Optional[pulumi.Input[bool]]:
         """
-        When `true`, attempt to build the image during previews. The image will
-        not be pushed to registries, however caches will still populated.
+        By default, preview behavior depends on the execution environment. If
+        Pulumi detects the operation is running on a CI system (GitHub Actions,
+        Travis CI, Azure Pipelines, etc.) then it will build images during
+        previews as a safeguard. Otherwise, if not running on CI, previews will
+        not build images.
+
+        Setting this to `false` forces previews to never perform builds, and
+        setting it to `true` will always build the image during previews.
+
+        Images built during previews are never exported to registries, however
+        cache manifests are still exported.
+
+        On-disk Dockerfiles are always validated for syntactic correctness
+        regardless of this setting.
         """
         return pulumi.get(self, "build_on_preview")
 
@@ -148,26 +287,30 @@ class ImageArgs:
 
     @property
     @pulumi.getter(name="cacheFrom")
-    def cache_from(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CacheFromEntryArgs']]]]:
+    def cache_from(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CacheFromArgs']]]]:
         """
-        External cache configuration.
+        Cache export configuration.
+
+        Equivalent to Docker's `--cache-from` flag.
         """
         return pulumi.get(self, "cache_from")
 
     @cache_from.setter
-    def cache_from(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CacheFromEntryArgs']]]]):
+    def cache_from(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CacheFromArgs']]]]):
         pulumi.set(self, "cache_from", value)
 
     @property
     @pulumi.getter(name="cacheTo")
-    def cache_to(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CacheToEntryArgs']]]]:
+    def cache_to(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['CacheToArgs']]]]:
         """
-        Cache export configuration.
+        Cache import configuration.
+
+        Equivalent to Docker's `--cache-to` flag.
         """
         return pulumi.get(self, "cache_to")
 
     @cache_to.setter
-    def cache_to(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CacheToEntryArgs']]]]):
+    def cache_to(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['CacheToArgs']]]]):
         pulumi.set(self, "cache_to", value)
 
     @property
@@ -175,6 +318,8 @@ class ImageArgs:
     def context(self) -> Optional[pulumi.Input['BuildContextArgs']]:
         """
         Build context settings.
+
+        Equivalent to Docker's `PATH | URL | -` positional argument.
         """
         return pulumi.get(self, "context")
 
@@ -187,6 +332,8 @@ class ImageArgs:
     def dockerfile(self) -> Optional[pulumi.Input['DockerfileArgs']]:
         """
         Dockerfile settings.
+
+        Equivalent to Docker's `--file` flag.
         """
         return pulumi.get(self, "dockerfile")
 
@@ -194,19 +341,55 @@ class ImageArgs:
     def dockerfile(self, value: Optional[pulumi.Input['DockerfileArgs']]):
         pulumi.set(self, "dockerfile", value)
 
+    @property
+    @pulumi.getter(name="exec")
+    def exec_(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Use `exec` mode to build this image.
+
+        By default the provider embeds a v25 Docker client with v0.12 buildx
+        support. This helps ensure consistent behavior across environments and
+        is compatible with alternative build backends (e.g. `buildkitd`), but
+        it may not be desirable if you require a specific version of buildx.
+        For example you may want to run a custom `docker-buildx` binary with
+        support for [Docker Build
+        Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
+
+        When this is set to `true` the provider will instead execute the
+        `docker-buildx` binary directly to perform its operations. The user is
+        responsible for ensuring this binary exists, with correct permissions
+        and pre-configured builders, at a path Docker expects (e.g.
+        `~/.docker/cli-plugins`).
+
+        Debugging `exec` mode may be more difficult as Pulumi will not be able
+        to surface fine-grained errors and warnings. Additionally credentials
+        are temporarily written to disk in order to provide them to the
+        `docker-buildx` binary.
+        """
+        return pulumi.get(self, "exec_")
+
+    @exec_.setter
+    def exec_(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "exec_", value)
+
     @property
     @pulumi.getter
-    def exports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ExportEntryArgs']]]]:
+    def exports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ExportArgs']]]]:
         """
         Controls where images are persisted after building.
 
         Images are only stored in the local cache unless `exports` are
         explicitly configured.
+
+        Exporting to multiple destinations requires a daemon running BuildKit
+        0.13 or later.
+
+        Equivalent to Docker's `--output` flag.
         """
         return pulumi.get(self, "exports")
 
     @exports.setter
-    def exports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ExportEntryArgs']]]]):
+    def exports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ExportArgs']]]]):
         pulumi.set(self, "exports", value)
 
     @property
@@ -214,6 +397,8 @@ class ImageArgs:
     def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
         """
         Attach arbitrary key/value metadata to the image.
+
+        Equivalent to Docker's `--label` flag.
         """
         return pulumi.get(self, "labels")
 
@@ -221,11 +406,59 @@ class ImageArgs:
     def labels(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "labels", value)
 
+    @property
+    @pulumi.getter
+    def load(self) -> Optional[pulumi.Input[bool]]:
+        """
+        When `true` the build will automatically include a `docker` export.
+
+        Defaults to `false`.
+
+        Equivalent to Docker's `--load` flag.
+        """
+        return pulumi.get(self, "load")
+
+    @load.setter
+    def load(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "load", value)
+
+    @property
+    @pulumi.getter
+    def network(self) -> Optional[pulumi.Input['NetworkMode']]:
+        """
+        Set the network mode for `RUN` instructions. Defaults to `default`.
+
+        For custom networks, configure your builder with `--driver-opt network=...`.
+
+        Equivalent to Docker's `--network` flag.
+        """
+        return pulumi.get(self, "network")
+
+    @network.setter
+    def network(self, value: Optional[pulumi.Input['NetworkMode']]):
+        pulumi.set(self, "network", value)
+
+    @property
+    @pulumi.getter(name="noCache")
+    def no_cache(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Do not import cache manifests when building the image.
+
+        Equivalent to Docker's `--no-cache` flag.
+        """
+        return pulumi.get(self, "no_cache")
+
+    @no_cache.setter
+    def no_cache(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "no_cache", value)
+
     @property
     @pulumi.getter
     def platforms(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['Platform']]]]:
         """
-        Set target platform(s) for the build. Defaults to the host's platform
+        Set target platform(s) for the build. Defaults to the host's platform.
+
+        Equivalent to Docker's `--platform` flag.
         """
         return pulumi.get(self, "platforms")
 
@@ -238,6 +471,8 @@ class ImageArgs:
     def pull(self) -> Optional[pulumi.Input[bool]]:
         """
         Always pull referenced images.
+
+        Equivalent to Docker's `--pull` flag.
         """
         return pulumi.get(self, "pull")
 
@@ -245,12 +480,33 @@ class ImageArgs:
     def pull(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "pull", value)
 
+    @property
+    @pulumi.getter
+    def push(self) -> Optional[pulumi.Input[bool]]:
+        """
+        When `true` the build will automatically include a `registry` export.
+
+        Defaults to `false`.
+
+        Equivalent to Docker's `--push` flag.
+        """
+        return pulumi.get(self, "push")
+
+    @push.setter
+    def push(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "push", value)
+
     @property
     @pulumi.getter
     def registries(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['RegistryAuthArgs']]]]:
         """
         Registry credentials. Required if reading or exporting to private
         repositories.
+
+        Credentials are kept in-memory and do not pollute pre-existing
+        credentials on the host.
+
+        Similar to `docker login`.
         """
         return pulumi.get(self, "registries")
 
@@ -269,6 +525,8 @@ class ImageArgs:
 
         Build arguments and environment variables are persistent in the final
         image, so you should use this for sensitive values.
+
+        Similar to Docker's `--secret` flag.
         """
         return pulumi.get(self, "secrets")
 
@@ -276,6 +534,20 @@ class ImageArgs:
     def secrets(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "secrets", value)
 
+    @property
+    @pulumi.getter
+    def ssh(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SSHArgs']]]]:
+        """
+        SSH agent socket or keys to expose to the build.
+
+        Equivalent to Docker's `--ssh` flag.
+        """
+        return pulumi.get(self, "ssh")
+
+    @ssh.setter
+    def ssh(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SSHArgs']]]]):
+        pulumi.set(self, "ssh", value)
+
     @property
     @pulumi.getter
     def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -284,6 +556,8 @@ class ImageArgs:
 
         If exporting to a registry, the name should include the fully qualified
         registry address (e.g. `docker.io/pulumi/pulumi:latest`).
+
+        Equivalent to Docker's `--tag` flag.
         """
         return pulumi.get(self, "tags")
 
@@ -293,17 +567,19 @@ class ImageArgs:
 
     @property
     @pulumi.getter
-    def targets(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    def target(self) -> Optional[pulumi.Input[str]]:
         """
         Set the target build stage(s) to build.
 
         If not specified all targets will be built by default.
+
+        Equivalent to Docker's `--target` flag.
         """
-        return pulumi.get(self, "targets")
+        return pulumi.get(self, "target")
 
-    @targets.setter
-    def targets(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "targets", value)
+    @target.setter
+    def target(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "target", value)
 
 
 class Image(pulumi.CustomResource):
@@ -311,34 +587,174 @@ class Image(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
+                 add_hosts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  build_args: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  build_on_preview: Optional[pulumi.Input[bool]] = None,
                  builder: Optional[pulumi.Input[pulumi.InputType['BuilderConfigArgs']]] = None,
-                 cache_from: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheFromEntryArgs']]]]] = None,
-                 cache_to: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheToEntryArgs']]]]] = None,
+                 cache_from: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheFromArgs']]]]] = None,
+                 cache_to: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheToArgs']]]]] = None,
                  context: Optional[pulumi.Input[pulumi.InputType['BuildContextArgs']]] = None,
                  dockerfile: Optional[pulumi.Input[pulumi.InputType['DockerfileArgs']]] = None,
-                 exports: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ExportEntryArgs']]]]] = None,
+                 exec_: Optional[pulumi.Input[bool]] = None,
+                 exports: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ExportArgs']]]]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 load: Optional[pulumi.Input[bool]] = None,
+                 network: Optional[pulumi.Input['NetworkMode']] = None,
+                 no_cache: Optional[pulumi.Input[bool]] = None,
                  platforms: Optional[pulumi.Input[Sequence[pulumi.Input['Platform']]]] = None,
                  pull: Optional[pulumi.Input[bool]] = None,
+                 push: Optional[pulumi.Input[bool]] = None,
                  registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['RegistryAuthArgs']]]]] = None,
                  secrets: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 ssh: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SSHArgs']]]]] = None,
                  tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 targets: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 target: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
         A Docker image built using buildx -- Docker's interface to the improved
         BuildKit backend.
 
+        ## Stability
+
         **This resource is experimental and subject to change.**
 
         API types are unstable. Subsequent releases _may_ require manual edits
         to your state file(s) in order to adopt API changes.
 
+        `retainOnDelete: true` is recommended with this resource until it is
+        stable. This enables future API changes to be adopted more easily by renaming
+        resources.
+
         Only use this resource if you understand and accept the risks.
 
+        ## Migrating v3 and v4 Image resources
+
+        The `buildx.Image` resource provides a superset of functionality over the `Image` resources available in versions 3 and 4 of the Pulumi Docker provider.
+        Existing `Image` resources can be converted to `build.Image` resources with minor modifications.
+
+        ### Behavioral differences
+
+        There are several key behavioral differences to keep in mind when transitioning images to the new `buildx.Image` resource.
+
+        #### Previews
+
+        Version `3.x` of the Pulumi Docker provider always builds images during preview operations.
+        This is helpful as a safeguard to prevent "broken" images from merging, but users found the behavior unnecessarily redundant when running previews and updates locally.
+
+        Version `4.x` changed build-on-preview behavior to be opt-in.
+        By default, `v4.x` `Image` resources do _not_ build during previews, but this behavior can be toggled with the `buildOnPreview` option.
+        Some users felt this made previews in CI less helpful because they no longer detected bad images by default.
+
+        The default behavior of the `buildx.Image` resource has been changed to strike a better balance between CI use cases and manual updates.
+        By default, Pulumi will now only build `buildx.Image` resources during previews when it detects a CI environment like GitHub Actions.
+        Previews run in non-CI environments will not build images.
+        This behavior is still configurable with `buildOnPreview`.
+
+        #### Push behavior
+
+        Versions `3.x` and `4.x` of the Pulumi Docker provider attempt to push images to remote registries by default.
+        They expose a `skipPush: true` option to disable pushing.
+
+        The `buildx.Image` resource matches the Docker CLI's behavior and does not push images anywhere by default.
+
+        To push images to a registry you can include `push: true` (equivalent to Docker's `--push` flag) or configure an `export` of type `registry` (equivalent to Docker's `--output type=registry`).
+        Like Docker, if an image is configured without exports you will see a warning with instructions for how to enable pushing, but the build will still proceed normally.
+
+        #### Secrets
+
+        Version `3.x` of the Pulumi Docker provider supports secrets by way of the `extraOptions` field.
+
+        Version `4.x` of the Pulumi Docker provider does not support secrets.
+
+        The `buildx.Image` resource supports secrets but does not require those secrets to exist on-disk or in environment variables.
+        Instead, they should be passed directly as values.
+        (Please be sure to familiarize yourself with Pulumi's [native secret handling](https://www.pulumi.com/docs/concepts/secrets/).)
+        Pulumi also provides [ESC](https://www.pulumi.com/product/esc/) to make it easier to share secrets across stacks and environments.
+
+        #### Caching
+
+        Version `3.x` of the Pulumi Docker provider exposes `cacheFrom: bool | { stages: [...] }`.
+        It builds targets individually and pushes them to separate images for caching.
+
+        Version `4.x` exposes a similar parameter `cacheFrom: { images: [...] }` which pushes and pulls inline caches.
+
+        Both versions 3 and 4 require specific environment variables to be set and deviate from Docker's native caching behavior.
+        This can result in inefficient builds due to unnecessary image pulls, repeated file transfers, etc.
+
+        The `buildx.Image` resource delegates all caching behavior to Docker.
+        `cacheFrom` and `cacheTo` options (equivalent to Docker's `--cache-to` and `--cache-from`) are exposed and provide additional cache targets, such as local disk, S3 storage, etc.
+
+        #### Outputs
+
+        Versions `3.x` and `4.x` of the provider exposed a `repoDigest` output which was a fully qualified tag with digest.
+        In `4.x` this could also be a single sha256 hash if the image wasn't pushed.
+
+        Unlike earlier providers the `buildx.Image` resource can push multiple tags.
+        As a convenience, it exposes a `ref` output consisting of a tag with digest as long as the image was pushed.
+        If multiple tags were pushed this uses one at random.
+
+        If you need more control over tag references you can use the `digest` output, which is always a single sha256 hash as long as the image was exported somewhere.
+
+        #### Tag deletion and refreshes
+
+        Versions 3 and 4 of Pulumi Docker provider do not delete tags when the `Image` resource is deleted, nor do they confirm expected tags exist during `refresh` operations.
+
+        The `buidx.Image` will query your registries during `refresh` to ensure the expected tags exist.
+        If any are missing a subsequent `update` will push them.
+
+        When a `buildx.Image` is deleted, it will _attempt_ to also delete any pushed tags.
+        Deletion of remote tags is not guaranteed because not all registries support the manifest `DELETE` API (`docker.io` in particular).
+        Manifests are _not_ deleted in the same way during updates -- to do so safely would require a full build to determine whether a Pulumi operation should be an update or update-replace.
+
+        Use the [`retainOnDelete: true`](https://www.pulumi.com/docs/concepts/options/retainondelete/) option if you do not want tags deleted.
+
+        ### Example migration
+
+        Examples of "fully-featured" `v3` and `v4` `Image` resources are shown below, along with an example `buildx.Image` resource showing how they would look after migration.
+
+        The `v3` resource leverages `buildx` via a `DOCKER_BUILDKIT` environment variable and CLI flags passed in with `extraOption`.
+        After migration, the environment variable is no longer needed and CLI flags are now properties on the `buildx.Image`.
+        In almost all cases, properties of `buildx.Image` are named after the Docker CLI flag they correspond to.
+
+        The `v4` resource is less functional than its `v3` counterpart because it lacks the flexibility of `extraOptions`.
+        It it is shown with parameters similar to the `v3` example for completeness.
+
         ## Example Usage
+
+        ## Example Usage
+        ### Push to AWS ECR with caching
+        ```python
+        import pulumi
+        import pulumi_aws as aws
+        import pulumi_docker as docker
+
+        ecr_repository = aws.ecr.Repository("ecr-repository")
+        auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
+        my_image = docker.buildx.Image("my-image",
+            cache_from=[docker.buildx.CacheFromArgs(
+                registry=docker.buildx.CacheFromRegistryArgs(
+                    ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
+                ),
+            )],
+            cache_to=[docker.buildx.CacheToArgs(
+                registry=docker.buildx.CacheToRegistryArgs(
+                    image_manifest=True,
+                    oci_media_types=True,
+                    ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
+                ),
+            )],
+            context=docker.buildx.BuildContextArgs(
+                location="./app",
+            ),
+            push=True,
+            registries=[docker.buildx.RegistryAuthArgs(
+                address=ecr_repository.repository_url,
+                password=auth_token.password,
+                username=auth_token.user_name,
+            )],
+            tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")])
+        pulumi.export("ref", my_image.ref)
+        ```
         ### Multi-platform image
         ```python
         import pulumi
@@ -348,9 +764,6 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
             platforms=[
                 docker.buildx/image.Platform.PLAN9_AMD64,
                 docker.buildx/image.Platform.PLAN9_386,
@@ -365,19 +778,14 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
-            exports=[docker.buildx.ExportEntryArgs(
-                registry=docker.buildx.ExportRegistryArgs(
-                    oci_media_types=True,
-                ),
-            )],
+            push=True,
             registries=[docker.buildx.RegistryAuthArgs(
                 address="docker.io",
                 password=docker_hub_password,
                 username="pulumibot",
-            )])
+            )],
+            tags=["docker.io/pulumi/pulumi:3.107.0"])
+        pulumi.export("ref", my_image["ref"])
         ```
         ### Caching
         ```python
@@ -385,12 +793,12 @@ class Image(pulumi.CustomResource):
         import pulumi_docker as docker
 
         image = docker.buildx.Image("image",
-            cache_from=[docker.buildx.CacheFromEntryArgs(
+            cache_from=[docker.buildx.CacheFromArgs(
                 local=docker.buildx.CacheFromLocalArgs(
                     src="tmp/cache",
                 ),
             )],
-            cache_to=[docker.buildx.CacheToEntryArgs(
+            cache_to=[docker.buildx.CacheToArgs(
                 local=docker.buildx.CacheToLocalArgs(
                     dest="tmp/cache",
                     mode=docker.buildx/image.CacheMode.MAX,
@@ -398,11 +806,22 @@ class Image(pulumi.CustomResource):
             )],
             context=docker.buildx.BuildContextArgs(
                 location="app",
-            ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
             ))
         ```
+        ### Docker Build Cloud
+        ```python
+        import pulumi
+        import pulumi_docker as docker
+
+        image = docker.buildx.Image("image",
+            builder=docker.buildx.BuilderConfigArgs(
+                name="cloud-builder-name",
+            ),
+            context=docker.buildx.BuildContextArgs(
+                location="app",
+            ),
+            exec_=True)
+        ```
         ### Build arguments
         ```python
         import pulumi
@@ -414,12 +833,9 @@ class Image(pulumi.CustomResource):
             },
             context=docker.buildx.BuildContextArgs(
                 location="app",
-            ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
             ))
         ```
-        ### Build targets
+        ### Build target
         ```python
         import pulumi
         import pulumi_docker as docker
@@ -428,31 +844,21 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
-            targets=[
-                "build-me",
-                "also-build-me",
-            ])
+            target="build-me")
         ```
         ### Named contexts
         ```python
         import pulumi
         import pulumi_docker as docker
 
-        image = docker.buildx.Image("image",
-            context=docker.buildx.BuildContextArgs(
-                location="app",
-                named={
-                    "golang:latest": docker.buildx.ContextArgs(
-                        location="docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
-                    ),
-                },
-            ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ))
+        image = docker.buildx.Image("image", context=docker.buildx.BuildContextArgs(
+            location="app",
+            named={
+                "golang:latest": docker.buildx.ContextArgs(
+                    location="docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+                ),
+            },
+        ))
         ```
         ### Remote context
         ```python
@@ -500,10 +906,7 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
-            exports=[docker.buildx.ExportEntryArgs(
+            exports=[docker.buildx.ExportArgs(
                 docker=docker.buildx.ExportDockerArgs(
                     tar=True,
                 ),
@@ -512,6 +915,9 @@ class Image(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] add_hosts: Custom `host:ip` mappings to use during the build.
+               
+               Equivalent to Docker's `--add-host` flag.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] build_args: `ARG` names and values to set during the build.
                
                These variables are accessed like environment variables inside `RUN`
@@ -519,22 +925,98 @@ class Image(pulumi.CustomResource):
                
                Build arguments are persisted in the image, so you should use `secrets`
                if these arguments are sensitive.
-        :param pulumi.Input[bool] build_on_preview: When `true`, attempt to build the image during previews. The image will
-               not be pushed to registries, however caches will still populated.
+               
+               Equivalent to Docker's `--build-arg` flag.
+        :param pulumi.Input[bool] build_on_preview: By default, preview behavior depends on the execution environment. If
+               Pulumi detects the operation is running on a CI system (GitHub Actions,
+               Travis CI, Azure Pipelines, etc.) then it will build images during
+               previews as a safeguard. Otherwise, if not running on CI, previews will
+               not build images.
+               
+               Setting this to `false` forces previews to never perform builds, and
+               setting it to `true` will always build the image during previews.
+               
+               Images built during previews are never exported to registries, however
+               cache manifests are still exported.
+               
+               On-disk Dockerfiles are always validated for syntactic correctness
+               regardless of this setting.
         :param pulumi.Input[pulumi.InputType['BuilderConfigArgs']] builder: Builder configuration.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheFromEntryArgs']]]] cache_from: External cache configuration.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheToEntryArgs']]]] cache_to: Cache export configuration.
+        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheFromArgs']]]] cache_from: Cache export configuration.
+               
+               Equivalent to Docker's `--cache-from` flag.
+        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheToArgs']]]] cache_to: Cache import configuration.
+               
+               Equivalent to Docker's `--cache-to` flag.
         :param pulumi.Input[pulumi.InputType['BuildContextArgs']] context: Build context settings.
+               
+               Equivalent to Docker's `PATH | URL | -` positional argument.
         :param pulumi.Input[pulumi.InputType['DockerfileArgs']] dockerfile: Dockerfile settings.
-        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ExportEntryArgs']]]] exports: Controls where images are persisted after building.
+               
+               Equivalent to Docker's `--file` flag.
+        :param pulumi.Input[bool] exec_: Use `exec` mode to build this image.
+               
+               By default the provider embeds a v25 Docker client with v0.12 buildx
+               support. This helps ensure consistent behavior across environments and
+               is compatible with alternative build backends (e.g. `buildkitd`), but
+               it may not be desirable if you require a specific version of buildx.
+               For example you may want to run a custom `docker-buildx` binary with
+               support for [Docker Build
+               Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
+               
+               When this is set to `true` the provider will instead execute the
+               `docker-buildx` binary directly to perform its operations. The user is
+               responsible for ensuring this binary exists, with correct permissions
+               and pre-configured builders, at a path Docker expects (e.g.
+               `~/.docker/cli-plugins`).
+               
+               Debugging `exec` mode may be more difficult as Pulumi will not be able
+               to surface fine-grained errors and warnings. Additionally credentials
+               are temporarily written to disk in order to provide them to the
+               `docker-buildx` binary.
+        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ExportArgs']]]] exports: Controls where images are persisted after building.
                
                Images are only stored in the local cache unless `exports` are
                explicitly configured.
+               
+               Exporting to multiple destinations requires a daemon running BuildKit
+               0.13 or later.
+               
+               Equivalent to Docker's `--output` flag.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Attach arbitrary key/value metadata to the image.
-        :param pulumi.Input[Sequence[pulumi.Input['Platform']]] platforms: Set target platform(s) for the build. Defaults to the host's platform
+               
+               Equivalent to Docker's `--label` flag.
+        :param pulumi.Input[bool] load: When `true` the build will automatically include a `docker` export.
+               
+               Defaults to `false`.
+               
+               Equivalent to Docker's `--load` flag.
+        :param pulumi.Input['NetworkMode'] network: Set the network mode for `RUN` instructions. Defaults to `default`.
+               
+               For custom networks, configure your builder with `--driver-opt network=...`.
+               
+               Equivalent to Docker's `--network` flag.
+        :param pulumi.Input[bool] no_cache: Do not import cache manifests when building the image.
+               
+               Equivalent to Docker's `--no-cache` flag.
+        :param pulumi.Input[Sequence[pulumi.Input['Platform']]] platforms: Set target platform(s) for the build. Defaults to the host's platform.
+               
+               Equivalent to Docker's `--platform` flag.
         :param pulumi.Input[bool] pull: Always pull referenced images.
+               
+               Equivalent to Docker's `--pull` flag.
+        :param pulumi.Input[bool] push: When `true` the build will automatically include a `registry` export.
+               
+               Defaults to `false`.
+               
+               Equivalent to Docker's `--push` flag.
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['RegistryAuthArgs']]]] registries: Registry credentials. Required if reading or exporting to private
                repositories.
+               
+               Credentials are kept in-memory and do not pollute pre-existing
+               credentials on the host.
+               
+               Similar to `docker login`.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] secrets: A mapping of secret names to their corresponding values.
                
                Unlike the Docker CLI, these can be passed by value and do not need to
@@ -542,13 +1024,22 @@ class Image(pulumi.CustomResource):
                
                Build arguments and environment variables are persistent in the final
                image, so you should use this for sensitive values.
+               
+               Similar to Docker's `--secret` flag.
+        :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SSHArgs']]]] ssh: SSH agent socket or keys to expose to the build.
+               
+               Equivalent to Docker's `--ssh` flag.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: Name and optionally a tag (format: `name:tag`).
                
                If exporting to a registry, the name should include the fully qualified
                registry address (e.g. `docker.io/pulumi/pulumi:latest`).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] targets: Set the target build stage(s) to build.
+               
+               Equivalent to Docker's `--tag` flag.
+        :param pulumi.Input[str] target: Set the target build stage(s) to build.
                
                If not specified all targets will be built by default.
+               
+               Equivalent to Docker's `--target` flag.
         """
         ...
     @overload
@@ -560,14 +1051,147 @@ class Image(pulumi.CustomResource):
         A Docker image built using buildx -- Docker's interface to the improved
         BuildKit backend.
 
+        ## Stability
+
         **This resource is experimental and subject to change.**
 
         API types are unstable. Subsequent releases _may_ require manual edits
         to your state file(s) in order to adopt API changes.
 
+        `retainOnDelete: true` is recommended with this resource until it is
+        stable. This enables future API changes to be adopted more easily by renaming
+        resources.
+
         Only use this resource if you understand and accept the risks.
 
+        ## Migrating v3 and v4 Image resources
+
+        The `buildx.Image` resource provides a superset of functionality over the `Image` resources available in versions 3 and 4 of the Pulumi Docker provider.
+        Existing `Image` resources can be converted to `build.Image` resources with minor modifications.
+
+        ### Behavioral differences
+
+        There are several key behavioral differences to keep in mind when transitioning images to the new `buildx.Image` resource.
+
+        #### Previews
+
+        Version `3.x` of the Pulumi Docker provider always builds images during preview operations.
+        This is helpful as a safeguard to prevent "broken" images from merging, but users found the behavior unnecessarily redundant when running previews and updates locally.
+
+        Version `4.x` changed build-on-preview behavior to be opt-in.
+        By default, `v4.x` `Image` resources do _not_ build during previews, but this behavior can be toggled with the `buildOnPreview` option.
+        Some users felt this made previews in CI less helpful because they no longer detected bad images by default.
+
+        The default behavior of the `buildx.Image` resource has been changed to strike a better balance between CI use cases and manual updates.
+        By default, Pulumi will now only build `buildx.Image` resources during previews when it detects a CI environment like GitHub Actions.
+        Previews run in non-CI environments will not build images.
+        This behavior is still configurable with `buildOnPreview`.
+
+        #### Push behavior
+
+        Versions `3.x` and `4.x` of the Pulumi Docker provider attempt to push images to remote registries by default.
+        They expose a `skipPush: true` option to disable pushing.
+
+        The `buildx.Image` resource matches the Docker CLI's behavior and does not push images anywhere by default.
+
+        To push images to a registry you can include `push: true` (equivalent to Docker's `--push` flag) or configure an `export` of type `registry` (equivalent to Docker's `--output type=registry`).
+        Like Docker, if an image is configured without exports you will see a warning with instructions for how to enable pushing, but the build will still proceed normally.
+
+        #### Secrets
+
+        Version `3.x` of the Pulumi Docker provider supports secrets by way of the `extraOptions` field.
+
+        Version `4.x` of the Pulumi Docker provider does not support secrets.
+
+        The `buildx.Image` resource supports secrets but does not require those secrets to exist on-disk or in environment variables.
+        Instead, they should be passed directly as values.
+        (Please be sure to familiarize yourself with Pulumi's [native secret handling](https://www.pulumi.com/docs/concepts/secrets/).)
+        Pulumi also provides [ESC](https://www.pulumi.com/product/esc/) to make it easier to share secrets across stacks and environments.
+
+        #### Caching
+
+        Version `3.x` of the Pulumi Docker provider exposes `cacheFrom: bool | { stages: [...] }`.
+        It builds targets individually and pushes them to separate images for caching.
+
+        Version `4.x` exposes a similar parameter `cacheFrom: { images: [...] }` which pushes and pulls inline caches.
+
+        Both versions 3 and 4 require specific environment variables to be set and deviate from Docker's native caching behavior.
+        This can result in inefficient builds due to unnecessary image pulls, repeated file transfers, etc.
+
+        The `buildx.Image` resource delegates all caching behavior to Docker.
+        `cacheFrom` and `cacheTo` options (equivalent to Docker's `--cache-to` and `--cache-from`) are exposed and provide additional cache targets, such as local disk, S3 storage, etc.
+
+        #### Outputs
+
+        Versions `3.x` and `4.x` of the provider exposed a `repoDigest` output which was a fully qualified tag with digest.
+        In `4.x` this could also be a single sha256 hash if the image wasn't pushed.
+
+        Unlike earlier providers the `buildx.Image` resource can push multiple tags.
+        As a convenience, it exposes a `ref` output consisting of a tag with digest as long as the image was pushed.
+        If multiple tags were pushed this uses one at random.
+
+        If you need more control over tag references you can use the `digest` output, which is always a single sha256 hash as long as the image was exported somewhere.
+
+        #### Tag deletion and refreshes
+
+        Versions 3 and 4 of Pulumi Docker provider do not delete tags when the `Image` resource is deleted, nor do they confirm expected tags exist during `refresh` operations.
+
+        The `buidx.Image` will query your registries during `refresh` to ensure the expected tags exist.
+        If any are missing a subsequent `update` will push them.
+
+        When a `buildx.Image` is deleted, it will _attempt_ to also delete any pushed tags.
+        Deletion of remote tags is not guaranteed because not all registries support the manifest `DELETE` API (`docker.io` in particular).
+        Manifests are _not_ deleted in the same way during updates -- to do so safely would require a full build to determine whether a Pulumi operation should be an update or update-replace.
+
+        Use the [`retainOnDelete: true`](https://www.pulumi.com/docs/concepts/options/retainondelete/) option if you do not want tags deleted.
+
+        ### Example migration
+
+        Examples of "fully-featured" `v3` and `v4` `Image` resources are shown below, along with an example `buildx.Image` resource showing how they would look after migration.
+
+        The `v3` resource leverages `buildx` via a `DOCKER_BUILDKIT` environment variable and CLI flags passed in with `extraOption`.
+        After migration, the environment variable is no longer needed and CLI flags are now properties on the `buildx.Image`.
+        In almost all cases, properties of `buildx.Image` are named after the Docker CLI flag they correspond to.
+
+        The `v4` resource is less functional than its `v3` counterpart because it lacks the flexibility of `extraOptions`.
+        It it is shown with parameters similar to the `v3` example for completeness.
+
+        ## Example Usage
+
         ## Example Usage
+        ### Push to AWS ECR with caching
+        ```python
+        import pulumi
+        import pulumi_aws as aws
+        import pulumi_docker as docker
+
+        ecr_repository = aws.ecr.Repository("ecr-repository")
+        auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
+        my_image = docker.buildx.Image("my-image",
+            cache_from=[docker.buildx.CacheFromArgs(
+                registry=docker.buildx.CacheFromRegistryArgs(
+                    ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
+                ),
+            )],
+            cache_to=[docker.buildx.CacheToArgs(
+                registry=docker.buildx.CacheToRegistryArgs(
+                    image_manifest=True,
+                    oci_media_types=True,
+                    ref=ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
+                ),
+            )],
+            context=docker.buildx.BuildContextArgs(
+                location="./app",
+            ),
+            push=True,
+            registries=[docker.buildx.RegistryAuthArgs(
+                address=ecr_repository.repository_url,
+                password=auth_token.password,
+                username=auth_token.user_name,
+            )],
+            tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")])
+        pulumi.export("ref", my_image.ref)
+        ```
         ### Multi-platform image
         ```python
         import pulumi
@@ -577,9 +1201,6 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
             platforms=[
                 docker.buildx/image.Platform.PLAN9_AMD64,
                 docker.buildx/image.Platform.PLAN9_386,
@@ -594,19 +1215,14 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
-            exports=[docker.buildx.ExportEntryArgs(
-                registry=docker.buildx.ExportRegistryArgs(
-                    oci_media_types=True,
-                ),
-            )],
+            push=True,
             registries=[docker.buildx.RegistryAuthArgs(
                 address="docker.io",
                 password=docker_hub_password,
                 username="pulumibot",
-            )])
+            )],
+            tags=["docker.io/pulumi/pulumi:3.107.0"])
+        pulumi.export("ref", my_image["ref"])
         ```
         ### Caching
         ```python
@@ -614,12 +1230,12 @@ class Image(pulumi.CustomResource):
         import pulumi_docker as docker
 
         image = docker.buildx.Image("image",
-            cache_from=[docker.buildx.CacheFromEntryArgs(
+            cache_from=[docker.buildx.CacheFromArgs(
                 local=docker.buildx.CacheFromLocalArgs(
                     src="tmp/cache",
                 ),
             )],
-            cache_to=[docker.buildx.CacheToEntryArgs(
+            cache_to=[docker.buildx.CacheToArgs(
                 local=docker.buildx.CacheToLocalArgs(
                     dest="tmp/cache",
                     mode=docker.buildx/image.CacheMode.MAX,
@@ -627,11 +1243,22 @@ class Image(pulumi.CustomResource):
             )],
             context=docker.buildx.BuildContextArgs(
                 location="app",
-            ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
             ))
         ```
+        ### Docker Build Cloud
+        ```python
+        import pulumi
+        import pulumi_docker as docker
+
+        image = docker.buildx.Image("image",
+            builder=docker.buildx.BuilderConfigArgs(
+                name="cloud-builder-name",
+            ),
+            context=docker.buildx.BuildContextArgs(
+                location="app",
+            ),
+            exec_=True)
+        ```
         ### Build arguments
         ```python
         import pulumi
@@ -643,12 +1270,9 @@ class Image(pulumi.CustomResource):
             },
             context=docker.buildx.BuildContextArgs(
                 location="app",
-            ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
             ))
         ```
-        ### Build targets
+        ### Build target
         ```python
         import pulumi
         import pulumi_docker as docker
@@ -657,31 +1281,21 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
-            targets=[
-                "build-me",
-                "also-build-me",
-            ])
+            target="build-me")
         ```
         ### Named contexts
         ```python
         import pulumi
         import pulumi_docker as docker
 
-        image = docker.buildx.Image("image",
-            context=docker.buildx.BuildContextArgs(
-                location="app",
-                named={
-                    "golang:latest": docker.buildx.ContextArgs(
-                        location="docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
-                    ),
-                },
-            ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ))
+        image = docker.buildx.Image("image", context=docker.buildx.BuildContextArgs(
+            location="app",
+            named={
+                "golang:latest": docker.buildx.ContextArgs(
+                    location="docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
+                ),
+            },
+        ))
         ```
         ### Remote context
         ```python
@@ -729,10 +1343,7 @@ class Image(pulumi.CustomResource):
             context=docker.buildx.BuildContextArgs(
                 location="app",
             ),
-            dockerfile=docker.buildx.DockerfileArgs(
-                location="app/Dockerfile",
-            ),
-            exports=[docker.buildx.ExportEntryArgs(
+            exports=[docker.buildx.ExportArgs(
                 docker=docker.buildx.ExportDockerArgs(
                     tar=True,
                 ),
@@ -754,21 +1365,28 @@ class Image(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
+                 add_hosts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  build_args: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  build_on_preview: Optional[pulumi.Input[bool]] = None,
                  builder: Optional[pulumi.Input[pulumi.InputType['BuilderConfigArgs']]] = None,
-                 cache_from: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheFromEntryArgs']]]]] = None,
-                 cache_to: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheToEntryArgs']]]]] = None,
+                 cache_from: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheFromArgs']]]]] = None,
+                 cache_to: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['CacheToArgs']]]]] = None,
                  context: Optional[pulumi.Input[pulumi.InputType['BuildContextArgs']]] = None,
                  dockerfile: Optional[pulumi.Input[pulumi.InputType['DockerfileArgs']]] = None,
-                 exports: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ExportEntryArgs']]]]] = None,
+                 exec_: Optional[pulumi.Input[bool]] = None,
+                 exports: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['ExportArgs']]]]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 load: Optional[pulumi.Input[bool]] = None,
+                 network: Optional[pulumi.Input['NetworkMode']] = None,
+                 no_cache: Optional[pulumi.Input[bool]] = None,
                  platforms: Optional[pulumi.Input[Sequence[pulumi.Input['Platform']]]] = None,
                  pull: Optional[pulumi.Input[bool]] = None,
+                 push: Optional[pulumi.Input[bool]] = None,
                  registries: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['RegistryAuthArgs']]]]] = None,
                  secrets: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
+                 ssh: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['SSHArgs']]]]] = None,
                  tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 targets: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 target: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -778,6 +1396,7 @@ class Image(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = ImageArgs.__new__(ImageArgs)
 
+            __props__.__dict__["add_hosts"] = add_hosts
             __props__.__dict__["build_args"] = build_args
             __props__.__dict__["build_on_preview"] = build_on_preview
             __props__.__dict__["builder"] = builder
@@ -785,18 +1404,25 @@ class Image(pulumi.CustomResource):
             __props__.__dict__["cache_to"] = cache_to
             __props__.__dict__["context"] = context
             __props__.__dict__["dockerfile"] = dockerfile
+            __props__.__dict__["exec_"] = exec_
             __props__.__dict__["exports"] = exports
             __props__.__dict__["labels"] = labels
+            __props__.__dict__["load"] = load
+            if network is None:
+                network = 'default'
+            __props__.__dict__["network"] = network
+            __props__.__dict__["no_cache"] = no_cache
             __props__.__dict__["platforms"] = platforms
             __props__.__dict__["pull"] = pull
+            __props__.__dict__["push"] = push
             __props__.__dict__["registries"] = registries
-            __props__.__dict__["secrets"] = None if secrets is None else pulumi.Output.secret(secrets)
+            __props__.__dict__["secrets"] = secrets
+            __props__.__dict__["ssh"] = ssh
             __props__.__dict__["tags"] = tags
-            __props__.__dict__["targets"] = targets
+            __props__.__dict__["target"] = target
             __props__.__dict__["context_hash"] = None
-            __props__.__dict__["digests"] = None
-        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["secrets"])
-        opts = pulumi.ResourceOptions.merge(opts, secret_opts)
+            __props__.__dict__["digest"] = None
+            __props__.__dict__["ref"] = None
         super(Image, __self__).__init__(
             'docker:buildx/image:Image',
             resource_name,
@@ -819,6 +1445,7 @@ class Image(pulumi.CustomResource):
 
         __props__ = ImageArgs.__new__(ImageArgs)
 
+        __props__.__dict__["add_hosts"] = None
         __props__.__dict__["build_args"] = None
         __props__.__dict__["build_on_preview"] = None
         __props__.__dict__["builder"] = None
@@ -826,18 +1453,35 @@ class Image(pulumi.CustomResource):
         __props__.__dict__["cache_to"] = None
         __props__.__dict__["context"] = None
         __props__.__dict__["context_hash"] = None
-        __props__.__dict__["digests"] = None
+        __props__.__dict__["digest"] = None
         __props__.__dict__["dockerfile"] = None
+        __props__.__dict__["exec_"] = None
         __props__.__dict__["exports"] = None
         __props__.__dict__["labels"] = None
+        __props__.__dict__["load"] = None
+        __props__.__dict__["network"] = None
+        __props__.__dict__["no_cache"] = None
         __props__.__dict__["platforms"] = None
         __props__.__dict__["pull"] = None
+        __props__.__dict__["push"] = None
+        __props__.__dict__["ref"] = None
         __props__.__dict__["registries"] = None
         __props__.__dict__["secrets"] = None
+        __props__.__dict__["ssh"] = None
         __props__.__dict__["tags"] = None
-        __props__.__dict__["targets"] = None
+        __props__.__dict__["target"] = None
         return Image(resource_name, opts=opts, __props__=__props__)
 
+    @property
+    @pulumi.getter(name="addHosts")
+    def add_hosts(self) -> pulumi.Output[Optional[Sequence[str]]]:
+        """
+        Custom `host:ip` mappings to use during the build.
+
+        Equivalent to Docker's `--add-host` flag.
+        """
+        return pulumi.get(self, "add_hosts")
+
     @property
     @pulumi.getter(name="buildArgs")
     def build_args(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
@@ -849,6 +1493,8 @@ class Image(pulumi.CustomResource):
 
         Build arguments are persisted in the image, so you should use `secrets`
         if these arguments are sensitive.
+
+        Equivalent to Docker's `--build-arg` flag.
         """
         return pulumi.get(self, "build_args")
 
@@ -856,8 +1502,20 @@ class Image(pulumi.CustomResource):
     @pulumi.getter(name="buildOnPreview")
     def build_on_preview(self) -> pulumi.Output[Optional[bool]]:
         """
-        When `true`, attempt to build the image during previews. The image will
-        not be pushed to registries, however caches will still populated.
+        By default, preview behavior depends on the execution environment. If
+        Pulumi detects the operation is running on a CI system (GitHub Actions,
+        Travis CI, Azure Pipelines, etc.) then it will build images during
+        previews as a safeguard. Otherwise, if not running on CI, previews will
+        not build images.
+
+        Setting this to `false` forces previews to never perform builds, and
+        setting it to `true` will always build the image during previews.
+
+        Images built during previews are never exported to registries, however
+        cache manifests are still exported.
+
+        On-disk Dockerfiles are always validated for syntactic correctness
+        regardless of this setting.
         """
         return pulumi.get(self, "build_on_preview")
 
@@ -871,17 +1529,21 @@ class Image(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="cacheFrom")
-    def cache_from(self) -> pulumi.Output[Optional[Sequence['outputs.CacheFromEntry']]]:
+    def cache_from(self) -> pulumi.Output[Optional[Sequence['outputs.CacheFrom']]]:
         """
-        External cache configuration.
+        Cache export configuration.
+
+        Equivalent to Docker's `--cache-from` flag.
         """
         return pulumi.get(self, "cache_from")
 
     @property
     @pulumi.getter(name="cacheTo")
-    def cache_to(self) -> pulumi.Output[Optional[Sequence['outputs.CacheToEntry']]]:
+    def cache_to(self) -> pulumi.Output[Optional[Sequence['outputs.CacheTo']]]:
         """
-        Cache export configuration.
+        Cache import configuration.
+
+        Equivalent to Docker's `--cache-to` flag.
         """
         return pulumi.get(self, "cache_to")
 
@@ -890,12 +1552,14 @@ class Image(pulumi.CustomResource):
     def context(self) -> pulumi.Output[Optional['outputs.BuildContext']]:
         """
         Build context settings.
+
+        Equivalent to Docker's `PATH | URL | -` positional argument.
         """
         return pulumi.get(self, "context")
 
     @property
     @pulumi.getter(name="contextHash")
-    def context_hash(self) -> pulumi.Output[Optional[str]]:
+    def context_hash(self) -> pulumi.Output[str]:
         """
         A preliminary hash of the image's build context.
 
@@ -905,28 +1569,68 @@ class Image(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def digests(self) -> pulumi.Output[Optional[Mapping[str, Sequence[str]]]]:
+    def digest(self) -> pulumi.Output[str]:
         """
-        A mapping of platform type to refs which were pushed to registries.
+        A SHA256 digest of the image if it was exported to a registry or
+        elsewhere.
+
+        Empty if the image was not exported.
+
+        Registry images can be referenced precisely as `<tag>@<digest>`. The
+        `ref` output provides one such reference as a convenience.
         """
-        return pulumi.get(self, "digests")
+        return pulumi.get(self, "digest")
 
     @property
     @pulumi.getter
     def dockerfile(self) -> pulumi.Output[Optional['outputs.Dockerfile']]:
         """
         Dockerfile settings.
+
+        Equivalent to Docker's `--file` flag.
         """
         return pulumi.get(self, "dockerfile")
 
+    @property
+    @pulumi.getter(name="exec")
+    def exec_(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Use `exec` mode to build this image.
+
+        By default the provider embeds a v25 Docker client with v0.12 buildx
+        support. This helps ensure consistent behavior across environments and
+        is compatible with alternative build backends (e.g. `buildkitd`), but
+        it may not be desirable if you require a specific version of buildx.
+        For example you may want to run a custom `docker-buildx` binary with
+        support for [Docker Build
+        Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
+
+        When this is set to `true` the provider will instead execute the
+        `docker-buildx` binary directly to perform its operations. The user is
+        responsible for ensuring this binary exists, with correct permissions
+        and pre-configured builders, at a path Docker expects (e.g.
+        `~/.docker/cli-plugins`).
+
+        Debugging `exec` mode may be more difficult as Pulumi will not be able
+        to surface fine-grained errors and warnings. Additionally credentials
+        are temporarily written to disk in order to provide them to the
+        `docker-buildx` binary.
+        """
+        return pulumi.get(self, "exec_")
+
     @property
     @pulumi.getter
-    def exports(self) -> pulumi.Output[Optional[Sequence['outputs.ExportEntry']]]:
+    def exports(self) -> pulumi.Output[Optional[Sequence['outputs.Export']]]:
         """
         Controls where images are persisted after building.
 
         Images are only stored in the local cache unless `exports` are
         explicitly configured.
+
+        Exporting to multiple destinations requires a daemon running BuildKit
+        0.13 or later.
+
+        Equivalent to Docker's `--output` flag.
         """
         return pulumi.get(self, "exports")
 
@@ -935,14 +1639,52 @@ class Image(pulumi.CustomResource):
     def labels(self) -> pulumi.Output[Optional[Mapping[str, str]]]:
         """
         Attach arbitrary key/value metadata to the image.
+
+        Equivalent to Docker's `--label` flag.
         """
         return pulumi.get(self, "labels")
 
+    @property
+    @pulumi.getter
+    def load(self) -> pulumi.Output[Optional[bool]]:
+        """
+        When `true` the build will automatically include a `docker` export.
+
+        Defaults to `false`.
+
+        Equivalent to Docker's `--load` flag.
+        """
+        return pulumi.get(self, "load")
+
+    @property
+    @pulumi.getter
+    def network(self) -> pulumi.Output[Optional['NetworkMode']]:
+        """
+        Set the network mode for `RUN` instructions. Defaults to `default`.
+
+        For custom networks, configure your builder with `--driver-opt network=...`.
+
+        Equivalent to Docker's `--network` flag.
+        """
+        return pulumi.get(self, "network")
+
+    @property
+    @pulumi.getter(name="noCache")
+    def no_cache(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Do not import cache manifests when building the image.
+
+        Equivalent to Docker's `--no-cache` flag.
+        """
+        return pulumi.get(self, "no_cache")
+
     @property
     @pulumi.getter
     def platforms(self) -> pulumi.Output[Optional[Sequence['Platform']]]:
         """
-        Set target platform(s) for the build. Defaults to the host's platform
+        Set target platform(s) for the build. Defaults to the host's platform.
+
+        Equivalent to Docker's `--platform` flag.
         """
         return pulumi.get(self, "platforms")
 
@@ -951,15 +1693,55 @@ class Image(pulumi.CustomResource):
     def pull(self) -> pulumi.Output[Optional[bool]]:
         """
         Always pull referenced images.
+
+        Equivalent to Docker's `--pull` flag.
         """
         return pulumi.get(self, "pull")
 
+    @property
+    @pulumi.getter
+    def push(self) -> pulumi.Output[Optional[bool]]:
+        """
+        When `true` the build will automatically include a `registry` export.
+
+        Defaults to `false`.
+
+        Equivalent to Docker's `--push` flag.
+        """
+        return pulumi.get(self, "push")
+
+    @property
+    @pulumi.getter
+    def ref(self) -> pulumi.Output[str]:
+        """
+        If the image was pushed to any registries then this will contain a
+        single fully-qualified tag including the build's digest.
+
+        If the image had tags but was not exported, this will take on a value
+        of one of those tags.
+
+        This will be empty if the image had no exports and no tags.
+
+        This is only for convenience and may not be appropriate for situations
+        where multiple tags or registries are involved. In those cases this
+        output is not guaranteed to be stable.
+
+        For more control over tags consumed by downstream resources you should
+        use the `digest` output.
+        """
+        return pulumi.get(self, "ref")
+
     @property
     @pulumi.getter
     def registries(self) -> pulumi.Output[Optional[Sequence['outputs.RegistryAuth']]]:
         """
         Registry credentials. Required if reading or exporting to private
         repositories.
+
+        Credentials are kept in-memory and do not pollute pre-existing
+        credentials on the host.
+
+        Similar to `docker login`.
         """
         return pulumi.get(self, "registries")
 
@@ -974,9 +1756,21 @@ class Image(pulumi.CustomResource):
 
         Build arguments and environment variables are persistent in the final
         image, so you should use this for sensitive values.
+
+        Similar to Docker's `--secret` flag.
         """
         return pulumi.get(self, "secrets")
 
+    @property
+    @pulumi.getter
+    def ssh(self) -> pulumi.Output[Optional[Sequence['outputs.SSH']]]:
+        """
+        SSH agent socket or keys to expose to the build.
+
+        Equivalent to Docker's `--ssh` flag.
+        """
+        return pulumi.get(self, "ssh")
+
     @property
     @pulumi.getter
     def tags(self) -> pulumi.Output[Optional[Sequence[str]]]:
@@ -985,16 +1779,20 @@ class Image(pulumi.CustomResource):
 
         If exporting to a registry, the name should include the fully qualified
         registry address (e.g. `docker.io/pulumi/pulumi:latest`).
+
+        Equivalent to Docker's `--tag` flag.
         """
         return pulumi.get(self, "tags")
 
     @property
     @pulumi.getter
-    def targets(self) -> pulumi.Output[Optional[Sequence[str]]]:
+    def target(self) -> pulumi.Output[Optional[str]]:
         """
         Set the target build stage(s) to build.
 
         If not specified all targets will be built by default.
+
+        Equivalent to Docker's `--target` flag.
         """
-        return pulumi.get(self, "targets")
+        return pulumi.get(self, "target")