pulumi-gcp 7.12.0a1709365001__py3-none-any.whl → 7.13.0a1709814369__py3-none-any.whl

pulumi_gcp/spanner/database_iam_member.py

@@ -38,6 +38,8 @@ class DatabaseIAMMemberArgs:
         :param pulumi.Input[str] role: The role that should be applied. Only one
                `spanner.DatabaseIAMBinding` can be used per role. Note that custom roles must be of the format
                `[projects|organizations]/{parent-name}/roles/{role-name}`.
+        :param pulumi.Input['DatabaseIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+               Structure is documented below.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it
                is not provided, the provider project is used.
         """
@@ -109,6 +111,10 @@ class DatabaseIAMMemberArgs:
     @property
     @pulumi.getter
     def condition(self) -> Optional[pulumi.Input['DatabaseIAMMemberConditionArgs']]:
+        """
+        An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+        Structure is documented below.
+        """
         return pulumi.get(self, "condition")
 
     @condition.setter
@@ -141,6 +147,8 @@ class _DatabaseIAMMemberState:
                  role: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering DatabaseIAMMember resources.
+        :param pulumi.Input['DatabaseIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+               Structure is documented below.
         :param pulumi.Input[str] database: The name of the Spanner database.
         :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy.
         :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to.
@@ -177,6 +185,10 @@ class _DatabaseIAMMemberState:
     @property
     @pulumi.getter
     def condition(self) -> Optional[pulumi.Input['DatabaseIAMMemberConditionArgs']]:
+        """
+        An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+        Structure is documented below.
+        """
         return pulumi.get(self, "condition")
 
     @condition.setter
@@ -307,6 +319,27 @@ class DatabaseIAMMember(pulumi.CustomResource):
             policy_data=admin.policy_data)
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
+            role="roles/editor",
+            members=["user:jane@example.com"],
+            condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ),
+        )])
+        database = gcp.spanner.DatabaseIAMPolicy("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            policy_data=admin.policy_data)
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_binding
 
         ```python
@@ -320,6 +353,24 @@ class DatabaseIAMMember(pulumi.CustomResource):
             members=["user:jane@example.com"])
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMBinding("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            members=["user:jane@example.com"],
+            condition=gcp.spanner.DatabaseIAMBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_member
 
         ```python
@@ -333,6 +384,24 @@ class DatabaseIAMMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMMember("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            member="user:jane@example.com",
+            condition=gcp.spanner.DatabaseIAMMemberConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## Import
 
         ### Importing IAM policies
@@ -361,6 +430,8 @@ class DatabaseIAMMember(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[pulumi.InputType['DatabaseIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+               Structure is documented below.
         :param pulumi.Input[str] database: The name of the Spanner database.
         :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to.
                
@@ -414,6 +485,27 @@ class DatabaseIAMMember(pulumi.CustomResource):
             policy_data=admin.policy_data)
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
+            role="roles/editor",
+            members=["user:jane@example.com"],
+            condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ),
+        )])
+        database = gcp.spanner.DatabaseIAMPolicy("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            policy_data=admin.policy_data)
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_binding
 
         ```python
@@ -427,6 +519,24 @@ class DatabaseIAMMember(pulumi.CustomResource):
             members=["user:jane@example.com"])
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMBinding("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            members=["user:jane@example.com"],
+            condition=gcp.spanner.DatabaseIAMBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_member
 
         ```python
@@ -440,6 +550,24 @@ class DatabaseIAMMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMMember("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            member="user:jane@example.com",
+            condition=gcp.spanner.DatabaseIAMMemberConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## Import
 
         ### Importing IAM policies
@@ -535,6 +663,8 @@ class DatabaseIAMMember(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[pulumi.InputType['DatabaseIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+               Structure is documented below.
         :param pulumi.Input[str] database: The name of the Spanner database.
         :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy.
         :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to.
@@ -569,6 +699,10 @@ class DatabaseIAMMember(pulumi.CustomResource):
     @property
     @pulumi.getter
     def condition(self) -> pulumi.Output[Optional['outputs.DatabaseIAMMemberCondition']]:
+        """
+        An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding.
+        Structure is documented below.
+        """
         return pulumi.get(self, "condition")
 
     @property

pulumi_gcp/spanner/database_iam_policy.py

@@ -252,6 +252,27 @@ class DatabaseIAMPolicy(pulumi.CustomResource):
             policy_data=admin.policy_data)
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
+            role="roles/editor",
+            members=["user:jane@example.com"],
+            condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ),
+        )])
+        database = gcp.spanner.DatabaseIAMPolicy("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            policy_data=admin.policy_data)
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_binding
 
         ```python
@@ -265,6 +286,24 @@ class DatabaseIAMPolicy(pulumi.CustomResource):
             members=["user:jane@example.com"])
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMBinding("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            members=["user:jane@example.com"],
+            condition=gcp.spanner.DatabaseIAMBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_member
 
         ```python
@@ -278,6 +317,24 @@ class DatabaseIAMPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMMember("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            member="user:jane@example.com",
+            condition=gcp.spanner.DatabaseIAMMemberConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## Import
 
         ### Importing IAM policies
@@ -358,6 +415,27 @@ class DatabaseIAMPolicy(pulumi.CustomResource):
             policy_data=admin.policy_data)
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(
+            role="roles/editor",
+            members=["user:jane@example.com"],
+            condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ),
+        )])
+        database = gcp.spanner.DatabaseIAMPolicy("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            policy_data=admin.policy_data)
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_binding
 
         ```python
@@ -371,6 +449,24 @@ class DatabaseIAMPolicy(pulumi.CustomResource):
             members=["user:jane@example.com"])
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMBinding("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            members=["user:jane@example.com"],
+            condition=gcp.spanner.DatabaseIAMBindingConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## google\\_spanner\\_database\\_iam\\_member
 
         ```python
@@ -384,6 +480,24 @@ class DatabaseIAMPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        database = gcp.spanner.DatabaseIAMMember("database",
+            instance="your-instance-name",
+            database="your-database-name",
+            role="roles/compute.networkUser",
+            member="user:jane@example.com",
+            condition=gcp.spanner.DatabaseIAMMemberConditionArgs(
+                title="My Role",
+                description="Grant permissions on my_role",
+                expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))",
+            ))
+        ```
+
         ## Import
 
         ### Importing IAM policies

pulumi_gcp/spanner/outputs.py

@@ -67,6 +67,10 @@ class DatabaseIAMBindingCondition(dict):
                  expression: str,
                  title: str,
                  description: Optional[str] = None):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax.
+        :param str title: A title for the expression, i.e. a short string describing its purpose.
+        """
         pulumi.set(__self__, "expression", expression)
         pulumi.set(__self__, "title", title)
         if description is not None:
@@ -75,11 +79,17 @@ class DatabaseIAMBindingCondition(dict):
     @property
     @pulumi.getter
     def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
         return pulumi.get(self, "expression")
 
     @property
     @pulumi.getter
     def title(self) -> str:
+        """
+        A title for the expression, i.e. a short string describing its purpose.
+        """
         return pulumi.get(self, "title")
 
     @property
@@ -94,6 +104,10 @@ class DatabaseIAMMemberCondition(dict):
                  expression: str,
                  title: str,
                  description: Optional[str] = None):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax.
+        :param str title: A title for the expression, i.e. a short string describing its purpose.
+        """
         pulumi.set(__self__, "expression", expression)
         pulumi.set(__self__, "title", title)
         if description is not None:
@@ -102,11 +116,17 @@ class DatabaseIAMMemberCondition(dict):
     @property
     @pulumi.getter
     def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
         return pulumi.get(self, "expression")
 
     @property
     @pulumi.getter
     def title(self) -> str:
+        """
+        A title for the expression, i.e. a short string describing its purpose.
+        """
         return pulumi.get(self, "title")
 
     @property

pulumi_gcp/workbench/_inputs.py

@@ -13,9 +13,11 @@ __all__ = [
     'InstanceGceSetupArgs',
     'InstanceGceSetupAcceleratorConfigArgs',
     'InstanceGceSetupBootDiskArgs',
+    'InstanceGceSetupContainerImageArgs',
     'InstanceGceSetupDataDisksArgs',
     'InstanceGceSetupNetworkInterfaceArgs',
     'InstanceGceSetupServiceAccountArgs',
+    'InstanceGceSetupShieldedInstanceConfigArgs',
     'InstanceGceSetupVmImageArgs',
     'InstanceHealthInfoArgs',
     'InstanceIamBindingConditionArgs',
@@ -28,6 +30,7 @@ class InstanceGceSetupArgs:
     def __init__(__self__, *,
                  accelerator_configs: Optional[pulumi.Input[Sequence[pulumi.Input['InstanceGceSetupAcceleratorConfigArgs']]]] = None,
                  boot_disk: Optional[pulumi.Input['InstanceGceSetupBootDiskArgs']] = None,
+                 container_image: Optional[pulumi.Input['InstanceGceSetupContainerImageArgs']] = None,
                  data_disks: Optional[pulumi.Input['InstanceGceSetupDataDisksArgs']] = None,
                  disable_public_ip: Optional[pulumi.Input[bool]] = None,
                  enable_ip_forwarding: Optional[pulumi.Input[bool]] = None,
@@ -35,6 +38,7 @@ class InstanceGceSetupArgs:
                  metadata: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  network_interfaces: Optional[pulumi.Input[Sequence[pulumi.Input['InstanceGceSetupNetworkInterfaceArgs']]]] = None,
                  service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input['InstanceGceSetupServiceAccountArgs']]]] = None,
+                 shielded_instance_config: Optional[pulumi.Input['InstanceGceSetupShieldedInstanceConfigArgs']] = None,
                  tags: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  vm_image: Optional[pulumi.Input['InstanceGceSetupVmImageArgs']] = None):
         """
@@ -44,6 +48,8 @@ class InstanceGceSetupArgs:
                Structure is documented below.
         :param pulumi.Input['InstanceGceSetupBootDiskArgs'] boot_disk: The definition of a boot disk.
                Structure is documented below.
+        :param pulumi.Input['InstanceGceSetupContainerImageArgs'] container_image: Use a container image to start the workbench instance.
+               Structure is documented below.
         :param pulumi.Input['InstanceGceSetupDataDisksArgs'] data_disks: Data disks attached to the VM instance. Currently supports only one data disk.
                Structure is documented below.
         :param pulumi.Input[bool] disable_public_ip: Optional. If true, no external IP will be assigned to this VM instance.
@@ -55,6 +61,10 @@ class InstanceGceSetupArgs:
                Structure is documented below.
         :param pulumi.Input[Sequence[pulumi.Input['InstanceGceSetupServiceAccountArgs']]] service_accounts: The service account that serves as an identity for the VM instance. Currently supports only one service account.
                Structure is documented below.
+        :param pulumi.Input['InstanceGceSetupShieldedInstanceConfigArgs'] shielded_instance_config: A set of Shielded Instance options. See [Images using supported Shielded
+               VM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).
+               Not all combinations are valid.
+               Structure is documented below.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] tags: Optional. The Compute Engine tags to add to instance (see [Tagging
                instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).
         :param pulumi.Input['InstanceGceSetupVmImageArgs'] vm_image: Definition of a custom Compute Engine virtual machine image for starting
@@ -65,6 +75,8 @@ class InstanceGceSetupArgs:
             pulumi.set(__self__, "accelerator_configs", accelerator_configs)
         if boot_disk is not None:
             pulumi.set(__self__, "boot_disk", boot_disk)
+        if container_image is not None:
+            pulumi.set(__self__, "container_image", container_image)
         if data_disks is not None:
             pulumi.set(__self__, "data_disks", data_disks)
         if disable_public_ip is not None:
@@ -79,6 +91,8 @@ class InstanceGceSetupArgs:
             pulumi.set(__self__, "network_interfaces", network_interfaces)
         if service_accounts is not None:
             pulumi.set(__self__, "service_accounts", service_accounts)
+        if shielded_instance_config is not None:
+            pulumi.set(__self__, "shielded_instance_config", shielded_instance_config)
         if tags is not None:
             pulumi.set(__self__, "tags", tags)
         if vm_image is not None:
@@ -112,6 +126,19 @@ class InstanceGceSetupArgs:
     def boot_disk(self, value: Optional[pulumi.Input['InstanceGceSetupBootDiskArgs']]):
         pulumi.set(self, "boot_disk", value)
 
+    @property
+    @pulumi.getter(name="containerImage")
+    def container_image(self) -> Optional[pulumi.Input['InstanceGceSetupContainerImageArgs']]:
+        """
+        Use a container image to start the workbench instance.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "container_image")
+
+    @container_image.setter
+    def container_image(self, value: Optional[pulumi.Input['InstanceGceSetupContainerImageArgs']]):
+        pulumi.set(self, "container_image", value)
+
     @property
     @pulumi.getter(name="dataDisks")
     def data_disks(self) -> Optional[pulumi.Input['InstanceGceSetupDataDisksArgs']]:
@@ -200,6 +227,21 @@ class InstanceGceSetupArgs:
     def service_accounts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['InstanceGceSetupServiceAccountArgs']]]]):
         pulumi.set(self, "service_accounts", value)
 
+    @property
+    @pulumi.getter(name="shieldedInstanceConfig")
+    def shielded_instance_config(self) -> Optional[pulumi.Input['InstanceGceSetupShieldedInstanceConfigArgs']]:
+        """
+        A set of Shielded Instance options. See [Images using supported Shielded
+        VM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).
+        Not all combinations are valid.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "shielded_instance_config")
+
+    @shielded_instance_config.setter
+    def shielded_instance_config(self, value: Optional[pulumi.Input['InstanceGceSetupShieldedInstanceConfigArgs']]):
+        pulumi.set(self, "shielded_instance_config", value)
+
     @property
     @pulumi.getter
     def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
@@ -354,6 +396,46 @@ class InstanceGceSetupBootDiskArgs:
         pulumi.set(self, "kms_key", value)
 
 
+@pulumi.input_type
+class InstanceGceSetupContainerImageArgs:
+    def __init__(__self__, *,
+                 repository: pulumi.Input[str],
+                 tag: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] repository: The path to the container image repository.
+               For example: gcr.io/{project_id}/{imageName}
+        :param pulumi.Input[str] tag: The tag of the container image. If not specified, this defaults to the latest tag.
+        """
+        pulumi.set(__self__, "repository", repository)
+        if tag is not None:
+            pulumi.set(__self__, "tag", tag)
+
+    @property
+    @pulumi.getter
+    def repository(self) -> pulumi.Input[str]:
+        """
+        The path to the container image repository.
+        For example: gcr.io/{project_id}/{imageName}
+        """
+        return pulumi.get(self, "repository")
+
+    @repository.setter
+    def repository(self, value: pulumi.Input[str]):
+        pulumi.set(self, "repository", value)
+
+    @property
+    @pulumi.getter
+    def tag(self) -> Optional[pulumi.Input[str]]:
+        """
+        The tag of the container image. If not specified, this defaults to the latest tag.
+        """
+        return pulumi.get(self, "tag")
+
+    @tag.setter
+    def tag(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "tag", value)
+
+
 @pulumi.input_type
 class InstanceGceSetupDataDisksArgs:
     def __init__(__self__, *,
@@ -541,6 +623,77 @@ class InstanceGceSetupServiceAccountArgs:
         pulumi.set(self, "scopes", value)
 
 
+@pulumi.input_type
+class InstanceGceSetupShieldedInstanceConfigArgs:
+    def __init__(__self__, *,
+                 enable_integrity_monitoring: Optional[pulumi.Input[bool]] = None,
+                 enable_secure_boot: Optional[pulumi.Input[bool]] = None,
+                 enable_vtpm: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[bool] enable_integrity_monitoring: Optional. Defines whether the VM instance has integrity monitoring
+               enabled. Enables monitoring and attestation of the boot integrity of the VM
+               instance. The attestation is performed against the integrity policy baseline.
+               This baseline is initially derived from the implicitly trusted boot image
+               when the VM instance is created. Enabled by default.
+        :param pulumi.Input[bool] enable_secure_boot: Optional. Defines whether the VM instance has Secure Boot enabled.
+               Secure Boot helps ensure that the system only runs authentic software by verifying
+               the digital signature of all boot components, and halting the boot process
+               if signature verification fails. Disabled by default.
+        :param pulumi.Input[bool] enable_vtpm: Optional. Defines whether the VM instance has the vTPM enabled.
+               Enabled by default.
+        """
+        if enable_integrity_monitoring is not None:
+            pulumi.set(__self__, "enable_integrity_monitoring", enable_integrity_monitoring)
+        if enable_secure_boot is not None:
+            pulumi.set(__self__, "enable_secure_boot", enable_secure_boot)
+        if enable_vtpm is not None:
+            pulumi.set(__self__, "enable_vtpm", enable_vtpm)
+
+    @property
+    @pulumi.getter(name="enableIntegrityMonitoring")
+    def enable_integrity_monitoring(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Optional. Defines whether the VM instance has integrity monitoring
+        enabled. Enables monitoring and attestation of the boot integrity of the VM
+        instance. The attestation is performed against the integrity policy baseline.
+        This baseline is initially derived from the implicitly trusted boot image
+        when the VM instance is created. Enabled by default.
+        """
+        return pulumi.get(self, "enable_integrity_monitoring")
+
+    @enable_integrity_monitoring.setter
+    def enable_integrity_monitoring(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enable_integrity_monitoring", value)
+
+    @property
+    @pulumi.getter(name="enableSecureBoot")
+    def enable_secure_boot(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Optional. Defines whether the VM instance has Secure Boot enabled.
+        Secure Boot helps ensure that the system only runs authentic software by verifying
+        the digital signature of all boot components, and halting the boot process
+        if signature verification fails. Disabled by default.
+        """
+        return pulumi.get(self, "enable_secure_boot")
+
+    @enable_secure_boot.setter
+    def enable_secure_boot(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enable_secure_boot", value)
+
+    @property
+    @pulumi.getter(name="enableVtpm")
+    def enable_vtpm(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Optional. Defines whether the VM instance has the vTPM enabled.
+        Enabled by default.
+        """
+        return pulumi.get(self, "enable_vtpm")
+
+    @enable_vtpm.setter
+    def enable_vtpm(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enable_vtpm", value)
+
+
 @pulumi.input_type
 class InstanceGceSetupVmImageArgs:
     def __init__(__self__, *,
@@ -698,7 +851,8 @@ class InstanceUpgradeHistoryArgs:
                  vm_image: Optional[pulumi.Input[str]] = None):
         """
         :param pulumi.Input[str] action: Optional. Action. Rolloback or Upgrade.
-        :param pulumi.Input[str] container_image: Optional. The container image before this instance upgrade.
+        :param pulumi.Input[str] container_image: Use a container image to start the workbench instance.
+               Structure is documented below.
         :param pulumi.Input[str] create_time: An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.
                The milliseconds portion (".SSS") is optional.
         :param pulumi.Input[str] framework: Optional. The framework of this workbench instance.
@@ -746,7 +900,8 @@ class InstanceUpgradeHistoryArgs:
     @pulumi.getter(name="containerImage")
     def container_image(self) -> Optional[pulumi.Input[str]]:
         """
-        Optional. The container image before this instance upgrade.
+        Use a container image to start the workbench instance.
+        Structure is documented below.
         """
         return pulumi.get(self, "container_image")