pulumi-gcp 7.15.0a1711038061__py3-none-any.whl → 7.16.0__py3-none-any.whl

pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py

@@ -166,10 +166,50 @@ class ServicePerimeterEgressPolicy(pulumi.CustomResource):
         perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket
         or query against a BigQuery dataset).
 
+        > **Note:** By default, updates to this resource will remove the EgressPolicy from the
+        from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy
+        is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.
+
         To get more information about ServicePerimeterEgressPolicy, see:
 
         * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy)
 
+        ## Example Usage
+
+        ### Access Context Manager Service Perimeter Egress Policy
+
+        <!--Start PulumiCodeChooser -->
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
+            parent="organizations/123456789",
+            title="Storage Policy")
+        storage_perimeter = gcp.accesscontextmanager.ServicePerimeter("storage-perimeter",
+            parent=access_policy.name.apply(lambda name: f"accesspolicies/{name}"),
+            name=access_policy.name.apply(lambda name: f"accesspolicies/{name}/serviceperimeters/storage-perimeter"),
+            title="Storage Perimeter",
+            status=gcp.accesscontextmanager.ServicePerimeterStatusArgs(
+                restricted_services=["storage.googleapis.com"],
+            ))
+        egress_policy = gcp.accesscontextmanager.ServicePerimeterEgressPolicy("egress_policy",
+            perimeter=storage_perimeter.name,
+            egress_from=gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressFromArgs(
+                identity_type="ANY_IDENTITY",
+            ),
+            egress_to=gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressToArgs(
+                resources=["*"],
+                operations=[gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressToOperationArgs(
+                    service_name="bigquery.googleapis.com",
+                    method_selectors=[gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressToOperationMethodSelectorArgs(
+                        method="*",
+                    )],
+                )],
+            ))
+        ```
+        <!--End PulumiCodeChooser -->
+
         ## Import
 
         ServicePerimeterEgressPolicy can be imported using any of these accepted formats:
@@ -209,10 +249,50 @@ class ServicePerimeterEgressPolicy(pulumi.CustomResource):
         perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket
         or query against a BigQuery dataset).
 
+        > **Note:** By default, updates to this resource will remove the EgressPolicy from the
+        from the perimeter and add it back in a non-atomic manner. To ensure that the new EgressPolicy
+        is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.
+
         To get more information about ServicePerimeterEgressPolicy, see:
 
         * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#egresspolicy)
 
+        ## Example Usage
+
+        ### Access Context Manager Service Perimeter Egress Policy
+
+        <!--Start PulumiCodeChooser -->
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
+            parent="organizations/123456789",
+            title="Storage Policy")
+        storage_perimeter = gcp.accesscontextmanager.ServicePerimeter("storage-perimeter",
+            parent=access_policy.name.apply(lambda name: f"accesspolicies/{name}"),
+            name=access_policy.name.apply(lambda name: f"accesspolicies/{name}/serviceperimeters/storage-perimeter"),
+            title="Storage Perimeter",
+            status=gcp.accesscontextmanager.ServicePerimeterStatusArgs(
+                restricted_services=["storage.googleapis.com"],
+            ))
+        egress_policy = gcp.accesscontextmanager.ServicePerimeterEgressPolicy("egress_policy",
+            perimeter=storage_perimeter.name,
+            egress_from=gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressFromArgs(
+                identity_type="ANY_IDENTITY",
+            ),
+            egress_to=gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressToArgs(
+                resources=["*"],
+                operations=[gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressToOperationArgs(
+                    service_name="bigquery.googleapis.com",
+                    method_selectors=[gcp.accesscontextmanager.ServicePerimeterEgressPolicyEgressToOperationMethodSelectorArgs(
+                        method="*",
+                    )],
+                )],
+            ))
+        ```
+        <!--End PulumiCodeChooser -->
+
         ## Import
 
         ServicePerimeterEgressPolicy can be imported using any of these accepted formats:

pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py

@@ -171,10 +171,53 @@ class ServicePerimeterIngressPolicy(pulumi.CustomResource):
         Individual ingress policies can be limited by restricting which services and/
         or actions they match using the ingressTo field.
 
+        > **Note:** By default, updates to this resource will remove the IngressPolicy from the
+        from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy
+        is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.
+
         To get more information about ServicePerimeterIngressPolicy, see:
 
         * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy)
 
+        ## Example Usage
+
+        ### Access Context Manager Service Perimeter Ingress Policy
+
+        <!--Start PulumiCodeChooser -->
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
+            parent="organizations/123456789",
+            title="Storage Policy")
+        storage_perimeter = gcp.accesscontextmanager.ServicePerimeter("storage-perimeter",
+            parent=access_policy.name.apply(lambda name: f"accesspolicies/{name}"),
+            name=access_policy.name.apply(lambda name: f"accesspolicies/{name}/serviceperimeters/storage-perimeter"),
+            title="Storage Perimeter",
+            status=gcp.accesscontextmanager.ServicePerimeterStatusArgs(
+                restricted_services=["storage.googleapis.com"],
+            ))
+        ingress_policy = gcp.accesscontextmanager.ServicePerimeterIngressPolicy("ingress_policy",
+            perimeter=storage_perimeter.name,
+            ingress_from=gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressFromArgs(
+                identity_type="any_identity",
+                sources=[gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressFromSourceArgs(
+                    access_level="*",
+                )],
+            ),
+            ingress_to=gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressToArgs(
+                resources=["*"],
+                operations=[gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressToOperationArgs(
+                    service_name="bigquery.googleapis.com",
+                    method_selectors=[gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressToOperationMethodSelectorArgs(
+                        method="*",
+                    )],
+                )],
+            ))
+        ```
+        <!--End PulumiCodeChooser -->
+
         ## Import
 
         ServicePerimeterIngressPolicy can be imported using any of these accepted formats:
@@ -216,10 +259,53 @@ class ServicePerimeterIngressPolicy(pulumi.CustomResource):
         Individual ingress policies can be limited by restricting which services and/
         or actions they match using the ingressTo field.
 
+        > **Note:** By default, updates to this resource will remove the IngressPolicy from the
+        from the perimeter and add it back in a non-atomic manner. To ensure that the new IngressPolicy
+        is added before the old one is removed, add a `lifecycle` block with `create_before_destroy = true` to this resource.
+
         To get more information about ServicePerimeterIngressPolicy, see:
 
         * [API documentation](https://cloud.google.com/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ingresspolicy)
 
+        ## Example Usage
+
+        ### Access Context Manager Service Perimeter Ingress Policy
+
+        <!--Start PulumiCodeChooser -->
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        access_policy = gcp.accesscontextmanager.AccessPolicy("access-policy",
+            parent="organizations/123456789",
+            title="Storage Policy")
+        storage_perimeter = gcp.accesscontextmanager.ServicePerimeter("storage-perimeter",
+            parent=access_policy.name.apply(lambda name: f"accesspolicies/{name}"),
+            name=access_policy.name.apply(lambda name: f"accesspolicies/{name}/serviceperimeters/storage-perimeter"),
+            title="Storage Perimeter",
+            status=gcp.accesscontextmanager.ServicePerimeterStatusArgs(
+                restricted_services=["storage.googleapis.com"],
+            ))
+        ingress_policy = gcp.accesscontextmanager.ServicePerimeterIngressPolicy("ingress_policy",
+            perimeter=storage_perimeter.name,
+            ingress_from=gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressFromArgs(
+                identity_type="any_identity",
+                sources=[gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressFromSourceArgs(
+                    access_level="*",
+                )],
+            ),
+            ingress_to=gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressToArgs(
+                resources=["*"],
+                operations=[gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressToOperationArgs(
+                    service_name="bigquery.googleapis.com",
+                    method_selectors=[gcp.accesscontextmanager.ServicePerimeterIngressPolicyIngressToOperationMethodSelectorArgs(
+                        method="*",
+                    )],
+                )],
+            ))
+        ```
+        <!--End PulumiCodeChooser -->
+
         ## Import
 
         ServicePerimeterIngressPolicy can be imported using any of these accepted formats:

pulumi_gcp/accesscontextmanager/service_perimeter_resource.py

@@ -118,10 +118,11 @@ class ServicePerimeterResource(pulumi.CustomResource):
                  resource: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        Allows configuring a single GCP resource that should be inside of a service perimeter.
+        Allows configuring a single GCP resource that should be inside the `status` block of a service perimeter.
         This resource is intended to be used in cases where it is not possible to compile a full list
         of projects to include in a `accesscontextmanager.ServicePerimeter` resource,
         to enable them to be added separately.
+        If your perimeter is in dry-run mode use `accesscontextmanager.ServicePerimeterDryRunResource` instead.
 
         > **Note:** If this resource is used alongside a `accesscontextmanager.ServicePerimeter` resource,
         the service perimeter resource must have a `lifecycle` block with `ignore_changes = [status[0].resources]` so
@@ -193,10 +194,11 @@ class ServicePerimeterResource(pulumi.CustomResource):
                  args: ServicePerimeterResourceArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        Allows configuring a single GCP resource that should be inside of a service perimeter.
+        Allows configuring a single GCP resource that should be inside the `status` block of a service perimeter.
         This resource is intended to be used in cases where it is not possible to compile a full list
         of projects to include in a `accesscontextmanager.ServicePerimeter` resource,
         to enable them to be added separately.
+        If your perimeter is in dry-run mode use `accesscontextmanager.ServicePerimeterDryRunResource` instead.
 
         > **Note:** If this resource is used alongside a `accesscontextmanager.ServicePerimeter` resource,
         the service perimeter resource must have a `lifecycle` block with `ignore_changes = [status[0].resources]` so

pulumi_gcp/apphub/__init__.py

@@ -0,0 +1,15 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+from .. import _utilities
+import typing
+# Export this package's modules as members:
+from .application import *
+from .get_discovered_service import *
+from .get_discovered_workload import *
+from .service import *
+from .service_project_attachment import *
+from .workload import *
+from ._inputs import *
+from . import outputs