pulumi-gcp 7.20.0a1713984378__py3-none-any.whl → 7.21.0__py3-none-any.whl

pulumi_gcp/bigquerydatapolicy/data_policy.py

@@ -301,6 +301,45 @@ class DataPolicy(pulumi.CustomResource):
             policy_tag=policy_tag.name,
             data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")
         ```
+        ### Bigquery Datapolicy Data Policy Routine
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
+            region="us-central1",
+            display_name="taxonomy",
+            description="A collection of policy tags",
+            activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
+        policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
+            taxonomy=taxonomy.id,
+            display_name="Low security",
+            description="A policy tag normally associated with low security items")
+        test = gcp.bigquery.Dataset("test",
+            dataset_id="dataset_id",
+            location="us-central1")
+        custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
+            dataset_id=test.dataset_id,
+            routine_id="custom_masking_routine",
+            routine_type="SCALAR_FUNCTION",
+            language="SQL",
+            data_governance_type="DATA_MASKING",
+            definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
+            return_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            arguments=[gcp.bigquery.RoutineArgumentArgs(
+                name="ssn",
+                data_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            )])
+        data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
+            location="us-central1",
+            data_policy_id="data_policy",
+            policy_tag=policy_tag.name,
+            data_policy_type="DATA_MASKING_POLICY",
+            data_masking_policy=gcp.bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs(
+                routine=custom_masking_routine.id,
+            ))
+        ```
 
         ## Import
 
@@ -379,6 +418,45 @@ class DataPolicy(pulumi.CustomResource):
             policy_tag=policy_tag.name,
             data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")
         ```
+        ### Bigquery Datapolicy Data Policy Routine
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
+            region="us-central1",
+            display_name="taxonomy",
+            description="A collection of policy tags",
+            activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
+        policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
+            taxonomy=taxonomy.id,
+            display_name="Low security",
+            description="A policy tag normally associated with low security items")
+        test = gcp.bigquery.Dataset("test",
+            dataset_id="dataset_id",
+            location="us-central1")
+        custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
+            dataset_id=test.dataset_id,
+            routine_id="custom_masking_routine",
+            routine_type="SCALAR_FUNCTION",
+            language="SQL",
+            data_governance_type="DATA_MASKING",
+            definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
+            return_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            arguments=[gcp.bigquery.RoutineArgumentArgs(
+                name="ssn",
+                data_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            )])
+        data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
+            location="us-central1",
+            data_policy_id="data_policy",
+            policy_tag=policy_tag.name,
+            data_policy_type="DATA_MASKING_POLICY",
+            data_masking_policy=gcp.bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs(
+                routine=custom_masking_routine.id,
+            ))
+        ```
 
         ## Import
 

pulumi_gcp/bigquerydatapolicy/outputs.py

@@ -35,22 +35,35 @@ class DataPolicyDataMaskingPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 predefined_expression: str):
+                 predefined_expression: Optional[str] = None,
+                 routine: Optional[str] = None):
         """
         :param str predefined_expression: The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
                Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
+        :param str routine: The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
         """
-        pulumi.set(__self__, "predefined_expression", predefined_expression)
+        if predefined_expression is not None:
+            pulumi.set(__self__, "predefined_expression", predefined_expression)
+        if routine is not None:
+            pulumi.set(__self__, "routine", routine)
 
     @property
     @pulumi.getter(name="predefinedExpression")
-    def predefined_expression(self) -> str:
+    def predefined_expression(self) -> Optional[str]:
         """
         The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
         Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
         """
         return pulumi.get(self, "predefined_expression")
 
+    @property
+    @pulumi.getter
+    def routine(self) -> Optional[str]:
+        """
+        The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
+        """
+        return pulumi.get(self, "routine")
+
 
 @pulumi.output_type
 class DataPolicyIamBindingCondition(dict):

pulumi_gcp/billing/budget.py

@@ -21,6 +21,7 @@ class BudgetArgs:
                  all_updates_rule: Optional[pulumi.Input['BudgetAllUpdatesRuleArgs']] = None,
                  budget_filter: Optional[pulumi.Input['BudgetBudgetFilterArgs']] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
+                 ownership_scope: Optional[pulumi.Input[str]] = None,
                  threshold_rules: Optional[pulumi.Input[Sequence[pulumi.Input['BudgetThresholdRuleArgs']]]] = None):
         """
         The set of arguments for constructing a Budget resource.
@@ -31,6 +32,8 @@ class BudgetArgs:
                using threshold rules.
         :param pulumi.Input['BudgetBudgetFilterArgs'] budget_filter: Filters that define which resources are used to compute the actual spend against the budget.
         :param pulumi.Input[str] display_name: User data for display name in UI. Must be <= 60 chars.
+        :param pulumi.Input[str] ownership_scope: The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+               budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
         :param pulumi.Input[Sequence[pulumi.Input['BudgetThresholdRuleArgs']]] threshold_rules: Rules that trigger alerts (notifications of thresholds being crossed) when spend exceeds the specified percentages of
                the budget.
         """
@@ -42,6 +45,8 @@ class BudgetArgs:
             pulumi.set(__self__, "budget_filter", budget_filter)
         if display_name is not None:
             pulumi.set(__self__, "display_name", display_name)
+        if ownership_scope is not None:
+            pulumi.set(__self__, "ownership_scope", ownership_scope)
         if threshold_rules is not None:
             pulumi.set(__self__, "threshold_rules", threshold_rules)
 
@@ -107,6 +112,19 @@ class BudgetArgs:
     def display_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "display_name", value)
 
+    @property
+    @pulumi.getter(name="ownershipScope")
+    def ownership_scope(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+        budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
+        """
+        return pulumi.get(self, "ownership_scope")
+
+    @ownership_scope.setter
+    def ownership_scope(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "ownership_scope", value)
+
     @property
     @pulumi.getter(name="thresholdRules")
     def threshold_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['BudgetThresholdRuleArgs']]]]:
@@ -130,6 +148,7 @@ class _BudgetState:
                  budget_filter: Optional[pulumi.Input['BudgetBudgetFilterArgs']] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
                  name: Optional[pulumi.Input[str]] = None,
+                 ownership_scope: Optional[pulumi.Input[str]] = None,
                  threshold_rules: Optional[pulumi.Input[Sequence[pulumi.Input['BudgetThresholdRuleArgs']]]] = None):
         """
         Input properties used for looking up and filtering Budget resources.
@@ -143,6 +162,8 @@ class _BudgetState:
         :param pulumi.Input[str] name: Resource name of the budget. The resource name
                implies the scope of a budget. Values are of the form
                billingAccounts/{billingAccountId}/budgets/{budgetId}.
+        :param pulumi.Input[str] ownership_scope: The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+               budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
         :param pulumi.Input[Sequence[pulumi.Input['BudgetThresholdRuleArgs']]] threshold_rules: Rules that trigger alerts (notifications of thresholds being crossed) when spend exceeds the specified percentages of
                the budget.
         """
@@ -158,6 +179,8 @@ class _BudgetState:
             pulumi.set(__self__, "display_name", display_name)
         if name is not None:
             pulumi.set(__self__, "name", name)
+        if ownership_scope is not None:
+            pulumi.set(__self__, "ownership_scope", ownership_scope)
         if threshold_rules is not None:
             pulumi.set(__self__, "threshold_rules", threshold_rules)
 
@@ -237,6 +260,19 @@ class _BudgetState:
     def name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "name", value)
 
+    @property
+    @pulumi.getter(name="ownershipScope")
+    def ownership_scope(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+        budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
+        """
+        return pulumi.get(self, "ownership_scope")
+
+    @ownership_scope.setter
+    def ownership_scope(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "ownership_scope", value)
+
     @property
     @pulumi.getter(name="thresholdRules")
     def threshold_rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['BudgetThresholdRuleArgs']]]]:
@@ -261,6 +297,7 @@ class Budget(pulumi.CustomResource):
                  billing_account: Optional[pulumi.Input[str]] = None,
                  budget_filter: Optional[pulumi.Input[pulumi.InputType['BudgetBudgetFilterArgs']]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
+                 ownership_scope: Optional[pulumi.Input[str]] = None,
                  threshold_rules: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BudgetThresholdRuleArgs']]]]] = None,
                  __props__=None):
         """
@@ -475,6 +512,8 @@ class Budget(pulumi.CustomResource):
         :param pulumi.Input[str] billing_account: ID of the billing account to set a budget on.
         :param pulumi.Input[pulumi.InputType['BudgetBudgetFilterArgs']] budget_filter: Filters that define which resources are used to compute the actual spend against the budget.
         :param pulumi.Input[str] display_name: User data for display name in UI. Must be <= 60 chars.
+        :param pulumi.Input[str] ownership_scope: The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+               budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BudgetThresholdRuleArgs']]]] threshold_rules: Rules that trigger alerts (notifications of thresholds being crossed) when spend exceeds the specified percentages of
                the budget.
         """
@@ -707,6 +746,7 @@ class Budget(pulumi.CustomResource):
                  billing_account: Optional[pulumi.Input[str]] = None,
                  budget_filter: Optional[pulumi.Input[pulumi.InputType['BudgetBudgetFilterArgs']]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
+                 ownership_scope: Optional[pulumi.Input[str]] = None,
                  threshold_rules: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BudgetThresholdRuleArgs']]]]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -726,6 +766,7 @@ class Budget(pulumi.CustomResource):
             __props__.__dict__["billing_account"] = billing_account
             __props__.__dict__["budget_filter"] = budget_filter
             __props__.__dict__["display_name"] = display_name
+            __props__.__dict__["ownership_scope"] = ownership_scope
             __props__.__dict__["threshold_rules"] = threshold_rules
             __props__.__dict__["name"] = None
         super(Budget, __self__).__init__(
@@ -744,6 +785,7 @@ class Budget(pulumi.CustomResource):
             budget_filter: Optional[pulumi.Input[pulumi.InputType['BudgetBudgetFilterArgs']]] = None,
             display_name: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
+            ownership_scope: Optional[pulumi.Input[str]] = None,
             threshold_rules: Optional[pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BudgetThresholdRuleArgs']]]]] = None) -> 'Budget':
         """
         Get an existing Budget resource's state with the given name, id, and optional extra
@@ -762,6 +804,8 @@ class Budget(pulumi.CustomResource):
         :param pulumi.Input[str] name: Resource name of the budget. The resource name
                implies the scope of a budget. Values are of the form
                billingAccounts/{billingAccountId}/budgets/{budgetId}.
+        :param pulumi.Input[str] ownership_scope: The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+               budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
         :param pulumi.Input[Sequence[pulumi.Input[pulumi.InputType['BudgetThresholdRuleArgs']]]] threshold_rules: Rules that trigger alerts (notifications of thresholds being crossed) when spend exceeds the specified percentages of
                the budget.
         """
@@ -775,6 +819,7 @@ class Budget(pulumi.CustomResource):
         __props__.__dict__["budget_filter"] = budget_filter
         __props__.__dict__["display_name"] = display_name
         __props__.__dict__["name"] = name
+        __props__.__dict__["ownership_scope"] = ownership_scope
         __props__.__dict__["threshold_rules"] = threshold_rules
         return Budget(resource_name, opts=opts, __props__=__props__)
 
@@ -830,6 +875,15 @@ class Budget(pulumi.CustomResource):
         """
         return pulumi.get(self, "name")
 
+    @property
+    @pulumi.getter(name="ownershipScope")
+    def ownership_scope(self) -> pulumi.Output[Optional[str]]:
+        """
+        The ownership scope of the budget. The ownership scope and users' IAM permissions determine who has full access to the
+        budget's data. Possible values: ["OWNERSHIP_SCOPE_UNSPECIFIED", "ALL_USERS", "BILLING_ACCOUNT"]
+        """
+        return pulumi.get(self, "ownership_scope")
+
     @property
     @pulumi.getter(name="thresholdRules")
     def threshold_rules(self) -> pulumi.Output[Optional[Sequence['outputs.BudgetThresholdRule']]]:

pulumi_gcp/certificateauthority/_inputs.py

@@ -15,6 +15,7 @@ __all__ = [
     'AuthorityConfigSubjectConfigArgs',
     'AuthorityConfigSubjectConfigSubjectArgs',
     'AuthorityConfigSubjectConfigSubjectAltNameArgs',
+    'AuthorityConfigSubjectKeyIdArgs',
     'AuthorityConfigX509ConfigArgs',
     'AuthorityConfigX509ConfigAdditionalExtensionArgs',
     'AuthorityConfigX509ConfigAdditionalExtensionObjectIdArgs',
@@ -73,6 +74,7 @@ __all__ = [
     'CertificateConfigSubjectConfigArgs',
     'CertificateConfigSubjectConfigSubjectArgs',
     'CertificateConfigSubjectConfigSubjectAltNameArgs',
+    'CertificateConfigSubjectKeyIdArgs',
     'CertificateConfigX509ConfigArgs',
     'CertificateConfigX509ConfigAdditionalExtensionArgs',
     'CertificateConfigX509ConfigAdditionalExtensionObjectIdArgs',
@@ -152,18 +154,20 @@ class AuthorityAccessUrlArgs:
 class AuthorityConfigArgs:
     def __init__(__self__, *,
                  subject_config: pulumi.Input['AuthorityConfigSubjectConfigArgs'],
-                 x509_config: pulumi.Input['AuthorityConfigX509ConfigArgs']):
+                 x509_config: pulumi.Input['AuthorityConfigX509ConfigArgs'],
+                 subject_key_id: Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']] = None):
         """
         :param pulumi.Input['AuthorityConfigSubjectConfigArgs'] subject_config: Specifies some of the values in a certificate that are related to the subject.
                Structure is documented below.
-               
-               
-               <a name="nested_x509_config"></a>The `x509_config` block supports:
         :param pulumi.Input['AuthorityConfigX509ConfigArgs'] x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
+        :param pulumi.Input['AuthorityConfigSubjectKeyIdArgs'] subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+               Structure is documented below.
         """
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
+        if subject_key_id is not None:
+            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="subjectConfig")
@@ -171,9 +175,6 @@ class AuthorityConfigArgs:
         """
         Specifies some of the values in a certificate that are related to the subject.
         Structure is documented below.
-
-
-        <a name="nested_x509_config"></a>The `x509_config` block supports:
         """
         return pulumi.get(self, "subject_config")
 
@@ -194,6 +195,19 @@ class AuthorityConfigArgs:
     def x509_config(self, value: pulumi.Input['AuthorityConfigX509ConfigArgs']):
         pulumi.set(self, "x509_config", value)
 
+    @property
+    @pulumi.getter(name="subjectKeyId")
+    def subject_key_id(self) -> Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']]:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        Structure is documented below.
+        """
+        return pulumi.get(self, "subject_key_id")
+
+    @subject_key_id.setter
+    def subject_key_id(self, value: Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']]):
+        pulumi.set(self, "subject_key_id", value)
+
 
 @pulumi.input_type
 class AuthorityConfigSubjectConfigArgs:
@@ -441,6 +455,33 @@ class AuthorityConfigSubjectConfigSubjectAltNameArgs:
         pulumi.set(self, "uris", value)
 
 
+@pulumi.input_type
+class AuthorityConfigSubjectKeyIdArgs:
+    def __init__(__self__, *,
+                 key_id: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
+               
+               <a name="nested_x509_config"></a>The `x509_config` block supports:
+        """
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+
+        <a name="nested_x509_config"></a>The `x509_config` block supports:
+        """
+        return pulumi.get(self, "key_id")
+
+    @key_id.setter
+    def key_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "key_id", value)
+
+
 @pulumi.input_type
 class AuthorityConfigX509ConfigArgs:
     def __init__(__self__, *,
@@ -3449,8 +3490,7 @@ class CertificateCertificateDescriptionSubjectKeyIdArgs:
     def __init__(__self__, *,
                  key_id: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] key_id: (Output)
-               Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
+        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
         """
         if key_id is not None:
             pulumi.set(__self__, "key_id", key_id)
@@ -3459,8 +3499,7 @@ class CertificateCertificateDescriptionSubjectKeyIdArgs:
     @pulumi.getter(name="keyId")
     def key_id(self) -> Optional[pulumi.Input[str]]:
         """
-        (Output)
-        Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
+        The value of the KeyId in lowercase hexidecimal.
         """
         return pulumi.get(self, "key_id")
 
@@ -4284,7 +4323,8 @@ class CertificateConfigArgs:
     def __init__(__self__, *,
                  public_key: pulumi.Input['CertificateConfigPublicKeyArgs'],
                  subject_config: pulumi.Input['CertificateConfigSubjectConfigArgs'],
-                 x509_config: pulumi.Input['CertificateConfigX509ConfigArgs']):
+                 x509_config: pulumi.Input['CertificateConfigX509ConfigArgs'],
+                 subject_key_id: Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']] = None):
         """
         :param pulumi.Input['CertificateConfigPublicKeyArgs'] public_key: A PublicKey describes a public key.
                Structure is documented below.
@@ -4295,10 +4335,14 @@ class CertificateConfigArgs:
                Structure is documented below.
         :param pulumi.Input['CertificateConfigX509ConfigArgs'] x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
+        :param pulumi.Input['CertificateConfigSubjectKeyIdArgs'] subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+               Structure is documented below.
         """
         pulumi.set(__self__, "public_key", public_key)
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
+        if subject_key_id is not None:
+            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="publicKey")
@@ -4342,6 +4386,19 @@ class CertificateConfigArgs:
     def x509_config(self, value: pulumi.Input['CertificateConfigX509ConfigArgs']):
         pulumi.set(self, "x509_config", value)
 
+    @property
+    @pulumi.getter(name="subjectKeyId")
+    def subject_key_id(self) -> Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']]:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        Structure is documented below.
+        """
+        return pulumi.get(self, "subject_key_id")
+
+    @subject_key_id.setter
+    def subject_key_id(self, value: Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']]):
+        pulumi.set(self, "subject_key_id", value)
+
 
 @pulumi.input_type
 class CertificateConfigPublicKeyArgs:
@@ -4629,6 +4686,29 @@ class CertificateConfigSubjectConfigSubjectAltNameArgs:
         pulumi.set(self, "uris", value)
 
 
+@pulumi.input_type
+class CertificateConfigSubjectKeyIdArgs:
+    def __init__(__self__, *,
+                 key_id: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
+        """
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+        """
+        return pulumi.get(self, "key_id")
+
+    @key_id.setter
+    def key_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "key_id", value)
+
+
 @pulumi.input_type
 class CertificateConfigX509ConfigArgs:
     def __init__(__self__, *,