pulumi-gcp 7.20.0a1713986537__py3-none-any.whl → 7.21.0__py3-none-any.whl

pulumi_gcp/bigquerydatapolicy/_inputs.py

@@ -18,16 +18,21 @@ __all__ = [
 @pulumi.input_type
 class DataPolicyDataMaskingPolicyArgs:
     def __init__(__self__, *,
-                 predefined_expression: pulumi.Input[str]):
+                 predefined_expression: Optional[pulumi.Input[str]] = None,
+                 routine: Optional[pulumi.Input[str]] = None):
         """
         :param pulumi.Input[str] predefined_expression: The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
                Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
+        :param pulumi.Input[str] routine: The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
         """
-        pulumi.set(__self__, "predefined_expression", predefined_expression)
+        if predefined_expression is not None:
+            pulumi.set(__self__, "predefined_expression", predefined_expression)
+        if routine is not None:
+            pulumi.set(__self__, "routine", routine)
 
     @property
     @pulumi.getter(name="predefinedExpression")
-    def predefined_expression(self) -> pulumi.Input[str]:
+    def predefined_expression(self) -> Optional[pulumi.Input[str]]:
         """
         The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
         Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
@@ -35,9 +40,21 @@ class DataPolicyDataMaskingPolicyArgs:
         return pulumi.get(self, "predefined_expression")
 
     @predefined_expression.setter
-    def predefined_expression(self, value: pulumi.Input[str]):
+    def predefined_expression(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "predefined_expression", value)
 
+    @property
+    @pulumi.getter
+    def routine(self) -> Optional[pulumi.Input[str]]:
+        """
+        The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
+        """
+        return pulumi.get(self, "routine")
+
+    @routine.setter
+    def routine(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "routine", value)
+
 
 @pulumi.input_type
 class DataPolicyIamBindingConditionArgs:

pulumi_gcp/bigquerydatapolicy/data_policy.py

@@ -301,6 +301,45 @@ class DataPolicy(pulumi.CustomResource):
             policy_tag=policy_tag.name,
             data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")
         ```
+        ### Bigquery Datapolicy Data Policy Routine
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
+            region="us-central1",
+            display_name="taxonomy",
+            description="A collection of policy tags",
+            activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
+        policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
+            taxonomy=taxonomy.id,
+            display_name="Low security",
+            description="A policy tag normally associated with low security items")
+        test = gcp.bigquery.Dataset("test",
+            dataset_id="dataset_id",
+            location="us-central1")
+        custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
+            dataset_id=test.dataset_id,
+            routine_id="custom_masking_routine",
+            routine_type="SCALAR_FUNCTION",
+            language="SQL",
+            data_governance_type="DATA_MASKING",
+            definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
+            return_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            arguments=[gcp.bigquery.RoutineArgumentArgs(
+                name="ssn",
+                data_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            )])
+        data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
+            location="us-central1",
+            data_policy_id="data_policy",
+            policy_tag=policy_tag.name,
+            data_policy_type="DATA_MASKING_POLICY",
+            data_masking_policy=gcp.bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs(
+                routine=custom_masking_routine.id,
+            ))
+        ```
 
         ## Import
 
@@ -379,6 +418,45 @@ class DataPolicy(pulumi.CustomResource):
             policy_tag=policy_tag.name,
             data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")
         ```
+        ### Bigquery Datapolicy Data Policy Routine
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
+            region="us-central1",
+            display_name="taxonomy",
+            description="A collection of policy tags",
+            activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
+        policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
+            taxonomy=taxonomy.id,
+            display_name="Low security",
+            description="A policy tag normally associated with low security items")
+        test = gcp.bigquery.Dataset("test",
+            dataset_id="dataset_id",
+            location="us-central1")
+        custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
+            dataset_id=test.dataset_id,
+            routine_id="custom_masking_routine",
+            routine_type="SCALAR_FUNCTION",
+            language="SQL",
+            data_governance_type="DATA_MASKING",
+            definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
+            return_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            arguments=[gcp.bigquery.RoutineArgumentArgs(
+                name="ssn",
+                data_type="{\\"typeKind\\" :  \\"STRING\\"}",
+            )])
+        data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
+            location="us-central1",
+            data_policy_id="data_policy",
+            policy_tag=policy_tag.name,
+            data_policy_type="DATA_MASKING_POLICY",
+            data_masking_policy=gcp.bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs(
+                routine=custom_masking_routine.id,
+            ))
+        ```
 
         ## Import
 

pulumi_gcp/bigquerydatapolicy/outputs.py

@@ -35,22 +35,35 @@ class DataPolicyDataMaskingPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 predefined_expression: str):
+                 predefined_expression: Optional[str] = None,
+                 routine: Optional[str] = None):
         """
         :param str predefined_expression: The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
                Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
+        :param str routine: The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
         """
-        pulumi.set(__self__, "predefined_expression", predefined_expression)
+        if predefined_expression is not None:
+            pulumi.set(__self__, "predefined_expression", predefined_expression)
+        if routine is not None:
+            pulumi.set(__self__, "routine", routine)
 
     @property
     @pulumi.getter(name="predefinedExpression")
-    def predefined_expression(self) -> str:
+    def predefined_expression(self) -> Optional[str]:
         """
         The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
         Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
         """
         return pulumi.get(self, "predefined_expression")
 
+    @property
+    @pulumi.getter
+    def routine(self) -> Optional[str]:
+        """
+        The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
+        """
+        return pulumi.get(self, "routine")
+
 
 @pulumi.output_type
 class DataPolicyIamBindingCondition(dict):

pulumi_gcp/certificateauthority/_inputs.py

@@ -15,6 +15,7 @@ __all__ = [
     'AuthorityConfigSubjectConfigArgs',
     'AuthorityConfigSubjectConfigSubjectArgs',
     'AuthorityConfigSubjectConfigSubjectAltNameArgs',
+    'AuthorityConfigSubjectKeyIdArgs',
     'AuthorityConfigX509ConfigArgs',
     'AuthorityConfigX509ConfigAdditionalExtensionArgs',
     'AuthorityConfigX509ConfigAdditionalExtensionObjectIdArgs',
@@ -73,6 +74,7 @@ __all__ = [
     'CertificateConfigSubjectConfigArgs',
     'CertificateConfigSubjectConfigSubjectArgs',
     'CertificateConfigSubjectConfigSubjectAltNameArgs',
+    'CertificateConfigSubjectKeyIdArgs',
     'CertificateConfigX509ConfigArgs',
     'CertificateConfigX509ConfigAdditionalExtensionArgs',
     'CertificateConfigX509ConfigAdditionalExtensionObjectIdArgs',
@@ -152,18 +154,20 @@ class AuthorityAccessUrlArgs:
 class AuthorityConfigArgs:
     def __init__(__self__, *,
                  subject_config: pulumi.Input['AuthorityConfigSubjectConfigArgs'],
-                 x509_config: pulumi.Input['AuthorityConfigX509ConfigArgs']):
+                 x509_config: pulumi.Input['AuthorityConfigX509ConfigArgs'],
+                 subject_key_id: Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']] = None):
         """
         :param pulumi.Input['AuthorityConfigSubjectConfigArgs'] subject_config: Specifies some of the values in a certificate that are related to the subject.
                Structure is documented below.
-               
-               
-               <a name="nested_x509_config"></a>The `x509_config` block supports:
         :param pulumi.Input['AuthorityConfigX509ConfigArgs'] x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
+        :param pulumi.Input['AuthorityConfigSubjectKeyIdArgs'] subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+               Structure is documented below.
         """
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
+        if subject_key_id is not None:
+            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="subjectConfig")
@@ -171,9 +175,6 @@ class AuthorityConfigArgs:
         """
         Specifies some of the values in a certificate that are related to the subject.
         Structure is documented below.
-
-
-        <a name="nested_x509_config"></a>The `x509_config` block supports:
         """
         return pulumi.get(self, "subject_config")
 
@@ -194,6 +195,19 @@ class AuthorityConfigArgs:
     def x509_config(self, value: pulumi.Input['AuthorityConfigX509ConfigArgs']):
         pulumi.set(self, "x509_config", value)
 
+    @property
+    @pulumi.getter(name="subjectKeyId")
+    def subject_key_id(self) -> Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']]:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        Structure is documented below.
+        """
+        return pulumi.get(self, "subject_key_id")
+
+    @subject_key_id.setter
+    def subject_key_id(self, value: Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']]):
+        pulumi.set(self, "subject_key_id", value)
+
 
 @pulumi.input_type
 class AuthorityConfigSubjectConfigArgs:
@@ -441,6 +455,33 @@ class AuthorityConfigSubjectConfigSubjectAltNameArgs:
         pulumi.set(self, "uris", value)
 
 
+@pulumi.input_type
+class AuthorityConfigSubjectKeyIdArgs:
+    def __init__(__self__, *,
+                 key_id: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
+               
+               <a name="nested_x509_config"></a>The `x509_config` block supports:
+        """
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+
+        <a name="nested_x509_config"></a>The `x509_config` block supports:
+        """
+        return pulumi.get(self, "key_id")
+
+    @key_id.setter
+    def key_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "key_id", value)
+
+
 @pulumi.input_type
 class AuthorityConfigX509ConfigArgs:
     def __init__(__self__, *,
@@ -3449,8 +3490,7 @@ class CertificateCertificateDescriptionSubjectKeyIdArgs:
     def __init__(__self__, *,
                  key_id: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] key_id: (Output)
-               Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
+        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
         """
         if key_id is not None:
             pulumi.set(__self__, "key_id", key_id)
@@ -3459,8 +3499,7 @@ class CertificateCertificateDescriptionSubjectKeyIdArgs:
     @pulumi.getter(name="keyId")
     def key_id(self) -> Optional[pulumi.Input[str]]:
         """
-        (Output)
-        Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
+        The value of the KeyId in lowercase hexidecimal.
         """
         return pulumi.get(self, "key_id")
 
@@ -4284,7 +4323,8 @@ class CertificateConfigArgs:
     def __init__(__self__, *,
                  public_key: pulumi.Input['CertificateConfigPublicKeyArgs'],
                  subject_config: pulumi.Input['CertificateConfigSubjectConfigArgs'],
-                 x509_config: pulumi.Input['CertificateConfigX509ConfigArgs']):
+                 x509_config: pulumi.Input['CertificateConfigX509ConfigArgs'],
+                 subject_key_id: Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']] = None):
         """
         :param pulumi.Input['CertificateConfigPublicKeyArgs'] public_key: A PublicKey describes a public key.
                Structure is documented below.
@@ -4295,10 +4335,14 @@ class CertificateConfigArgs:
                Structure is documented below.
         :param pulumi.Input['CertificateConfigX509ConfigArgs'] x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
+        :param pulumi.Input['CertificateConfigSubjectKeyIdArgs'] subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+               Structure is documented below.
         """
         pulumi.set(__self__, "public_key", public_key)
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
+        if subject_key_id is not None:
+            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="publicKey")
@@ -4342,6 +4386,19 @@ class CertificateConfigArgs:
     def x509_config(self, value: pulumi.Input['CertificateConfigX509ConfigArgs']):
         pulumi.set(self, "x509_config", value)
 
+    @property
+    @pulumi.getter(name="subjectKeyId")
+    def subject_key_id(self) -> Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']]:
+        """
+        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
+        Structure is documented below.
+        """
+        return pulumi.get(self, "subject_key_id")
+
+    @subject_key_id.setter
+    def subject_key_id(self, value: Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']]):
+        pulumi.set(self, "subject_key_id", value)
+
 
 @pulumi.input_type
 class CertificateConfigPublicKeyArgs:
@@ -4629,6 +4686,29 @@ class CertificateConfigSubjectConfigSubjectAltNameArgs:
         pulumi.set(self, "uris", value)
 
 
+@pulumi.input_type
+class CertificateConfigSubjectKeyIdArgs:
+    def __init__(__self__, *,
+                 key_id: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
+        """
+        if key_id is not None:
+            pulumi.set(__self__, "key_id", key_id)
+
+    @property
+    @pulumi.getter(name="keyId")
+    def key_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The value of the KeyId in lowercase hexidecimal.
+        """
+        return pulumi.get(self, "key_id")
+
+    @key_id.setter
+    def key_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "key_id", value)
+
+
 @pulumi.input_type
 class CertificateConfigX509ConfigArgs:
     def __init__(__self__, *,

pulumi_gcp/certificateauthority/authority.py

@@ -44,8 +44,6 @@ class AuthorityArgs:
         :param pulumi.Input[str] location: Location of the CertificateAuthority. A full list of valid locations can be found by
                running `gcloud privateca locations list`.
         :param pulumi.Input[str] pool: The name of the CaPool this Certificate Authority belongs to.
-        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
                CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
@@ -65,7 +63,7 @@ class AuthorityArgs:
                'false'.
         :param pulumi.Input['AuthoritySubordinateConfigArgs'] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         pulumi.set(__self__, "certificate_authority_id", certificate_authority_id)
@@ -164,10 +162,6 @@ class AuthorityArgs:
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> Optional[pulumi.Input[bool]]:
-        """
-        Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-        state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
-        """
         return pulumi.get(self, "deletion_protection")
 
     @deletion_protection.setter
@@ -294,7 +288,7 @@ class AuthorityArgs:
     @pulumi.getter
     def type(self) -> Optional[pulumi.Input[str]]:
         """
-        The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
         before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         return pulumi.get(self, "type")
@@ -341,8 +335,6 @@ class _AuthorityState:
         :param pulumi.Input[str] create_time: The time at which this CertificateAuthority was created.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
                fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
-        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
@@ -379,7 +371,7 @@ class _AuthorityState:
         :param pulumi.Input[str] state: The State for this CertificateAuthority.
         :param pulumi.Input['AuthoritySubordinateConfigArgs'] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         :param pulumi.Input[str] update_time: The time at which this CertificateAuthority was updated.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
@@ -489,10 +481,6 @@ class _AuthorityState:
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> Optional[pulumi.Input[bool]]:
-        """
-        Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-        state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
-        """
         return pulumi.get(self, "deletion_protection")
 
     @deletion_protection.setter
@@ -724,7 +712,7 @@ class _AuthorityState:
     @pulumi.getter
     def type(self) -> Optional[pulumi.Input[str]]:
         """
-        The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
         before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         return pulumi.get(self, "type")
@@ -987,6 +975,61 @@ class Authority(pulumi.CustomResource):
                 ),
             ))
         ```
+        ### Privateca Certificate Authority Custom Ski
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        default = gcp.certificateauthority.Authority("default",
+            pool="ca-pool",
+            certificate_authority_id="my-certificate-authority",
+            location="us-central1",
+            deletion_protection=True,
+            config=gcp.certificateauthority.AuthorityConfigArgs(
+                subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
+                    subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
+                        organization="HashiCorp",
+                        common_name="my-certificate-authority",
+                    ),
+                    subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
+                        dns_names=["hashicorp.com"],
+                    ),
+                ),
+                subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
+                    key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
+                ),
+                x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
+                    ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
+                        is_ca=True,
+                        max_issuer_path_length=10,
+                    ),
+                    key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
+                        base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
+                            digital_signature=True,
+                            content_commitment=True,
+                            key_encipherment=False,
+                            data_encipherment=True,
+                            key_agreement=True,
+                            cert_sign=True,
+                            crl_sign=True,
+                            decipher_only=True,
+                        ),
+                        extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
+                            server_auth=True,
+                            client_auth=False,
+                            email_protection=True,
+                            code_signing=True,
+                            time_stamping=True,
+                        ),
+                    ),
+                ),
+            ),
+            lifetime="86400s",
+            key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
+                cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
+            ))
+        ```
 
         ## Import
 
@@ -1017,8 +1060,6 @@ class Authority(pulumi.CustomResource):
         :param pulumi.Input[str] certificate_authority_id: The user provided Resource ID for this Certificate Authority.
         :param pulumi.Input[pulumi.InputType['AuthorityConfigArgs']] config: The config used to create a self-signed X.509 certificate or CSR.
                Structure is documented below.
-        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
                CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
@@ -1045,7 +1086,7 @@ class Authority(pulumi.CustomResource):
                'false'.
         :param pulumi.Input[pulumi.InputType['AuthoritySubordinateConfigArgs']] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         ...
@@ -1271,6 +1312,61 @@ class Authority(pulumi.CustomResource):
                 ),
             ))
         ```
+        ### Privateca Certificate Authority Custom Ski
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        default = gcp.certificateauthority.Authority("default",
+            pool="ca-pool",
+            certificate_authority_id="my-certificate-authority",
+            location="us-central1",
+            deletion_protection=True,
+            config=gcp.certificateauthority.AuthorityConfigArgs(
+                subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
+                    subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
+                        organization="HashiCorp",
+                        common_name="my-certificate-authority",
+                    ),
+                    subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
+                        dns_names=["hashicorp.com"],
+                    ),
+                ),
+                subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
+                    key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
+                ),
+                x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
+                    ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
+                        is_ca=True,
+                        max_issuer_path_length=10,
+                    ),
+                    key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
+                        base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
+                            digital_signature=True,
+                            content_commitment=True,
+                            key_encipherment=False,
+                            data_encipherment=True,
+                            key_agreement=True,
+                            cert_sign=True,
+                            crl_sign=True,
+                            decipher_only=True,
+                        ),
+                        extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
+                            server_auth=True,
+                            client_auth=False,
+                            email_protection=True,
+                            code_signing=True,
+                            time_stamping=True,
+                        ),
+                    ),
+                ),
+            ),
+            lifetime="86400s",
+            key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
+                cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
+            ))
+        ```
 
         ## Import
 
@@ -1421,8 +1517,6 @@ class Authority(pulumi.CustomResource):
         :param pulumi.Input[str] create_time: The time at which this CertificateAuthority was created.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
                fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
-        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
@@ -1459,7 +1553,7 @@ class Authority(pulumi.CustomResource):
         :param pulumi.Input[str] state: The State for this CertificateAuthority.
         :param pulumi.Input[pulumi.InputType['AuthoritySubordinateConfigArgs']] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         :param pulumi.Input[str] update_time: The time at which this CertificateAuthority was updated.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
@@ -1534,10 +1628,6 @@ class Authority(pulumi.CustomResource):
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> pulumi.Output[Optional[bool]]:
-        """
-        Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
-        state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
-        """
         return pulumi.get(self, "deletion_protection")
 
     @property
@@ -1697,7 +1787,7 @@ class Authority(pulumi.CustomResource):
     @pulumi.getter
     def type(self) -> pulumi.Output[Optional[str]]:
         """
-        The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
         before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         return pulumi.get(self, "type")