pulumi-gcp 7.21.0__py3-none-any.whl → 7.21.0a1714149635__py3-none-any.whl

pulumi_gcp/bigquerydatapolicy/_inputs.py

@@ -18,21 +18,16 @@ __all__ = [
 @pulumi.input_type
 class DataPolicyDataMaskingPolicyArgs:
     def __init__(__self__, *,
-                 predefined_expression: Optional[pulumi.Input[str]] = None,
-                 routine: Optional[pulumi.Input[str]] = None):
+                 predefined_expression: pulumi.Input[str]):
         """
         :param pulumi.Input[str] predefined_expression: The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
                Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
-        :param pulumi.Input[str] routine: The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
         """
-        if predefined_expression is not None:
-            pulumi.set(__self__, "predefined_expression", predefined_expression)
-        if routine is not None:
-            pulumi.set(__self__, "routine", routine)
+        pulumi.set(__self__, "predefined_expression", predefined_expression)
 
     @property
     @pulumi.getter(name="predefinedExpression")
-    def predefined_expression(self) -> Optional[pulumi.Input[str]]:
+    def predefined_expression(self) -> pulumi.Input[str]:
         """
         The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
         Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
@@ -40,21 +35,9 @@ class DataPolicyDataMaskingPolicyArgs:
         return pulumi.get(self, "predefined_expression")
 
     @predefined_expression.setter
-    def predefined_expression(self, value: Optional[pulumi.Input[str]]):
+    def predefined_expression(self, value: pulumi.Input[str]):
         pulumi.set(self, "predefined_expression", value)
 
-    @property
-    @pulumi.getter
-    def routine(self) -> Optional[pulumi.Input[str]]:
-        """
-        The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
-        """
-        return pulumi.get(self, "routine")
-
-    @routine.setter
-    def routine(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "routine", value)
-
 
 @pulumi.input_type
 class DataPolicyIamBindingConditionArgs:

pulumi_gcp/bigquerydatapolicy/data_policy.py

@@ -301,45 +301,6 @@ class DataPolicy(pulumi.CustomResource):
             policy_tag=policy_tag.name,
             data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")
         ```
-        ### Bigquery Datapolicy Data Policy Routine
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
-            region="us-central1",
-            display_name="taxonomy",
-            description="A collection of policy tags",
-            activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
-        policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
-            taxonomy=taxonomy.id,
-            display_name="Low security",
-            description="A policy tag normally associated with low security items")
-        test = gcp.bigquery.Dataset("test",
-            dataset_id="dataset_id",
-            location="us-central1")
-        custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
-            dataset_id=test.dataset_id,
-            routine_id="custom_masking_routine",
-            routine_type="SCALAR_FUNCTION",
-            language="SQL",
-            data_governance_type="DATA_MASKING",
-            definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
-            return_type="{\\"typeKind\\" :  \\"STRING\\"}",
-            arguments=[gcp.bigquery.RoutineArgumentArgs(
-                name="ssn",
-                data_type="{\\"typeKind\\" :  \\"STRING\\"}",
-            )])
-        data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
-            location="us-central1",
-            data_policy_id="data_policy",
-            policy_tag=policy_tag.name,
-            data_policy_type="DATA_MASKING_POLICY",
-            data_masking_policy=gcp.bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs(
-                routine=custom_masking_routine.id,
-            ))
-        ```
 
         ## Import
 
@@ -418,45 +379,6 @@ class DataPolicy(pulumi.CustomResource):
             policy_tag=policy_tag.name,
             data_policy_type="COLUMN_LEVEL_SECURITY_POLICY")
         ```
-        ### Bigquery Datapolicy Data Policy Routine
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        taxonomy = gcp.datacatalog.Taxonomy("taxonomy",
-            region="us-central1",
-            display_name="taxonomy",
-            description="A collection of policy tags",
-            activated_policy_types=["FINE_GRAINED_ACCESS_CONTROL"])
-        policy_tag = gcp.datacatalog.PolicyTag("policy_tag",
-            taxonomy=taxonomy.id,
-            display_name="Low security",
-            description="A policy tag normally associated with low security items")
-        test = gcp.bigquery.Dataset("test",
-            dataset_id="dataset_id",
-            location="us-central1")
-        custom_masking_routine = gcp.bigquery.Routine("custom_masking_routine",
-            dataset_id=test.dataset_id,
-            routine_id="custom_masking_routine",
-            routine_type="SCALAR_FUNCTION",
-            language="SQL",
-            data_governance_type="DATA_MASKING",
-            definition_body="SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')",
-            return_type="{\\"typeKind\\" :  \\"STRING\\"}",
-            arguments=[gcp.bigquery.RoutineArgumentArgs(
-                name="ssn",
-                data_type="{\\"typeKind\\" :  \\"STRING\\"}",
-            )])
-        data_policy = gcp.bigquerydatapolicy.DataPolicy("data_policy",
-            location="us-central1",
-            data_policy_id="data_policy",
-            policy_tag=policy_tag.name,
-            data_policy_type="DATA_MASKING_POLICY",
-            data_masking_policy=gcp.bigquerydatapolicy.DataPolicyDataMaskingPolicyArgs(
-                routine=custom_masking_routine.id,
-            ))
-        ```
 
         ## Import
 

pulumi_gcp/bigquerydatapolicy/outputs.py

@@ -35,35 +35,22 @@ class DataPolicyDataMaskingPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 predefined_expression: Optional[str] = None,
-                 routine: Optional[str] = None):
+                 predefined_expression: str):
         """
         :param str predefined_expression: The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
                Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
-        :param str routine: The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
         """
-        if predefined_expression is not None:
-            pulumi.set(__self__, "predefined_expression", predefined_expression)
-        if routine is not None:
-            pulumi.set(__self__, "routine", routine)
+        pulumi.set(__self__, "predefined_expression", predefined_expression)
 
     @property
     @pulumi.getter(name="predefinedExpression")
-    def predefined_expression(self) -> Optional[str]:
+    def predefined_expression(self) -> str:
         """
         The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options.
         Possible values are: `SHA256`, `ALWAYS_NULL`, `DEFAULT_MASKING_VALUE`, `LAST_FOUR_CHARACTERS`, `FIRST_FOUR_CHARACTERS`, `EMAIL_MASK`, `DATE_YEAR_MASK`.
         """
         return pulumi.get(self, "predefined_expression")
 
-    @property
-    @pulumi.getter
-    def routine(self) -> Optional[str]:
-        """
-        The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.
-        """
-        return pulumi.get(self, "routine")
-
 
 @pulumi.output_type
 class DataPolicyIamBindingCondition(dict):

pulumi_gcp/certificateauthority/_inputs.py

@@ -15,7 +15,6 @@ __all__ = [
     'AuthorityConfigSubjectConfigArgs',
     'AuthorityConfigSubjectConfigSubjectArgs',
     'AuthorityConfigSubjectConfigSubjectAltNameArgs',
-    'AuthorityConfigSubjectKeyIdArgs',
     'AuthorityConfigX509ConfigArgs',
     'AuthorityConfigX509ConfigAdditionalExtensionArgs',
     'AuthorityConfigX509ConfigAdditionalExtensionObjectIdArgs',
@@ -74,7 +73,6 @@ __all__ = [
     'CertificateConfigSubjectConfigArgs',
     'CertificateConfigSubjectConfigSubjectArgs',
     'CertificateConfigSubjectConfigSubjectAltNameArgs',
-    'CertificateConfigSubjectKeyIdArgs',
     'CertificateConfigX509ConfigArgs',
     'CertificateConfigX509ConfigAdditionalExtensionArgs',
     'CertificateConfigX509ConfigAdditionalExtensionObjectIdArgs',
@@ -154,20 +152,18 @@ class AuthorityAccessUrlArgs:
 class AuthorityConfigArgs:
     def __init__(__self__, *,
                  subject_config: pulumi.Input['AuthorityConfigSubjectConfigArgs'],
-                 x509_config: pulumi.Input['AuthorityConfigX509ConfigArgs'],
-                 subject_key_id: Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']] = None):
+                 x509_config: pulumi.Input['AuthorityConfigX509ConfigArgs']):
         """
         :param pulumi.Input['AuthorityConfigSubjectConfigArgs'] subject_config: Specifies some of the values in a certificate that are related to the subject.
                Structure is documented below.
+               
+               
+               <a name="nested_x509_config"></a>The `x509_config` block supports:
         :param pulumi.Input['AuthorityConfigX509ConfigArgs'] x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
-        :param pulumi.Input['AuthorityConfigSubjectKeyIdArgs'] subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
-               Structure is documented below.
         """
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
-        if subject_key_id is not None:
-            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="subjectConfig")
@@ -175,6 +171,9 @@ class AuthorityConfigArgs:
         """
         Specifies some of the values in a certificate that are related to the subject.
         Structure is documented below.
+
+
+        <a name="nested_x509_config"></a>The `x509_config` block supports:
         """
         return pulumi.get(self, "subject_config")
 
@@ -195,19 +194,6 @@ class AuthorityConfigArgs:
     def x509_config(self, value: pulumi.Input['AuthorityConfigX509ConfigArgs']):
         pulumi.set(self, "x509_config", value)
 
-    @property
-    @pulumi.getter(name="subjectKeyId")
-    def subject_key_id(self) -> Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']]:
-        """
-        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
-        Structure is documented below.
-        """
-        return pulumi.get(self, "subject_key_id")
-
-    @subject_key_id.setter
-    def subject_key_id(self, value: Optional[pulumi.Input['AuthorityConfigSubjectKeyIdArgs']]):
-        pulumi.set(self, "subject_key_id", value)
-
 
 @pulumi.input_type
 class AuthorityConfigSubjectConfigArgs:
@@ -455,33 +441,6 @@ class AuthorityConfigSubjectConfigSubjectAltNameArgs:
         pulumi.set(self, "uris", value)
 
 
-@pulumi.input_type
-class AuthorityConfigSubjectKeyIdArgs:
-    def __init__(__self__, *,
-                 key_id: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
-               
-               <a name="nested_x509_config"></a>The `x509_config` block supports:
-        """
-        if key_id is not None:
-            pulumi.set(__self__, "key_id", key_id)
-
-    @property
-    @pulumi.getter(name="keyId")
-    def key_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The value of the KeyId in lowercase hexidecimal.
-
-        <a name="nested_x509_config"></a>The `x509_config` block supports:
-        """
-        return pulumi.get(self, "key_id")
-
-    @key_id.setter
-    def key_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "key_id", value)
-
-
 @pulumi.input_type
 class AuthorityConfigX509ConfigArgs:
     def __init__(__self__, *,
@@ -3490,7 +3449,8 @@ class CertificateCertificateDescriptionSubjectKeyIdArgs:
     def __init__(__self__, *,
                  key_id: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
+        :param pulumi.Input[str] key_id: (Output)
+               Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
         """
         if key_id is not None:
             pulumi.set(__self__, "key_id", key_id)
@@ -3499,7 +3459,8 @@ class CertificateCertificateDescriptionSubjectKeyIdArgs:
     @pulumi.getter(name="keyId")
     def key_id(self) -> Optional[pulumi.Input[str]]:
         """
-        The value of the KeyId in lowercase hexidecimal.
+        (Output)
+        Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.
         """
         return pulumi.get(self, "key_id")
 
@@ -4323,8 +4284,7 @@ class CertificateConfigArgs:
     def __init__(__self__, *,
                  public_key: pulumi.Input['CertificateConfigPublicKeyArgs'],
                  subject_config: pulumi.Input['CertificateConfigSubjectConfigArgs'],
-                 x509_config: pulumi.Input['CertificateConfigX509ConfigArgs'],
-                 subject_key_id: Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']] = None):
+                 x509_config: pulumi.Input['CertificateConfigX509ConfigArgs']):
         """
         :param pulumi.Input['CertificateConfigPublicKeyArgs'] public_key: A PublicKey describes a public key.
                Structure is documented below.
@@ -4335,14 +4295,10 @@ class CertificateConfigArgs:
                Structure is documented below.
         :param pulumi.Input['CertificateConfigX509ConfigArgs'] x509_config: Describes how some of the technical X.509 fields in a certificate should be populated.
                Structure is documented below.
-        :param pulumi.Input['CertificateConfigSubjectKeyIdArgs'] subject_key_id: When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
-               Structure is documented below.
         """
         pulumi.set(__self__, "public_key", public_key)
         pulumi.set(__self__, "subject_config", subject_config)
         pulumi.set(__self__, "x509_config", x509_config)
-        if subject_key_id is not None:
-            pulumi.set(__self__, "subject_key_id", subject_key_id)
 
     @property
     @pulumi.getter(name="publicKey")
@@ -4386,19 +4342,6 @@ class CertificateConfigArgs:
     def x509_config(self, value: pulumi.Input['CertificateConfigX509ConfigArgs']):
         pulumi.set(self, "x509_config", value)
 
-    @property
-    @pulumi.getter(name="subjectKeyId")
-    def subject_key_id(self) -> Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']]:
-        """
-        When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..
-        Structure is documented below.
-        """
-        return pulumi.get(self, "subject_key_id")
-
-    @subject_key_id.setter
-    def subject_key_id(self, value: Optional[pulumi.Input['CertificateConfigSubjectKeyIdArgs']]):
-        pulumi.set(self, "subject_key_id", value)
-
 
 @pulumi.input_type
 class CertificateConfigPublicKeyArgs:
@@ -4686,29 +4629,6 @@ class CertificateConfigSubjectConfigSubjectAltNameArgs:
         pulumi.set(self, "uris", value)
 
 
-@pulumi.input_type
-class CertificateConfigSubjectKeyIdArgs:
-    def __init__(__self__, *,
-                 key_id: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] key_id: The value of the KeyId in lowercase hexidecimal.
-        """
-        if key_id is not None:
-            pulumi.set(__self__, "key_id", key_id)
-
-    @property
-    @pulumi.getter(name="keyId")
-    def key_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        The value of the KeyId in lowercase hexidecimal.
-        """
-        return pulumi.get(self, "key_id")
-
-    @key_id.setter
-    def key_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "key_id", value)
-
-
 @pulumi.input_type
 class CertificateConfigX509ConfigArgs:
     def __init__(__self__, *,

pulumi_gcp/certificateauthority/authority.py

@@ -44,6 +44,8 @@ class AuthorityArgs:
         :param pulumi.Input[str] location: Location of the CertificateAuthority. A full list of valid locations can be found by
                running `gcloud privateca locations list`.
         :param pulumi.Input[str] pool: The name of the CaPool this Certificate Authority belongs to.
+        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
                CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
@@ -63,7 +65,7 @@ class AuthorityArgs:
                'false'.
         :param pulumi.Input['AuthoritySubordinateConfigArgs'] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         pulumi.set(__self__, "certificate_authority_id", certificate_authority_id)
@@ -162,6 +164,10 @@ class AuthorityArgs:
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+        state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
+        """
         return pulumi.get(self, "deletion_protection")
 
     @deletion_protection.setter
@@ -288,7 +294,7 @@ class AuthorityArgs:
     @pulumi.getter
     def type(self) -> Optional[pulumi.Input[str]]:
         """
-        The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
         before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         return pulumi.get(self, "type")
@@ -335,6 +341,8 @@ class _AuthorityState:
         :param pulumi.Input[str] create_time: The time at which this CertificateAuthority was created.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
                fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
@@ -371,7 +379,7 @@ class _AuthorityState:
         :param pulumi.Input[str] state: The State for this CertificateAuthority.
         :param pulumi.Input['AuthoritySubordinateConfigArgs'] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         :param pulumi.Input[str] update_time: The time at which this CertificateAuthority was updated.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
@@ -481,6 +489,10 @@ class _AuthorityState:
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+        state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
+        """
         return pulumi.get(self, "deletion_protection")
 
     @deletion_protection.setter
@@ -712,7 +724,7 @@ class _AuthorityState:
     @pulumi.getter
     def type(self) -> Optional[pulumi.Input[str]]:
         """
-        The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
         before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         return pulumi.get(self, "type")
@@ -975,61 +987,6 @@ class Authority(pulumi.CustomResource):
                 ),
             ))
         ```
-        ### Privateca Certificate Authority Custom Ski
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        default = gcp.certificateauthority.Authority("default",
-            pool="ca-pool",
-            certificate_authority_id="my-certificate-authority",
-            location="us-central1",
-            deletion_protection=True,
-            config=gcp.certificateauthority.AuthorityConfigArgs(
-                subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
-                    subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
-                        organization="HashiCorp",
-                        common_name="my-certificate-authority",
-                    ),
-                    subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
-                        dns_names=["hashicorp.com"],
-                    ),
-                ),
-                subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
-                    key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
-                ),
-                x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
-                    ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
-                        is_ca=True,
-                        max_issuer_path_length=10,
-                    ),
-                    key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
-                        base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
-                            digital_signature=True,
-                            content_commitment=True,
-                            key_encipherment=False,
-                            data_encipherment=True,
-                            key_agreement=True,
-                            cert_sign=True,
-                            crl_sign=True,
-                            decipher_only=True,
-                        ),
-                        extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
-                            server_auth=True,
-                            client_auth=False,
-                            email_protection=True,
-                            code_signing=True,
-                            time_stamping=True,
-                        ),
-                    ),
-                ),
-            ),
-            lifetime="86400s",
-            key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
-                cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
-            ))
-        ```
 
         ## Import
 
@@ -1060,6 +1017,8 @@ class Authority(pulumi.CustomResource):
         :param pulumi.Input[str] certificate_authority_id: The user provided Resource ID for this Certificate Authority.
         :param pulumi.Input[pulumi.InputType['AuthorityConfigArgs']] config: The config used to create a self-signed X.509 certificate or CSR.
                Structure is documented below.
+        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
                CRLs. This must be a bucket name, without any prefixes (such as 'gs://') or suffixes (such as '.googleapis.com'). For
@@ -1086,7 +1045,7 @@ class Authority(pulumi.CustomResource):
                'false'.
         :param pulumi.Input[pulumi.InputType['AuthoritySubordinateConfigArgs']] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         ...
@@ -1312,61 +1271,6 @@ class Authority(pulumi.CustomResource):
                 ),
             ))
         ```
-        ### Privateca Certificate Authority Custom Ski
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        default = gcp.certificateauthority.Authority("default",
-            pool="ca-pool",
-            certificate_authority_id="my-certificate-authority",
-            location="us-central1",
-            deletion_protection=True,
-            config=gcp.certificateauthority.AuthorityConfigArgs(
-                subject_config=gcp.certificateauthority.AuthorityConfigSubjectConfigArgs(
-                    subject=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectArgs(
-                        organization="HashiCorp",
-                        common_name="my-certificate-authority",
-                    ),
-                    subject_alt_name=gcp.certificateauthority.AuthorityConfigSubjectConfigSubjectAltNameArgs(
-                        dns_names=["hashicorp.com"],
-                    ),
-                ),
-                subject_key_id=gcp.certificateauthority.AuthorityConfigSubjectKeyIdArgs(
-                    key_id="4cf3372289b1d411b999dbb9ebcd44744b6b2fca",
-                ),
-                x509_config=gcp.certificateauthority.AuthorityConfigX509ConfigArgs(
-                    ca_options=gcp.certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs(
-                        is_ca=True,
-                        max_issuer_path_length=10,
-                    ),
-                    key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs(
-                        base_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs(
-                            digital_signature=True,
-                            content_commitment=True,
-                            key_encipherment=False,
-                            data_encipherment=True,
-                            key_agreement=True,
-                            cert_sign=True,
-                            crl_sign=True,
-                            decipher_only=True,
-                        ),
-                        extended_key_usage=gcp.certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs(
-                            server_auth=True,
-                            client_auth=False,
-                            email_protection=True,
-                            code_signing=True,
-                            time_stamping=True,
-                        ),
-                    ),
-                ),
-            ),
-            lifetime="86400s",
-            key_spec=gcp.certificateauthority.AuthorityKeySpecArgs(
-                cloud_kms_key_version="projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1",
-            ))
-        ```
 
         ## Import
 
@@ -1517,6 +1421,8 @@ class Authority(pulumi.CustomResource):
         :param pulumi.Input[str] create_time: The time at which this CertificateAuthority was created.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
                fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+        :param pulumi.Input[bool] deletion_protection: Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+               state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
         :param pulumi.Input[str] desired_state: Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[str] gcs_bucket: The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and
@@ -1553,7 +1459,7 @@ class Authority(pulumi.CustomResource):
         :param pulumi.Input[str] state: The State for this CertificateAuthority.
         :param pulumi.Input[pulumi.InputType['AuthoritySubordinateConfigArgs']] subordinate_config: If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which
                describes its issuers.
-        :param pulumi.Input[str] type: The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        :param pulumi.Input[str] type: The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
                before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         :param pulumi.Input[str] update_time: The time at which this CertificateAuthority was updated.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine
@@ -1628,6 +1534,10 @@ class Authority(pulumi.CustomResource):
     @property
     @pulumi.getter(name="deletionProtection")
     def deletion_protection(self) -> pulumi.Output[Optional[bool]]:
+        """
+        Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false in Terraform
+        state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.
+        """
         return pulumi.get(self, "deletion_protection")
 
     @property
@@ -1787,7 +1697,7 @@ class Authority(pulumi.CustomResource):
     @pulumi.getter
     def type(self) -> pulumi.Output[Optional[str]]:
         """
-        The Type of this CertificateAuthority. > **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
+        The Type of this CertificateAuthority. ~> **Note:** For 'SUBORDINATE' Certificate Authorities, they need to be activated
         before they can issue certificates. Default value: "SELF_SIGNED" Possible values: ["SELF_SIGNED", "SUBORDINATE"]
         """
         return pulumi.get(self, "type")