pulumi-gcp 7.22.0a1715345822__py3-none-any.whl → 7.23.0__py3-none-any.whl

pulumi_gcp/networksecurity/firewall_endpoint.py

@@ -360,6 +360,23 @@ class FirewallEndpoint(pulumi.CustomResource):
                  parent: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        A Firewall endpoint is a Cloud Firewall resource that enables
+        layer 7 advanced protection capabilities, such as intrusion prevention,
+        in your network.
+
+        To get more information about FirewallEndpoint, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/organizations.locations.firewallEndpoints)
+        * How-to Guides
+            * [Firewall endpoint overview](https://cloud.google.com/firewall/docs/about-firewall-endpoints)
+            * [Create and associate firewall endpoints](https://cloud.google.com/firewall/docs/configure-firewall-endpoints)
+
+        > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
+        you must specify a `billing_project_id` and set `user_project_override` to true
+        in the provider configuration. Otherwise the ACM API will return a 403 error.
+        Your account must have the `serviceusage.services.use` permission on the
+        `billing_project_id` you defined.
+
         ## Example Usage
 
         ### Network Security Firewall Endpoint Basic
@@ -412,6 +429,23 @@ class FirewallEndpoint(pulumi.CustomResource):
                  args: FirewallEndpointArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        A Firewall endpoint is a Cloud Firewall resource that enables
+        layer 7 advanced protection capabilities, such as intrusion prevention,
+        in your network.
+
+        To get more information about FirewallEndpoint, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/organizations.locations.firewallEndpoints)
+        * How-to Guides
+            * [Firewall endpoint overview](https://cloud.google.com/firewall/docs/about-firewall-endpoints)
+            * [Create and associate firewall endpoints](https://cloud.google.com/firewall/docs/configure-firewall-endpoints)
+
+        > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
+        you must specify a `billing_project_id` and set `user_project_override` to true
+        in the provider configuration. Otherwise the ACM API will return a 403 error.
+        Your account must have the `serviceusage.services.use` permission on the
+        `billing_project_id` you defined.
+
         ## Example Usage
 
         ### Network Security Firewall Endpoint Basic

pulumi_gcp/networksecurity/firewall_endpoint_association.py

@@ -445,6 +445,18 @@ class FirewallEndpointAssociation(pulumi.CustomResource):
                  tls_inspection_policy: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        Firewall endpoint association links a firewall endpoint to a VPC network in
+        the same zone. After you define this association, Cloud Firewall forwards the
+        zonal workload traffic in your VPC network that requires layer 7 inspection to
+        the attached firewall endpoint.
+
+        To get more information about FirewallEndpointAssociation, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/projects.locations.firewallEndpointAssociations#FirewallEndpointAssociation)
+        * How-to Guides
+            * [Firewall endpoint overview](https://cloud.google.com/firewall/docs/about-firewall-endpoints)
+            * [Create and associate firewall endpoints](https://cloud.google.com/firewall/docs/configure-firewall-endpoints)
+
         ## Example Usage
 
         ### Network Security Firewall Endpoint Association Basic
@@ -508,6 +520,18 @@ class FirewallEndpointAssociation(pulumi.CustomResource):
                  args: FirewallEndpointAssociationArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        Firewall endpoint association links a firewall endpoint to a VPC network in
+        the same zone. After you define this association, Cloud Firewall forwards the
+        zonal workload traffic in your VPC network that requires layer 7 inspection to
+        the attached firewall endpoint.
+
+        To get more information about FirewallEndpointAssociation, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/projects.locations.firewallEndpointAssociations#FirewallEndpointAssociation)
+        * How-to Guides
+            * [Firewall endpoint overview](https://cloud.google.com/firewall/docs/about-firewall-endpoints)
+            * [Create and associate firewall endpoints](https://cloud.google.com/firewall/docs/configure-firewall-endpoints)
+
         ## Example Usage
 
         ### Network Security Firewall Endpoint Association Basic

pulumi_gcp/networksecurity/security_profile.py

@@ -408,6 +408,14 @@ class SecurityProfile(pulumi.CustomResource):
                  type: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        A security profile defines the behavior associated to a profile type.
+
+        To get more information about SecurityProfile, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/projects.locations.securityProfiles)
+        * How-to Guides
+            * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)
+
         ## Example Usage
 
         ### Network Security Security Profile Basic
@@ -493,6 +501,14 @@ class SecurityProfile(pulumi.CustomResource):
                  args: SecurityProfileArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        A security profile defines the behavior associated to a profile type.
+
+        To get more information about SecurityProfile, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/projects.locations.securityProfiles)
+        * How-to Guides
+            * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)
+
         ## Example Usage
 
         ### Network Security Security Profile Basic

pulumi_gcp/networksecurity/security_profile_group.py

@@ -350,6 +350,15 @@ class SecurityProfileGroup(pulumi.CustomResource):
                  threat_prevention_profile: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        A security profile group defines a container for security profiles.
+
+        To get more information about SecurityProfileGroup, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/organizations.locations.securityProfileGroups)
+        * How-to Guides
+            * [Security profile groups overview](https://cloud.google.com/firewall/docs/about-security-profile-groups)
+            * [Create and manage security profile groups](https://cloud.google.com/firewall/docs/configure-security-profile-groups)
+
         ## Example Usage
 
         ### Network Security Security Profile Group Basic
@@ -409,6 +418,15 @@ class SecurityProfileGroup(pulumi.CustomResource):
                  args: Optional[SecurityProfileGroupArgs] = None,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        A security profile group defines a container for security profiles.
+
+        To get more information about SecurityProfileGroup, see:
+
+        * [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/organizations.locations.securityProfileGroups)
+        * How-to Guides
+            * [Security profile groups overview](https://cloud.google.com/firewall/docs/about-security-profile-groups)
+            * [Create and manage security profile groups](https://cloud.google.com/firewall/docs/configure-security-profile-groups)
+
         ## Example Usage
 
         ### Network Security Security Profile Group Basic

pulumi_gcp/networksecurity/tls_inspection_policy.py

@@ -279,6 +279,14 @@ class TlsInspectionPolicy(pulumi.CustomResource):
                  project: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
+        The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.
+
+        To get more information about TlsInspectionPolicy, see:
+
+        * [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.tlsInspectionPolicies)
+        * How-to Guides
+            * [Use TlsInspectionPolicy](https://cloud.google.com/secure-web-proxy/docs/tls-inspection-overview)
+
         ## Example Usage
 
         ### Network Security Tls Inspection Policy Basic
@@ -399,6 +407,14 @@ class TlsInspectionPolicy(pulumi.CustomResource):
                  args: TlsInspectionPolicyArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        The TlsInspectionPolicy resource contains references to CA pools in Certificate Authority Service and associated metadata.
+
+        To get more information about TlsInspectionPolicy, see:
+
+        * [API documentation](https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest/v1/projects.locations.tlsInspectionPolicies)
+        * How-to Guides
+            * [Use TlsInspectionPolicy](https://cloud.google.com/secure-web-proxy/docs/tls-inspection-overview)
+
         ## Example Usage
 
         ### Network Security Tls Inspection Policy Basic

pulumi_gcp/orgpolicy/policy.py

@@ -297,7 +297,7 @@ class Policy(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         constraint = gcp.orgpolicy.CustomConstraint("constraint",
-            name="custom.disableGkeAutoUpgrade_75092",
+            name="custom.disableGkeAutoUpgrade_29439",
             parent="organizations/123456789",
             display_name="Disable GKE auto upgrade",
             description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",
@@ -449,7 +449,7 @@ class Policy(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         constraint = gcp.orgpolicy.CustomConstraint("constraint",
-            name="custom.disableGkeAutoUpgrade_75092",
+            name="custom.disableGkeAutoUpgrade_29439",
             parent="organizations/123456789",
             display_name="Disable GKE auto upgrade",
             description="Only allow GKE NodePool resource to be created or updated if AutoUpgrade is not enabled where this custom constraint is enforced.",

pulumi_gcp/privilegedaccessmanager/__init__.py

@@ -0,0 +1,10 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+from .. import _utilities
+import typing
+# Export this package's modules as members:
+from .entitlement import *
+from ._inputs import *
+from . import outputs

pulumi_gcp/privilegedaccessmanager/_inputs.py

@@ -0,0 +1,420 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+
+__all__ = [
+    'EntitlementAdditionalNotificationTargetsArgs',
+    'EntitlementApprovalWorkflowArgs',
+    'EntitlementApprovalWorkflowManualApprovalsArgs',
+    'EntitlementApprovalWorkflowManualApprovalsStepArgs',
+    'EntitlementApprovalWorkflowManualApprovalsStepApproversArgs',
+    'EntitlementEligibleUserArgs',
+    'EntitlementPrivilegedAccessArgs',
+    'EntitlementPrivilegedAccessGcpIamAccessArgs',
+    'EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs',
+    'EntitlementRequesterJustificationConfigArgs',
+    'EntitlementRequesterJustificationConfigNotMandatoryArgs',
+    'EntitlementRequesterJustificationConfigUnstructuredArgs',
+]
+
+@pulumi.input_type
+class EntitlementAdditionalNotificationTargetsArgs:
+    def __init__(__self__, *,
+                 admin_email_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 requester_email_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] admin_email_recipients: Optional. Additional email addresses to be notified when a principal(requester) is granted access.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] requester_email_recipients: Optional. Additional email address to be notified about an eligible entitlement.
+        """
+        if admin_email_recipients is not None:
+            pulumi.set(__self__, "admin_email_recipients", admin_email_recipients)
+        if requester_email_recipients is not None:
+            pulumi.set(__self__, "requester_email_recipients", requester_email_recipients)
+
+    @property
+    @pulumi.getter(name="adminEmailRecipients")
+    def admin_email_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Optional. Additional email addresses to be notified when a principal(requester) is granted access.
+        """
+        return pulumi.get(self, "admin_email_recipients")
+
+    @admin_email_recipients.setter
+    def admin_email_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "admin_email_recipients", value)
+
+    @property
+    @pulumi.getter(name="requesterEmailRecipients")
+    def requester_email_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Optional. Additional email address to be notified about an eligible entitlement.
+        """
+        return pulumi.get(self, "requester_email_recipients")
+
+    @requester_email_recipients.setter
+    def requester_email_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "requester_email_recipients", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowArgs:
+    def __init__(__self__, *,
+                 manual_approvals: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs']):
+        """
+        :param pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs'] manual_approvals: A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant.
+               The workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step.
+               This can be used to create approval workflows such as
+               * Require an approval from any user in a group G.
+               * Require an approval from any k number of users from a Group G.
+               * Require an approval from any user in a group G and then from a user U. etc.
+               A single user might be part of `approvers` ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "manual_approvals", manual_approvals)
+
+    @property
+    @pulumi.getter(name="manualApprovals")
+    def manual_approvals(self) -> pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs']:
+        """
+        A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant.
+        The workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step.
+        This can be used to create approval workflows such as
+        * Require an approval from any user in a group G.
+        * Require an approval from any k number of users from a Group G.
+        * Require an approval from any user in a group G and then from a user U. etc.
+        A single user might be part of `approvers` ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "manual_approvals")
+
+    @manual_approvals.setter
+    def manual_approvals(self, value: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsArgs']):
+        pulumi.set(self, "manual_approvals", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowManualApprovalsArgs:
+    def __init__(__self__, *,
+                 steps: pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]],
+                 require_approver_justification: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]] steps: List of approval steps in this workflow. These steps would be followed in the specified order sequentially.  1 step is supported for now.
+               Structure is documented below.
+        :param pulumi.Input[bool] require_approver_justification: Optional. Do the approvers need to provide a justification for their actions?
+        """
+        pulumi.set(__self__, "steps", steps)
+        if require_approver_justification is not None:
+            pulumi.set(__self__, "require_approver_justification", require_approver_justification)
+
+    @property
+    @pulumi.getter
+    def steps(self) -> pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]]:
+        """
+        List of approval steps in this workflow. These steps would be followed in the specified order sequentially.  1 step is supported for now.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "steps")
+
+    @steps.setter
+    def steps(self, value: pulumi.Input[Sequence[pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepArgs']]]):
+        pulumi.set(self, "steps", value)
+
+    @property
+    @pulumi.getter(name="requireApproverJustification")
+    def require_approver_justification(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Optional. Do the approvers need to provide a justification for their actions?
+        """
+        return pulumi.get(self, "require_approver_justification")
+
+    @require_approver_justification.setter
+    def require_approver_justification(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "require_approver_justification", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowManualApprovalsStepArgs:
+    def __init__(__self__, *,
+                 approvers: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs'],
+                 approvals_needed: Optional[pulumi.Input[int]] = None,
+                 approver_email_recipients: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs'] approvers: The potential set of approvers in this step. This list should contain at only one entry.
+               Structure is documented below.
+        :param pulumi.Input[int] approvals_needed: How many users from the above list need to approve.
+               If there are not enough distinct users in the list above then the workflow
+               will indefinitely block. Should always be greater than 0. Currently 1 is the only
+               supported value.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] approver_email_recipients: Optional. Additional email addresses to be notified when a grant is pending approval.
+        """
+        pulumi.set(__self__, "approvers", approvers)
+        if approvals_needed is not None:
+            pulumi.set(__self__, "approvals_needed", approvals_needed)
+        if approver_email_recipients is not None:
+            pulumi.set(__self__, "approver_email_recipients", approver_email_recipients)
+
+    @property
+    @pulumi.getter
+    def approvers(self) -> pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs']:
+        """
+        The potential set of approvers in this step. This list should contain at only one entry.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "approvers")
+
+    @approvers.setter
+    def approvers(self, value: pulumi.Input['EntitlementApprovalWorkflowManualApprovalsStepApproversArgs']):
+        pulumi.set(self, "approvers", value)
+
+    @property
+    @pulumi.getter(name="approvalsNeeded")
+    def approvals_needed(self) -> Optional[pulumi.Input[int]]:
+        """
+        How many users from the above list need to approve.
+        If there are not enough distinct users in the list above then the workflow
+        will indefinitely block. Should always be greater than 0. Currently 1 is the only
+        supported value.
+        """
+        return pulumi.get(self, "approvals_needed")
+
+    @approvals_needed.setter
+    def approvals_needed(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "approvals_needed", value)
+
+    @property
+    @pulumi.getter(name="approverEmailRecipients")
+    def approver_email_recipients(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Optional. Additional email addresses to be notified when a grant is pending approval.
+        """
+        return pulumi.get(self, "approver_email_recipients")
+
+    @approver_email_recipients.setter
+    def approver_email_recipients(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "approver_email_recipients", value)
+
+
+@pulumi.input_type
+class EntitlementApprovalWorkflowManualApprovalsStepApproversArgs:
+    def __init__(__self__, *,
+                 principals: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] principals: Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1
+        """
+        pulumi.set(__self__, "principals", principals)
+
+    @property
+    @pulumi.getter
+    def principals(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1
+        """
+        return pulumi.get(self, "principals")
+
+    @principals.setter
+    def principals(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "principals", value)
+
+
+@pulumi.input_type
+class EntitlementEligibleUserArgs:
+    def __init__(__self__, *,
+                 principals: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] principals: Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at "https://cloud.google.com/iam/docs/principal-identifiers#v1"
+        """
+        pulumi.set(__self__, "principals", principals)
+
+    @property
+    @pulumi.getter
+    def principals(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at "https://cloud.google.com/iam/docs/principal-identifiers#v1"
+        """
+        return pulumi.get(self, "principals")
+
+    @principals.setter
+    def principals(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "principals", value)
+
+
+@pulumi.input_type
+class EntitlementPrivilegedAccessArgs:
+    def __init__(__self__, *,
+                 gcp_iam_access: pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs']):
+        """
+        :param pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs'] gcp_iam_access: GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "gcp_iam_access", gcp_iam_access)
+
+    @property
+    @pulumi.getter(name="gcpIamAccess")
+    def gcp_iam_access(self) -> pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs']:
+        """
+        GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "gcp_iam_access")
+
+    @gcp_iam_access.setter
+    def gcp_iam_access(self, value: pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessArgs']):
+        pulumi.set(self, "gcp_iam_access", value)
+
+
+@pulumi.input_type
+class EntitlementPrivilegedAccessGcpIamAccessArgs:
+    def __init__(__self__, *,
+                 resource: pulumi.Input[str],
+                 resource_type: pulumi.Input[str],
+                 role_bindings: pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]]):
+        """
+        :param pulumi.Input[str] resource: Name of the resource.
+        :param pulumi.Input[str] resource_type: The type of this resource.
+        :param pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]] role_bindings: Role bindings to be created on successful grant.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "resource", resource)
+        pulumi.set(__self__, "resource_type", resource_type)
+        pulumi.set(__self__, "role_bindings", role_bindings)
+
+    @property
+    @pulumi.getter
+    def resource(self) -> pulumi.Input[str]:
+        """
+        Name of the resource.
+        """
+        return pulumi.get(self, "resource")
+
+    @resource.setter
+    def resource(self, value: pulumi.Input[str]):
+        pulumi.set(self, "resource", value)
+
+    @property
+    @pulumi.getter(name="resourceType")
+    def resource_type(self) -> pulumi.Input[str]:
+        """
+        The type of this resource.
+        """
+        return pulumi.get(self, "resource_type")
+
+    @resource_type.setter
+    def resource_type(self, value: pulumi.Input[str]):
+        pulumi.set(self, "resource_type", value)
+
+    @property
+    @pulumi.getter(name="roleBindings")
+    def role_bindings(self) -> pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]]:
+        """
+        Role bindings to be created on successful grant.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "role_bindings")
+
+    @role_bindings.setter
+    def role_bindings(self, value: pulumi.Input[Sequence[pulumi.Input['EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs']]]):
+        pulumi.set(self, "role_bindings", value)
+
+
+@pulumi.input_type
+class EntitlementPrivilegedAccessGcpIamAccessRoleBindingArgs:
+    def __init__(__self__, *,
+                 role: pulumi.Input[str],
+                 condition_expression: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] role: IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.
+        :param pulumi.Input[str] condition_expression: The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request.
+               https://cloud.google.com/iam/docs/conditions-overview#attributes.
+        """
+        pulumi.set(__self__, "role", role)
+        if condition_expression is not None:
+            pulumi.set(__self__, "condition_expression", condition_expression)
+
+    @property
+    @pulumi.getter
+    def role(self) -> pulumi.Input[str]:
+        """
+        IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview.
+        """
+        return pulumi.get(self, "role")
+
+    @role.setter
+    def role(self, value: pulumi.Input[str]):
+        pulumi.set(self, "role", value)
+
+    @property
+    @pulumi.getter(name="conditionExpression")
+    def condition_expression(self) -> Optional[pulumi.Input[str]]:
+        """
+        The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request.
+        https://cloud.google.com/iam/docs/conditions-overview#attributes.
+        """
+        return pulumi.get(self, "condition_expression")
+
+    @condition_expression.setter
+    def condition_expression(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "condition_expression", value)
+
+
+@pulumi.input_type
+class EntitlementRequesterJustificationConfigArgs:
+    def __init__(__self__, *,
+                 not_mandatory: Optional[pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs']] = None,
+                 unstructured: Optional[pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs']] = None):
+        """
+        :param pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs'] not_mandatory: The justification is not mandatory but can be provided in any of the supported formats.
+        :param pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs'] unstructured: The requester has to provide a justification in the form of free flowing text.
+               
+               - - -
+        """
+        if not_mandatory is not None:
+            pulumi.set(__self__, "not_mandatory", not_mandatory)
+        if unstructured is not None:
+            pulumi.set(__self__, "unstructured", unstructured)
+
+    @property
+    @pulumi.getter(name="notMandatory")
+    def not_mandatory(self) -> Optional[pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs']]:
+        """
+        The justification is not mandatory but can be provided in any of the supported formats.
+        """
+        return pulumi.get(self, "not_mandatory")
+
+    @not_mandatory.setter
+    def not_mandatory(self, value: Optional[pulumi.Input['EntitlementRequesterJustificationConfigNotMandatoryArgs']]):
+        pulumi.set(self, "not_mandatory", value)
+
+    @property
+    @pulumi.getter
+    def unstructured(self) -> Optional[pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs']]:
+        """
+        The requester has to provide a justification in the form of free flowing text.
+
+        - - -
+        """
+        return pulumi.get(self, "unstructured")
+
+    @unstructured.setter
+    def unstructured(self, value: Optional[pulumi.Input['EntitlementRequesterJustificationConfigUnstructuredArgs']]):
+        pulumi.set(self, "unstructured", value)
+
+
+@pulumi.input_type
+class EntitlementRequesterJustificationConfigNotMandatoryArgs:
+    def __init__(__self__):
+        pass
+
+
+@pulumi.input_type
+class EntitlementRequesterJustificationConfigUnstructuredArgs:
+    def __init__(__self__):
+        pass
+
+