pulumi-gcp 7.23.0a1715621482__py3-none-any.whl → 7.23.0a1715808346__py3-none-any.whl

pulumi_gcp/compute/region_security_policy_rule.py

@@ -23,8 +23,10 @@ class RegionSecurityPolicyRuleArgs:
                  description: Optional[pulumi.Input[str]] = None,
                  match: Optional[pulumi.Input['RegionSecurityPolicyRuleMatchArgs']] = None,
                  network_match: Optional[pulumi.Input['RegionSecurityPolicyRuleNetworkMatchArgs']] = None,
+                 preconfigured_waf_config: Optional[pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']] = None,
                  preview: Optional[pulumi.Input[bool]] = None,
-                 project: Optional[pulumi.Input[str]] = None):
+                 project: Optional[pulumi.Input[str]] = None,
+                 rate_limit_options: Optional[pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs']] = None):
         """
         The set of arguments for constructing a RegionSecurityPolicyRule resource.
         :param pulumi.Input[str] action: The Action to perform when the rule is matched. The following are the valid actions:
@@ -54,9 +56,14 @@ class RegionSecurityPolicyRuleArgs:
                networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff"
                The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive
                Structure is documented below.
+        :param pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs'] preconfigured_waf_config: Preconfigured WAF configuration to be applied for the rule.
+               If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+               Structure is documented below.
         :param pulumi.Input[bool] preview: If set to true, the specified action is not enforced.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
+        :param pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs'] rate_limit_options: Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+               Structure is documented below.
         """
         pulumi.set(__self__, "action", action)
         pulumi.set(__self__, "priority", priority)
@@ -68,10 +75,14 @@ class RegionSecurityPolicyRuleArgs:
             pulumi.set(__self__, "match", match)
         if network_match is not None:
             pulumi.set(__self__, "network_match", network_match)
+        if preconfigured_waf_config is not None:
+            pulumi.set(__self__, "preconfigured_waf_config", preconfigured_waf_config)
         if preview is not None:
             pulumi.set(__self__, "preview", preview)
         if project is not None:
             pulumi.set(__self__, "project", project)
+        if rate_limit_options is not None:
+            pulumi.set(__self__, "rate_limit_options", rate_limit_options)
 
     @property
     @pulumi.getter
@@ -177,6 +188,20 @@ class RegionSecurityPolicyRuleArgs:
     def network_match(self, value: Optional[pulumi.Input['RegionSecurityPolicyRuleNetworkMatchArgs']]):
         pulumi.set(self, "network_match", value)
 
+    @property
+    @pulumi.getter(name="preconfiguredWafConfig")
+    def preconfigured_waf_config(self) -> Optional[pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]:
+        """
+        Preconfigured WAF configuration to be applied for the rule.
+        If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "preconfigured_waf_config")
+
+    @preconfigured_waf_config.setter
+    def preconfigured_waf_config(self, value: Optional[pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]):
+        pulumi.set(self, "preconfigured_waf_config", value)
+
     @property
     @pulumi.getter
     def preview(self) -> Optional[pulumi.Input[bool]]:
@@ -202,6 +227,19 @@ class RegionSecurityPolicyRuleArgs:
     def project(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "project", value)
 
+    @property
+    @pulumi.getter(name="rateLimitOptions")
+    def rate_limit_options(self) -> Optional[pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs']]:
+        """
+        Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "rate_limit_options")
+
+    @rate_limit_options.setter
+    def rate_limit_options(self, value: Optional[pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs']]):
+        pulumi.set(self, "rate_limit_options", value)
+
 
 @pulumi.input_type
 class _RegionSecurityPolicyRuleState:
@@ -210,9 +248,11 @@ class _RegionSecurityPolicyRuleState:
                  description: Optional[pulumi.Input[str]] = None,
                  match: Optional[pulumi.Input['RegionSecurityPolicyRuleMatchArgs']] = None,
                  network_match: Optional[pulumi.Input['RegionSecurityPolicyRuleNetworkMatchArgs']] = None,
+                 preconfigured_waf_config: Optional[pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']] = None,
                  preview: Optional[pulumi.Input[bool]] = None,
                  priority: Optional[pulumi.Input[int]] = None,
                  project: Optional[pulumi.Input[str]] = None,
+                 rate_limit_options: Optional[pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs']] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  security_policy: Optional[pulumi.Input[str]] = None):
         """
@@ -236,12 +276,17 @@ class _RegionSecurityPolicyRuleState:
                networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff"
                The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive
                Structure is documented below.
+        :param pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs'] preconfigured_waf_config: Preconfigured WAF configuration to be applied for the rule.
+               If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+               Structure is documented below.
         :param pulumi.Input[bool] preview: If set to true, the specified action is not enforced.
         :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
                The priority must be a positive value between 0 and 2147483647.
                Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
+        :param pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs'] rate_limit_options: Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+               Structure is documented below.
         :param pulumi.Input[str] region: The Region in which the created Region Security Policy rule should reside.
         :param pulumi.Input[str] security_policy: The name of the security policy this rule belongs to.
                
@@ -256,12 +301,16 @@ class _RegionSecurityPolicyRuleState:
             pulumi.set(__self__, "match", match)
         if network_match is not None:
             pulumi.set(__self__, "network_match", network_match)
+        if preconfigured_waf_config is not None:
+            pulumi.set(__self__, "preconfigured_waf_config", preconfigured_waf_config)
         if preview is not None:
             pulumi.set(__self__, "preview", preview)
         if priority is not None:
             pulumi.set(__self__, "priority", priority)
         if project is not None:
             pulumi.set(__self__, "project", project)
+        if rate_limit_options is not None:
+            pulumi.set(__self__, "rate_limit_options", rate_limit_options)
         if region is not None:
             pulumi.set(__self__, "region", region)
         if security_policy is not None:
@@ -330,6 +379,20 @@ class _RegionSecurityPolicyRuleState:
     def network_match(self, value: Optional[pulumi.Input['RegionSecurityPolicyRuleNetworkMatchArgs']]):
         pulumi.set(self, "network_match", value)
 
+    @property
+    @pulumi.getter(name="preconfiguredWafConfig")
+    def preconfigured_waf_config(self) -> Optional[pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]:
+        """
+        Preconfigured WAF configuration to be applied for the rule.
+        If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "preconfigured_waf_config")
+
+    @preconfigured_waf_config.setter
+    def preconfigured_waf_config(self, value: Optional[pulumi.Input['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]):
+        pulumi.set(self, "preconfigured_waf_config", value)
+
     @property
     @pulumi.getter
     def preview(self) -> Optional[pulumi.Input[bool]]:
@@ -369,6 +432,19 @@ class _RegionSecurityPolicyRuleState:
     def project(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "project", value)
 
+    @property
+    @pulumi.getter(name="rateLimitOptions")
+    def rate_limit_options(self) -> Optional[pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs']]:
+        """
+        Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "rate_limit_options")
+
+    @rate_limit_options.setter
+    def rate_limit_options(self, value: Optional[pulumi.Input['RegionSecurityPolicyRuleRateLimitOptionsArgs']]):
+        pulumi.set(self, "rate_limit_options", value)
+
     @property
     @pulumi.getter
     def region(self) -> Optional[pulumi.Input[str]]:
@@ -406,9 +482,11 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  match: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleMatchArgs']]] = None,
                  network_match: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleNetworkMatchArgs']]] = None,
+                 preconfigured_waf_config: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]] = None,
                  preview: Optional[pulumi.Input[bool]] = None,
                  priority: Optional[pulumi.Input[int]] = None,
                  project: Optional[pulumi.Input[str]] = None,
+                 rate_limit_options: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleRateLimitOptionsArgs']]] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  security_policy: Optional[pulumi.Input[str]] = None,
                  __props__=None):
@@ -481,6 +559,63 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
             action="allow",
             preview=True)
         ```
+        ### Region Security Policy Rule With Preconfigured Waf Config
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        default = gcp.compute.RegionSecurityPolicy("default",
+            region="asia-southeast1",
+            name="policyruletest",
+            description="basic region security policy",
+            type="CLOUD_ARMOR")
+        policy_rule = gcp.compute.RegionSecurityPolicyRule("policy_rule",
+            region="asia-southeast1",
+            security_policy=default.name,
+            description="new rule",
+            priority=100,
+            match=gcp.compute.RegionSecurityPolicyRuleMatchArgs(
+                versioned_expr="SRC_IPS_V1",
+                config=gcp.compute.RegionSecurityPolicyRuleMatchConfigArgs(
+                    src_ip_ranges=["10.10.0.0/16"],
+                ),
+            ),
+            preconfigured_waf_config=gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigArgs(
+                exclusions=[
+                    gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs(
+                        request_uris=[gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs(
+                            operator="STARTS_WITH",
+                            value="/admin",
+                        )],
+                        target_rule_set="rce-stable",
+                    ),
+                    gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs(
+                        request_query_params=[
+                            gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs(
+                                operator="CONTAINS",
+                                value="password",
+                            ),
+                            gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs(
+                                operator="STARTS_WITH",
+                                value="freeform",
+                            ),
+                            gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs(
+                                operator="EQUALS",
+                                value="description",
+                            ),
+                        ],
+                        target_rule_set="xss-stable",
+                        target_rule_ids=[
+                            "owasp-crs-v030001-id941330-xss",
+                            "owasp-crs-v030001-id941340-xss",
+                        ],
+                    ),
+                ],
+            ),
+            action="allow",
+            preview=True)
+        ```
         ### Region Security Policy Rule With Network Match
 
         ```python
@@ -581,12 +716,17 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
                networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff"
                The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive
                Structure is documented below.
+        :param pulumi.Input[pulumi.InputType['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']] preconfigured_waf_config: Preconfigured WAF configuration to be applied for the rule.
+               If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+               Structure is documented below.
         :param pulumi.Input[bool] preview: If set to true, the specified action is not enforced.
         :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
                The priority must be a positive value between 0 and 2147483647.
                Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
+        :param pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleRateLimitOptionsArgs']] rate_limit_options: Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+               Structure is documented below.
         :param pulumi.Input[str] region: The Region in which the created Region Security Policy rule should reside.
         :param pulumi.Input[str] security_policy: The name of the security policy this rule belongs to.
                
@@ -668,6 +808,63 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
             action="allow",
             preview=True)
         ```
+        ### Region Security Policy Rule With Preconfigured Waf Config
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        default = gcp.compute.RegionSecurityPolicy("default",
+            region="asia-southeast1",
+            name="policyruletest",
+            description="basic region security policy",
+            type="CLOUD_ARMOR")
+        policy_rule = gcp.compute.RegionSecurityPolicyRule("policy_rule",
+            region="asia-southeast1",
+            security_policy=default.name,
+            description="new rule",
+            priority=100,
+            match=gcp.compute.RegionSecurityPolicyRuleMatchArgs(
+                versioned_expr="SRC_IPS_V1",
+                config=gcp.compute.RegionSecurityPolicyRuleMatchConfigArgs(
+                    src_ip_ranges=["10.10.0.0/16"],
+                ),
+            ),
+            preconfigured_waf_config=gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigArgs(
+                exclusions=[
+                    gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs(
+                        request_uris=[gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs(
+                            operator="STARTS_WITH",
+                            value="/admin",
+                        )],
+                        target_rule_set="rce-stable",
+                    ),
+                    gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs(
+                        request_query_params=[
+                            gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs(
+                                operator="CONTAINS",
+                                value="password",
+                            ),
+                            gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs(
+                                operator="STARTS_WITH",
+                                value="freeform",
+                            ),
+                            gcp.compute.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs(
+                                operator="EQUALS",
+                                value="description",
+                            ),
+                        ],
+                        target_rule_set="xss-stable",
+                        target_rule_ids=[
+                            "owasp-crs-v030001-id941330-xss",
+                            "owasp-crs-v030001-id941340-xss",
+                        ],
+                    ),
+                ],
+            ),
+            action="allow",
+            preview=True)
+        ```
         ### Region Security Policy Rule With Network Match
 
         ```python
@@ -766,9 +963,11 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
                  description: Optional[pulumi.Input[str]] = None,
                  match: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleMatchArgs']]] = None,
                  network_match: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleNetworkMatchArgs']]] = None,
+                 preconfigured_waf_config: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]] = None,
                  preview: Optional[pulumi.Input[bool]] = None,
                  priority: Optional[pulumi.Input[int]] = None,
                  project: Optional[pulumi.Input[str]] = None,
+                 rate_limit_options: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleRateLimitOptionsArgs']]] = None,
                  region: Optional[pulumi.Input[str]] = None,
                  security_policy: Optional[pulumi.Input[str]] = None,
                  __props__=None):
@@ -786,11 +985,13 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
             __props__.__dict__["description"] = description
             __props__.__dict__["match"] = match
             __props__.__dict__["network_match"] = network_match
+            __props__.__dict__["preconfigured_waf_config"] = preconfigured_waf_config
             __props__.__dict__["preview"] = preview
             if priority is None and not opts.urn:
                 raise TypeError("Missing required property 'priority'")
             __props__.__dict__["priority"] = priority
             __props__.__dict__["project"] = project
+            __props__.__dict__["rate_limit_options"] = rate_limit_options
             if region is None and not opts.urn:
                 raise TypeError("Missing required property 'region'")
             __props__.__dict__["region"] = region
@@ -811,9 +1012,11 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
             description: Optional[pulumi.Input[str]] = None,
             match: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleMatchArgs']]] = None,
             network_match: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleNetworkMatchArgs']]] = None,
+            preconfigured_waf_config: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']]] = None,
             preview: Optional[pulumi.Input[bool]] = None,
             priority: Optional[pulumi.Input[int]] = None,
             project: Optional[pulumi.Input[str]] = None,
+            rate_limit_options: Optional[pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleRateLimitOptionsArgs']]] = None,
             region: Optional[pulumi.Input[str]] = None,
             security_policy: Optional[pulumi.Input[str]] = None) -> 'RegionSecurityPolicyRule':
         """
@@ -842,12 +1045,17 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
                networkMatch: srcIpRanges: - "192.0.2.0/24" - "198.51.100.0/24" userDefinedFields: - name: "ipv4_fragment_offset" values: - "1-0x1fff"
                The above match condition matches packets with a source IP in 192.0.2.0/24 or 198.51.100.0/24 and a user-defined field named "ipv4_fragment_offset" with a value between 1 and 0x1fff inclusive
                Structure is documented below.
+        :param pulumi.Input[pulumi.InputType['RegionSecurityPolicyRulePreconfiguredWafConfigArgs']] preconfigured_waf_config: Preconfigured WAF configuration to be applied for the rule.
+               If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+               Structure is documented below.
         :param pulumi.Input[bool] preview: If set to true, the specified action is not enforced.
         :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
                The priority must be a positive value between 0 and 2147483647.
                Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
+        :param pulumi.Input[pulumi.InputType['RegionSecurityPolicyRuleRateLimitOptionsArgs']] rate_limit_options: Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+               Structure is documented below.
         :param pulumi.Input[str] region: The Region in which the created Region Security Policy rule should reside.
         :param pulumi.Input[str] security_policy: The name of the security policy this rule belongs to.
                
@@ -862,9 +1070,11 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
         __props__.__dict__["description"] = description
         __props__.__dict__["match"] = match
         __props__.__dict__["network_match"] = network_match
+        __props__.__dict__["preconfigured_waf_config"] = preconfigured_waf_config
         __props__.__dict__["preview"] = preview
         __props__.__dict__["priority"] = priority
         __props__.__dict__["project"] = project
+        __props__.__dict__["rate_limit_options"] = rate_limit_options
         __props__.__dict__["region"] = region
         __props__.__dict__["security_policy"] = security_policy
         return RegionSecurityPolicyRule(resource_name, opts=opts, __props__=__props__)
@@ -916,6 +1126,16 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
         """
         return pulumi.get(self, "network_match")
 
+    @property
+    @pulumi.getter(name="preconfiguredWafConfig")
+    def preconfigured_waf_config(self) -> pulumi.Output[Optional['outputs.RegionSecurityPolicyRulePreconfiguredWafConfig']]:
+        """
+        Preconfigured WAF configuration to be applied for the rule.
+        If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "preconfigured_waf_config")
+
     @property
     @pulumi.getter
     def preview(self) -> pulumi.Output[Optional[bool]]:
@@ -943,6 +1163,15 @@ class RegionSecurityPolicyRule(pulumi.CustomResource):
         """
         return pulumi.get(self, "project")
 
+    @property
+    @pulumi.getter(name="rateLimitOptions")
+    def rate_limit_options(self) -> pulumi.Output[Optional['outputs.RegionSecurityPolicyRuleRateLimitOptions']]:
+        """
+        Must be specified if the action is "rate_based_ban" or "throttle". Cannot be specified for any other actions.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "rate_limit_options")
+
     @property
     @pulumi.getter
     def region(self) -> pulumi.Output[str]:

pulumi_gcp/container/_inputs.py

@@ -4551,14 +4551,18 @@ class ClusterDefaultSnatStatusArgs:
 @pulumi.input_type
 class ClusterDnsConfigArgs:
     def __init__(__self__, *,
+                 additive_vpc_scope_dns_domain: Optional[pulumi.Input[str]] = None,
                  cluster_dns: Optional[pulumi.Input[str]] = None,
                  cluster_dns_domain: Optional[pulumi.Input[str]] = None,
                  cluster_dns_scope: Optional[pulumi.Input[str]] = None):
         """
+        :param pulumi.Input[str] additive_vpc_scope_dns_domain: This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work `cluster_dns = "CLOUD_DNS"` and `cluster_dns_scope = "CLUSTER_SCOPE"` must both be set as well.
         :param pulumi.Input[str] cluster_dns: Which in-cluster DNS provider should be used. `PROVIDER_UNSPECIFIED` (default) or `PLATFORM_DEFAULT` or `CLOUD_DNS`.
         :param pulumi.Input[str] cluster_dns_domain: The suffix used for all cluster service records.
         :param pulumi.Input[str] cluster_dns_scope: The scope of access to cluster DNS records. `DNS_SCOPE_UNSPECIFIED` (default) or `CLUSTER_SCOPE` or `VPC_SCOPE`.
         """
+        if additive_vpc_scope_dns_domain is not None:
+            pulumi.set(__self__, "additive_vpc_scope_dns_domain", additive_vpc_scope_dns_domain)
         if cluster_dns is not None:
             pulumi.set(__self__, "cluster_dns", cluster_dns)
         if cluster_dns_domain is not None:
@@ -4566,6 +4570,18 @@ class ClusterDnsConfigArgs:
         if cluster_dns_scope is not None:
             pulumi.set(__self__, "cluster_dns_scope", cluster_dns_scope)
 
+    @property
+    @pulumi.getter(name="additiveVpcScopeDnsDomain")
+    def additive_vpc_scope_dns_domain(self) -> Optional[pulumi.Input[str]]:
+        """
+        This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work `cluster_dns = "CLOUD_DNS"` and `cluster_dns_scope = "CLUSTER_SCOPE"` must both be set as well.
+        """
+        return pulumi.get(self, "additive_vpc_scope_dns_domain")
+
+    @additive_vpc_scope_dns_domain.setter
+    def additive_vpc_scope_dns_domain(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "additive_vpc_scope_dns_domain", value)
+
     @property
     @pulumi.getter(name="clusterDns")
     def cluster_dns(self) -> Optional[pulumi.Input[str]]:
@@ -6445,11 +6461,15 @@ class ClusterNodeConfigArgs:
 @pulumi.input_type
 class ClusterNodeConfigAdvancedMachineFeaturesArgs:
     def __init__(__self__, *,
-                 threads_per_core: pulumi.Input[int]):
+                 threads_per_core: pulumi.Input[int],
+                 enable_nested_virtualization: Optional[pulumi.Input[bool]] = None):
         """
         :param pulumi.Input[int] threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
+        :param pulumi.Input[bool] enable_nested_virtualization: Defines whether the instance should have nested virtualization enabled. Defaults to false.
         """
         pulumi.set(__self__, "threads_per_core", threads_per_core)
+        if enable_nested_virtualization is not None:
+            pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
 
     @property
     @pulumi.getter(name="threadsPerCore")
@@ -6463,6 +6483,18 @@ class ClusterNodeConfigAdvancedMachineFeaturesArgs:
     def threads_per_core(self, value: pulumi.Input[int]):
         pulumi.set(self, "threads_per_core", value)
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Defines whether the instance should have nested virtualization enabled. Defaults to false.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
+    @enable_nested_virtualization.setter
+    def enable_nested_virtualization(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enable_nested_virtualization", value)
+
 
 @pulumi.input_type
 class ClusterNodeConfigConfidentialNodesArgs:
@@ -8949,11 +8981,15 @@ class ClusterNodePoolNodeConfigArgs:
 @pulumi.input_type
 class ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs:
     def __init__(__self__, *,
-                 threads_per_core: pulumi.Input[int]):
+                 threads_per_core: pulumi.Input[int],
+                 enable_nested_virtualization: Optional[pulumi.Input[bool]] = None):
         """
         :param pulumi.Input[int] threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
+        :param pulumi.Input[bool] enable_nested_virtualization: Defines whether the instance should have nested virtualization enabled. Defaults to false.
         """
         pulumi.set(__self__, "threads_per_core", threads_per_core)
+        if enable_nested_virtualization is not None:
+            pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
 
     @property
     @pulumi.getter(name="threadsPerCore")
@@ -8967,6 +9003,18 @@ class ClusterNodePoolNodeConfigAdvancedMachineFeaturesArgs:
     def threads_per_core(self, value: pulumi.Input[int]):
         pulumi.set(self, "threads_per_core", value)
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Defines whether the instance should have nested virtualization enabled. Defaults to false.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
+    @enable_nested_virtualization.setter
+    def enable_nested_virtualization(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enable_nested_virtualization", value)
+
 
 @pulumi.input_type
 class ClusterNodePoolNodeConfigConfidentialNodesArgs:
@@ -11812,11 +11860,15 @@ class NodePoolNodeConfigArgs:
 @pulumi.input_type
 class NodePoolNodeConfigAdvancedMachineFeaturesArgs:
     def __init__(__self__, *,
-                 threads_per_core: pulumi.Input[int]):
+                 threads_per_core: pulumi.Input[int],
+                 enable_nested_virtualization: Optional[pulumi.Input[bool]] = None):
         """
         :param pulumi.Input[int] threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
+        :param pulumi.Input[bool] enable_nested_virtualization: Whether the node should have nested virtualization enabled.
         """
         pulumi.set(__self__, "threads_per_core", threads_per_core)
+        if enable_nested_virtualization is not None:
+            pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
 
     @property
     @pulumi.getter(name="threadsPerCore")
@@ -11830,6 +11882,18 @@ class NodePoolNodeConfigAdvancedMachineFeaturesArgs:
     def threads_per_core(self, value: pulumi.Input[int]):
         pulumi.set(self, "threads_per_core", value)
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether the node should have nested virtualization enabled.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
+    @enable_nested_virtualization.setter
+    def enable_nested_virtualization(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enable_nested_virtualization", value)
+
 
 @pulumi.input_type
 class NodePoolNodeConfigConfidentialNodesArgs: