pulumi-gcp 7.23.0a1715621482__py3-none-any.whl → 7.23.0a1715808346__py3-none-any.whl

pulumi_gcp/container/outputs.py

@@ -5122,7 +5122,9 @@ class ClusterDnsConfig(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "clusterDns":
+        if key == "additiveVpcScopeDnsDomain":
+            suggest = "additive_vpc_scope_dns_domain"
+        elif key == "clusterDns":
             suggest = "cluster_dns"
         elif key == "clusterDnsDomain":
             suggest = "cluster_dns_domain"
@@ -5141,14 +5143,18 @@ class ClusterDnsConfig(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
+                 additive_vpc_scope_dns_domain: Optional[str] = None,
                  cluster_dns: Optional[str] = None,
                  cluster_dns_domain: Optional[str] = None,
                  cluster_dns_scope: Optional[str] = None):
         """
+        :param str additive_vpc_scope_dns_domain: This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work `cluster_dns = "CLOUD_DNS"` and `cluster_dns_scope = "CLUSTER_SCOPE"` must both be set as well.
         :param str cluster_dns: Which in-cluster DNS provider should be used. `PROVIDER_UNSPECIFIED` (default) or `PLATFORM_DEFAULT` or `CLOUD_DNS`.
         :param str cluster_dns_domain: The suffix used for all cluster service records.
         :param str cluster_dns_scope: The scope of access to cluster DNS records. `DNS_SCOPE_UNSPECIFIED` (default) or `CLUSTER_SCOPE` or `VPC_SCOPE`.
         """
+        if additive_vpc_scope_dns_domain is not None:
+            pulumi.set(__self__, "additive_vpc_scope_dns_domain", additive_vpc_scope_dns_domain)
         if cluster_dns is not None:
             pulumi.set(__self__, "cluster_dns", cluster_dns)
         if cluster_dns_domain is not None:
@@ -5156,6 +5162,14 @@ class ClusterDnsConfig(dict):
         if cluster_dns_scope is not None:
             pulumi.set(__self__, "cluster_dns_scope", cluster_dns_scope)
 
+    @property
+    @pulumi.getter(name="additiveVpcScopeDnsDomain")
+    def additive_vpc_scope_dns_domain(self) -> Optional[str]:
+        """
+        This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work `cluster_dns = "CLOUD_DNS"` and `cluster_dns_scope = "CLUSTER_SCOPE"` must both be set as well.
+        """
+        return pulumi.get(self, "additive_vpc_scope_dns_domain")
+
     @property
     @pulumi.getter(name="clusterDns")
     def cluster_dns(self) -> Optional[str]:
@@ -7065,6 +7079,8 @@ class ClusterNodeConfigAdvancedMachineFeatures(dict):
         suggest = None
         if key == "threadsPerCore":
             suggest = "threads_per_core"
+        elif key == "enableNestedVirtualization":
+            suggest = "enable_nested_virtualization"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in ClusterNodeConfigAdvancedMachineFeatures. Access the value via the '{suggest}' property getter instead.")
@@ -7078,11 +7094,15 @@ class ClusterNodeConfigAdvancedMachineFeatures(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 threads_per_core: int):
+                 threads_per_core: int,
+                 enable_nested_virtualization: Optional[bool] = None):
         """
         :param int threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
+        :param bool enable_nested_virtualization: Defines whether the instance should have nested virtualization enabled. Defaults to false.
         """
         pulumi.set(__self__, "threads_per_core", threads_per_core)
+        if enable_nested_virtualization is not None:
+            pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
 
     @property
     @pulumi.getter(name="threadsPerCore")
@@ -7092,6 +7112,14 @@ class ClusterNodeConfigAdvancedMachineFeatures(dict):
         """
         return pulumi.get(self, "threads_per_core")
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> Optional[bool]:
+        """
+        Defines whether the instance should have nested virtualization enabled. Defaults to false.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
 
 @pulumi.output_type
 class ClusterNodeConfigConfidentialNodes(dict):
@@ -9618,6 +9646,8 @@ class ClusterNodePoolNodeConfigAdvancedMachineFeatures(dict):
         suggest = None
         if key == "threadsPerCore":
             suggest = "threads_per_core"
+        elif key == "enableNestedVirtualization":
+            suggest = "enable_nested_virtualization"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in ClusterNodePoolNodeConfigAdvancedMachineFeatures. Access the value via the '{suggest}' property getter instead.")
@@ -9631,11 +9661,15 @@ class ClusterNodePoolNodeConfigAdvancedMachineFeatures(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 threads_per_core: int):
+                 threads_per_core: int,
+                 enable_nested_virtualization: Optional[bool] = None):
         """
         :param int threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
+        :param bool enable_nested_virtualization: Defines whether the instance should have nested virtualization enabled. Defaults to false.
         """
         pulumi.set(__self__, "threads_per_core", threads_per_core)
+        if enable_nested_virtualization is not None:
+            pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
 
     @property
     @pulumi.getter(name="threadsPerCore")
@@ -9645,6 +9679,14 @@ class ClusterNodePoolNodeConfigAdvancedMachineFeatures(dict):
         """
         return pulumi.get(self, "threads_per_core")
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> Optional[bool]:
+        """
+        Defines whether the instance should have nested virtualization enabled. Defaults to false.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
 
 @pulumi.output_type
 class ClusterNodePoolNodeConfigConfidentialNodes(dict):
@@ -12620,6 +12662,8 @@ class NodePoolNodeConfigAdvancedMachineFeatures(dict):
         suggest = None
         if key == "threadsPerCore":
             suggest = "threads_per_core"
+        elif key == "enableNestedVirtualization":
+            suggest = "enable_nested_virtualization"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in NodePoolNodeConfigAdvancedMachineFeatures. Access the value via the '{suggest}' property getter instead.")
@@ -12633,11 +12677,15 @@ class NodePoolNodeConfigAdvancedMachineFeatures(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 threads_per_core: int):
+                 threads_per_core: int,
+                 enable_nested_virtualization: Optional[bool] = None):
         """
         :param int threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
+        :param bool enable_nested_virtualization: Whether the node should have nested virtualization enabled.
         """
         pulumi.set(__self__, "threads_per_core", threads_per_core)
+        if enable_nested_virtualization is not None:
+            pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
 
     @property
     @pulumi.getter(name="threadsPerCore")
@@ -12647,6 +12695,14 @@ class NodePoolNodeConfigAdvancedMachineFeatures(dict):
         """
         return pulumi.get(self, "threads_per_core")
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> Optional[bool]:
+        """
+        Whether the node should have nested virtualization enabled.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
 
 @pulumi.output_type
 class NodePoolNodeConfigConfidentialNodes(dict):
@@ -14730,18 +14786,29 @@ class GetClusterDefaultSnatStatusResult(dict):
 @pulumi.output_type
 class GetClusterDnsConfigResult(dict):
     def __init__(__self__, *,
+                 additive_vpc_scope_dns_domain: str,
                  cluster_dns: str,
                  cluster_dns_domain: str,
                  cluster_dns_scope: str):
         """
+        :param str additive_vpc_scope_dns_domain: Enable additive VPC scope DNS in a GKE cluster.
         :param str cluster_dns: Which in-cluster DNS provider should be used.
         :param str cluster_dns_domain: The suffix used for all cluster service records.
         :param str cluster_dns_scope: The scope of access to cluster DNS records.
         """
+        pulumi.set(__self__, "additive_vpc_scope_dns_domain", additive_vpc_scope_dns_domain)
         pulumi.set(__self__, "cluster_dns", cluster_dns)
         pulumi.set(__self__, "cluster_dns_domain", cluster_dns_domain)
         pulumi.set(__self__, "cluster_dns_scope", cluster_dns_scope)
 
+    @property
+    @pulumi.getter(name="additiveVpcScopeDnsDomain")
+    def additive_vpc_scope_dns_domain(self) -> str:
+        """
+        Enable additive VPC scope DNS in a GKE cluster.
+        """
+        return pulumi.get(self, "additive_vpc_scope_dns_domain")
+
     @property
     @pulumi.getter(name="clusterDns")
     def cluster_dns(self) -> str:
@@ -15870,12 +15937,23 @@ class GetClusterNodeConfigResult(dict):
 @pulumi.output_type
 class GetClusterNodeConfigAdvancedMachineFeatureResult(dict):
     def __init__(__self__, *,
+                 enable_nested_virtualization: bool,
                  threads_per_core: int):
         """
+        :param bool enable_nested_virtualization: Whether the node should have nested virtualization enabled.
         :param int threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
         """
+        pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
         pulumi.set(__self__, "threads_per_core", threads_per_core)
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> bool:
+        """
+        Whether the node should have nested virtualization enabled.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
     @property
     @pulumi.getter(name="threadsPerCore")
     def threads_per_core(self) -> int:
@@ -17505,12 +17583,23 @@ class GetClusterNodePoolNodeConfigResult(dict):
 @pulumi.output_type
 class GetClusterNodePoolNodeConfigAdvancedMachineFeatureResult(dict):
     def __init__(__self__, *,
+                 enable_nested_virtualization: bool,
                  threads_per_core: int):
         """
+        :param bool enable_nested_virtualization: Whether the node should have nested virtualization enabled.
         :param int threads_per_core: The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.
         """
+        pulumi.set(__self__, "enable_nested_virtualization", enable_nested_virtualization)
         pulumi.set(__self__, "threads_per_core", threads_per_core)
 
+    @property
+    @pulumi.getter(name="enableNestedVirtualization")
+    def enable_nested_virtualization(self) -> bool:
+        """
+        Whether the node should have nested virtualization enabled.
+        """
+        return pulumi.get(self, "enable_nested_virtualization")
+
     @property
     @pulumi.getter(name="threadsPerCore")
     def threads_per_core(self) -> int:

pulumi_gcp/dataflow/flex_template_job.py

@@ -71,7 +71,7 @@ class FlexTemplateJobArgs:
                provided, the provider project is used.
         :param pulumi.Input[str] region: Immutable. The region in which the created job should run.
         :param pulumi.Input[str] sdk_container_image: Docker registry location of container image to use for the 'worker harness. Default is the container for the version of the SDK. Note this field is only valid for portable pipelines.
-        :param pulumi.Input[str] service_account_email: Service account email to run the workers as.
+        :param pulumi.Input[str] service_account_email: Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[str] staging_location: The Cloud Storage path to use for staging files. Must be a valid Cloud Storage URL, beginning with gs://.
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK".
         :param pulumi.Input[str] temp_location: The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.
@@ -358,7 +358,7 @@ class FlexTemplateJobArgs:
     @pulumi.getter(name="serviceAccountEmail")
     def service_account_email(self) -> Optional[pulumi.Input[str]]:
         """
-        Service account email to run the workers as.
+        Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         """
         return pulumi.get(self, "service_account_email")
 
@@ -491,7 +491,7 @@ class _FlexTemplateJobState:
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource and default labels configured on the provider.
         :param pulumi.Input[str] region: Immutable. The region in which the created job should run.
         :param pulumi.Input[str] sdk_container_image: Docker registry location of container image to use for the 'worker harness. Default is the container for the version of the SDK. Note this field is only valid for portable pipelines.
-        :param pulumi.Input[str] service_account_email: Service account email to run the workers as.
+        :param pulumi.Input[str] service_account_email: Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[str] staging_location: The Cloud Storage path to use for staging files. Must be a valid Cloud Storage URL, beginning with gs://.
         :param pulumi.Input[str] state: The current state of the resource, selected from the [JobState enum](https://cloud.google.com/dataflow/docs/reference/rest/v1b3/projects.jobs#Job.JobState)
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK".
@@ -824,7 +824,7 @@ class _FlexTemplateJobState:
     @pulumi.getter(name="serviceAccountEmail")
     def service_account_email(self) -> Optional[pulumi.Input[str]]:
         """
-        Service account email to run the workers as.
+        Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         """
         return pulumi.get(self, "service_account_email")
 
@@ -1050,7 +1050,7 @@ class FlexTemplateJob(pulumi.CustomResource):
                provided, the provider project is used.
         :param pulumi.Input[str] region: Immutable. The region in which the created job should run.
         :param pulumi.Input[str] sdk_container_image: Docker registry location of container image to use for the 'worker harness. Default is the container for the version of the SDK. Note this field is only valid for portable pipelines.
-        :param pulumi.Input[str] service_account_email: Service account email to run the workers as.
+        :param pulumi.Input[str] service_account_email: Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[str] staging_location: The Cloud Storage path to use for staging files. Must be a valid Cloud Storage URL, beginning with gs://.
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK".
         :param pulumi.Input[str] temp_location: The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.
@@ -1295,7 +1295,7 @@ class FlexTemplateJob(pulumi.CustomResource):
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource and default labels configured on the provider.
         :param pulumi.Input[str] region: Immutable. The region in which the created job should run.
         :param pulumi.Input[str] sdk_container_image: Docker registry location of container image to use for the 'worker harness. Default is the container for the version of the SDK. Note this field is only valid for portable pipelines.
-        :param pulumi.Input[str] service_account_email: Service account email to run the workers as.
+        :param pulumi.Input[str] service_account_email: Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[str] staging_location: The Cloud Storage path to use for staging files. Must be a valid Cloud Storage URL, beginning with gs://.
         :param pulumi.Input[str] state: The current state of the resource, selected from the [JobState enum](https://cloud.google.com/dataflow/docs/reference/rest/v1b3/projects.jobs#Job.JobState)
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK".
@@ -1520,7 +1520,7 @@ class FlexTemplateJob(pulumi.CustomResource):
     @pulumi.getter(name="serviceAccountEmail")
     def service_account_email(self) -> pulumi.Output[str]:
         """
-        Service account email to run the workers as.
+        Service account email to run the workers as. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         """
         return pulumi.get(self, "service_account_email")
 

pulumi_gcp/dataflow/job.py

@@ -57,7 +57,7 @@ class JobArgs:
                **Note**: do not configure Dataflow options here in parameters.
         :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used.
         :param pulumi.Input[str] region: The region in which the created job should run.
-        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job.
+        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[bool] skip_wait_on_job_termination: If set to `true`, Pulumi will treat `DRAINING` and `CANCELLING` as terminal states when deleting the resource, and will remove the resource from Pulumi state and move on.  See above note.
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK". If the [subnetwork is located in a Shared VPC network](https://cloud.google.com/dataflow/docs/guides/specifying-networks#shared), you must use the complete URL. For example `"googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET_NAME"`
         :param pulumi.Input[Mapping[str, Any]] transform_name_mapping: Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job. This field is not used outside of update.
@@ -292,7 +292,7 @@ class JobArgs:
     @pulumi.getter(name="serviceAccountEmail")
     def service_account_email(self) -> Optional[pulumi.Input[str]]:
         """
-        The Service Account email used to create the job.
+        The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         """
         return pulumi.get(self, "service_account_email")
 
@@ -399,7 +399,7 @@ class _JobState:
         :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource and default labels configured on the provider.
         :param pulumi.Input[str] region: The region in which the created job should run.
-        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job.
+        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[bool] skip_wait_on_job_termination: If set to `true`, Pulumi will treat `DRAINING` and `CANCELLING` as terminal states when deleting the resource, and will remove the resource from Pulumi state and move on.  See above note.
         :param pulumi.Input[str] state: The current state of the resource, selected from the [JobState enum](https://cloud.google.com/dataflow/docs/reference/rest/v1b3/projects.jobs#Job.JobState)
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK". If the [subnetwork is located in a Shared VPC network](https://cloud.google.com/dataflow/docs/guides/specifying-networks#shared), you must use the complete URL. For example `"googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET_NAME"`
@@ -662,7 +662,7 @@ class _JobState:
     @pulumi.getter(name="serviceAccountEmail")
     def service_account_email(self) -> Optional[pulumi.Input[str]]:
         """
-        The Service Account email used to create the job.
+        The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         """
         return pulumi.get(self, "service_account_email")
 
@@ -913,7 +913,7 @@ class Job(pulumi.CustomResource):
                **Note**: do not configure Dataflow options here in parameters.
         :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used.
         :param pulumi.Input[str] region: The region in which the created job should run.
-        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job.
+        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[bool] skip_wait_on_job_termination: If set to `true`, Pulumi will treat `DRAINING` and `CANCELLING` as terminal states when deleting the resource, and will remove the resource from Pulumi state and move on.  See above note.
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK". If the [subnetwork is located in a Shared VPC network](https://cloud.google.com/dataflow/docs/guides/specifying-networks#shared), you must use the complete URL. For example `"googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET_NAME"`
         :param pulumi.Input[str] temp_gcs_location: A writeable location on GCS for the Dataflow job to dump its temporary data.
@@ -1165,7 +1165,7 @@ class Job(pulumi.CustomResource):
         :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource and default labels configured on the provider.
         :param pulumi.Input[str] region: The region in which the created job should run.
-        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job.
+        :param pulumi.Input[str] service_account_email: The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         :param pulumi.Input[bool] skip_wait_on_job_termination: If set to `true`, Pulumi will treat `DRAINING` and `CANCELLING` as terminal states when deleting the resource, and will remove the resource from Pulumi state and move on.  See above note.
         :param pulumi.Input[str] state: The current state of the resource, selected from the [JobState enum](https://cloud.google.com/dataflow/docs/reference/rest/v1b3/projects.jobs#Job.JobState)
         :param pulumi.Input[str] subnetwork: The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK". If the [subnetwork is located in a Shared VPC network](https://cloud.google.com/dataflow/docs/guides/specifying-networks#shared), you must use the complete URL. For example `"googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/subnetworks/SUBNET_NAME"`
@@ -1344,7 +1344,7 @@ class Job(pulumi.CustomResource):
     @pulumi.getter(name="serviceAccountEmail")
     def service_account_email(self) -> pulumi.Output[Optional[str]]:
         """
-        The Service Account email used to create the job.
+        The Service Account email used to create the job. This should be just an email e.g. `myserviceaccount@myproject.iam.gserviceaccount.com`. Do not include any `serviceAccount:` or other prefix.
         """
         return pulumi.get(self, "service_account_email")
 

pulumi_gcp/iam/_inputs.py

@@ -18,6 +18,10 @@ __all__ = [
     'DenyPolicyRuleDenyRuleDenialConditionArgs',
     'WorkforcePoolAccessRestrictionsArgs',
     'WorkforcePoolAccessRestrictionsAllowedServiceArgs',
+    'WorkforcePoolProviderExtraAttributesOauth2ClientArgs',
+    'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs',
+    'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs',
+    'WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs',
     'WorkforcePoolProviderOidcArgs',
     'WorkforcePoolProviderOidcClientSecretArgs',
     'WorkforcePoolProviderOidcClientSecretValueArgs',
@@ -494,6 +498,189 @@ class WorkforcePoolAccessRestrictionsAllowedServiceArgs:
         pulumi.set(self, "domain", value)
 
 
+@pulumi.input_type
+class WorkforcePoolProviderExtraAttributesOauth2ClientArgs:
+    def __init__(__self__, *,
+                 attributes_type: pulumi.Input[str],
+                 client_id: pulumi.Input[str],
+                 client_secret: pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs'],
+                 issuer_uri: pulumi.Input[str],
+                 query_parameters: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs']] = None):
+        """
+        :param pulumi.Input[str] attributes_type: Represents the IdP and type of claims that should be fetched.
+               * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
+               in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
+               See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
+               'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+        :param pulumi.Input[str] client_id: The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
+        :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs'] client_secret: The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
+        :param pulumi.Input[str] issuer_uri: The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
+        :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs'] query_parameters: Represents the parameters to control which claims are fetched from an IdP.
+        """
+        pulumi.set(__self__, "attributes_type", attributes_type)
+        pulumi.set(__self__, "client_id", client_id)
+        pulumi.set(__self__, "client_secret", client_secret)
+        pulumi.set(__self__, "issuer_uri", issuer_uri)
+        if query_parameters is not None:
+            pulumi.set(__self__, "query_parameters", query_parameters)
+
+    @property
+    @pulumi.getter(name="attributesType")
+    def attributes_type(self) -> pulumi.Input[str]:
+        """
+        Represents the IdP and type of claims that should be fetched.
+        * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
+        in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
+        See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
+        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+        """
+        return pulumi.get(self, "attributes_type")
+
+    @attributes_type.setter
+    def attributes_type(self, value: pulumi.Input[str]):
+        pulumi.set(self, "attributes_type", value)
+
+    @property
+    @pulumi.getter(name="clientId")
+    def client_id(self) -> pulumi.Input[str]:
+        """
+        The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
+        """
+        return pulumi.get(self, "client_id")
+
+    @client_id.setter
+    def client_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "client_id", value)
+
+    @property
+    @pulumi.getter(name="clientSecret")
+    def client_secret(self) -> pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs']:
+        """
+        The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
+        """
+        return pulumi.get(self, "client_secret")
+
+    @client_secret.setter
+    def client_secret(self, value: pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs']):
+        pulumi.set(self, "client_secret", value)
+
+    @property
+    @pulumi.getter(name="issuerUri")
+    def issuer_uri(self) -> pulumi.Input[str]:
+        """
+        The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
+        """
+        return pulumi.get(self, "issuer_uri")
+
+    @issuer_uri.setter
+    def issuer_uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "issuer_uri", value)
+
+    @property
+    @pulumi.getter(name="queryParameters")
+    def query_parameters(self) -> Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs']]:
+        """
+        Represents the parameters to control which claims are fetched from an IdP.
+        """
+        return pulumi.get(self, "query_parameters")
+
+    @query_parameters.setter
+    def query_parameters(self, value: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs']]):
+        pulumi.set(self, "query_parameters", value)
+
+
+@pulumi.input_type
+class WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs:
+    def __init__(__self__, *,
+                 value: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs']] = None):
+        """
+        :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs'] value: The value of the client secret.
+               Structure is documented below.
+        """
+        if value is not None:
+            pulumi.set(__self__, "value", value)
+
+    @property
+    @pulumi.getter
+    def value(self) -> Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs']]:
+        """
+        The value of the client secret.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "value")
+
+    @value.setter
+    def value(self, value: Optional[pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs']]):
+        pulumi.set(self, "value", value)
+
+
+@pulumi.input_type
+class WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretValueArgs:
+    def __init__(__self__, *,
+                 plain_text: pulumi.Input[str],
+                 thumbprint: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] plain_text: The plain text of the client secret value.
+        :param pulumi.Input[str] thumbprint: (Output)
+               A thumbprint to represent the current client secret value.
+        """
+        pulumi.set(__self__, "plain_text", plain_text)
+        if thumbprint is not None:
+            pulumi.set(__self__, "thumbprint", thumbprint)
+
+    @property
+    @pulumi.getter(name="plainText")
+    def plain_text(self) -> pulumi.Input[str]:
+        """
+        The plain text of the client secret value.
+        """
+        return pulumi.get(self, "plain_text")
+
+    @plain_text.setter
+    def plain_text(self, value: pulumi.Input[str]):
+        pulumi.set(self, "plain_text", value)
+
+    @property
+    @pulumi.getter
+    def thumbprint(self) -> Optional[pulumi.Input[str]]:
+        """
+        (Output)
+        A thumbprint to represent the current client secret value.
+        """
+        return pulumi.get(self, "thumbprint")
+
+    @thumbprint.setter
+    def thumbprint(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "thumbprint", value)
+
+
+@pulumi.input_type
+class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs:
+    def __init__(__self__, *,
+                 filter: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] filter: The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+               filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
+               groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+        """
+        if filter is not None:
+            pulumi.set(__self__, "filter", filter)
+
+    @property
+    @pulumi.getter
+    def filter(self) -> Optional[pulumi.Input[str]]:
+        """
+        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+        filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
+        groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+        """
+        return pulumi.get(self, "filter")
+
+    @filter.setter
+    def filter(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "filter", value)
+
+
 @pulumi.input_type
 class WorkforcePoolProviderOidcArgs:
     def __init__(__self__, *,
@@ -659,7 +846,6 @@ class WorkforcePoolProviderOidcClientSecretValueArgs:
                  thumbprint: Optional[pulumi.Input[str]] = None):
         """
         :param pulumi.Input[str] plain_text: The plain text of the client secret value.
-               **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[str] thumbprint: (Output)
                A thumbprint to represent the current client secret value.
         """
@@ -672,7 +858,6 @@ class WorkforcePoolProviderOidcClientSecretValueArgs:
     def plain_text(self) -> pulumi.Input[str]:
         """
         The plain text of the client secret value.
-        **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "plain_text")
 
@@ -712,6 +897,8 @@ class WorkforcePoolProviderOidcWebSsoConfigArgs:
                Possible values are: `CODE`, `ID_TOKEN`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] additional_scopes: Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
                Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
+               
+               <a name="nested_extra_attributes_oauth2_client"></a>The `extra_attributes_oauth2_client` block supports:
         """
         pulumi.set(__self__, "assertion_claims_behavior", assertion_claims_behavior)
         pulumi.set(__self__, "response_type", response_type)
@@ -755,6 +942,8 @@ class WorkforcePoolProviderOidcWebSsoConfigArgs:
         """
         Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested.
         Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.
+
+        <a name="nested_extra_attributes_oauth2_client"></a>The `extra_attributes_oauth2_client` block supports:
         """
         return pulumi.get(self, "additional_scopes")