pulumi-gcp 7.23.0a1715695885__py3-none-any.whl → 7.24.0__py3-none-any.whl

pulumi_gcp/compute/outputs.py

@@ -182,6 +182,10 @@ __all__ = [
     'InstanceTemplateServiceAccount',
     'InstanceTemplateShieldedInstanceConfig',
     'InterconnectAttachmentPrivateInterconnectInfo',
+    'InterconnectCircuitInfo',
+    'InterconnectExpectedOutage',
+    'InterconnectMacsec',
+    'InterconnectMacsecPreSharedKey',
     'MachineImageIamBindingCondition',
     'MachineImageIamMemberCondition',
     'MachineImageMachineImageEncryptionKey',
@@ -310,8 +314,19 @@ __all__ = [
     'RegionSecurityPolicyDdosProtectionConfig',
     'RegionSecurityPolicyRuleMatch',
     'RegionSecurityPolicyRuleMatchConfig',
+    'RegionSecurityPolicyRuleMatchExpr',
     'RegionSecurityPolicyRuleNetworkMatch',
     'RegionSecurityPolicyRuleNetworkMatchUserDefinedField',
+    'RegionSecurityPolicyRulePreconfiguredWafConfig',
+    'RegionSecurityPolicyRulePreconfiguredWafConfigExclusion',
+    'RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky',
+    'RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader',
+    'RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam',
+    'RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri',
+    'RegionSecurityPolicyRuleRateLimitOptions',
+    'RegionSecurityPolicyRuleRateLimitOptionsBanThreshold',
+    'RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig',
+    'RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold',
     'RegionSecurityPolicyUserDefinedField',
     'RegionUrlMapDefaultRouteAction',
     'RegionUrlMapDefaultRouteActionCorsPolicy',
@@ -3111,6 +3126,25 @@ class BackendServiceLocalityLbPolicyPolicy(dict):
                Note that specifying the same policy more than once for a backend is
                not a valid configuration and will be rejected.
                The possible values are:
+               * `ROUND_ROBIN`: This is a simple policy in which each healthy backend
+               is selected in round robin order.
+               * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy
+               hosts and picks the host which has fewer active requests.
+               * `RING_HASH`: The ring/modulo hash load balancer implements consistent
+               hashing to backends. The algorithm has the property that the
+               addition/removal of a host from a set of N hosts only affects
+               1/N of the requests.
+               * `RANDOM`: The load balancer selects a random healthy host.
+               * `ORIGINAL_DESTINATION`: Backend host is selected based on the client
+               connection metadata, i.e., connections are opened
+               to the same address as the destination address of
+               the incoming connection before the connection
+               was redirected to the load balancer.
+               * `MAGLEV`: used as a drop in replacement for the ring hash load balancer.
+               Maglev is not as stable as ring hash but has faster table lookup
+               build times and host selection times. For more information about
+               Maglev, refer to https://ai.google/research/pubs/pub44824
+               Possible values are: `ROUND_ROBIN`, `LEAST_REQUEST`, `RING_HASH`, `RANDOM`, `ORIGINAL_DESTINATION`, `MAGLEV`.
         """
         pulumi.set(__self__, "name", name)
 
@@ -3126,6 +3160,25 @@ class BackendServiceLocalityLbPolicyPolicy(dict):
         Note that specifying the same policy more than once for a backend is
         not a valid configuration and will be rejected.
         The possible values are:
+        * `ROUND_ROBIN`: This is a simple policy in which each healthy backend
+        is selected in round robin order.
+        * `LEAST_REQUEST`: An O(1) algorithm which selects two random healthy
+        hosts and picks the host which has fewer active requests.
+        * `RING_HASH`: The ring/modulo hash load balancer implements consistent
+        hashing to backends. The algorithm has the property that the
+        addition/removal of a host from a set of N hosts only affects
+        1/N of the requests.
+        * `RANDOM`: The load balancer selects a random healthy host.
+        * `ORIGINAL_DESTINATION`: Backend host is selected based on the client
+        connection metadata, i.e., connections are opened
+        to the same address as the destination address of
+        the incoming connection before the connection
+        was redirected to the load balancer.
+        * `MAGLEV`: used as a drop in replacement for the ring hash load balancer.
+        Maglev is not as stable as ring hash but has faster table lookup
+        build times and host selection times. For more information about
+        Maglev, refer to https://ai.google/research/pubs/pub44824
+        Possible values are: `ROUND_ROBIN`, `LEAST_REQUEST`, `RING_HASH`, `RANDOM`, `ORIGINAL_DESTINATION`, `MAGLEV`.
         """
         return pulumi.get(self, "name")
 
@@ -4665,6 +4718,15 @@ class HealthCheckGrpcHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, gRPC health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         if grpc_service_name is not None:
             pulumi.set(__self__, "grpc_service_name", grpc_service_name)
@@ -4712,6 +4774,15 @@ class HealthCheckGrpcHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, gRPC health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -4915,6 +4986,15 @@ class HealthCheckHttpHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, HTTP health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -4974,6 +5054,15 @@ class HealthCheckHttpHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, HTTP health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -5051,6 +5140,15 @@ class HealthCheckHttpsHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, HTTPS health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -5110,6 +5208,15 @@ class HealthCheckHttpsHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, HTTPS health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -5202,6 +5309,15 @@ class HealthCheckSslHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, HTTP2 health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -5251,6 +5367,15 @@ class HealthCheckSslHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, HTTP2 health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -5324,6 +5449,15 @@ class HealthCheckTcpHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, TCP health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -5373,6 +5507,15 @@ class HealthCheckTcpHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, TCP health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -13175,6 +13318,382 @@ class InterconnectAttachmentPrivateInterconnectInfo(dict):
         return pulumi.get(self, "tag8021q")
 
 
+@pulumi.output_type
+class InterconnectCircuitInfo(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "customerDemarcId":
+            suggest = "customer_demarc_id"
+        elif key == "googleCircuitId":
+            suggest = "google_circuit_id"
+        elif key == "googleDemarcId":
+            suggest = "google_demarc_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in InterconnectCircuitInfo. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        InterconnectCircuitInfo.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        InterconnectCircuitInfo.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 customer_demarc_id: Optional[str] = None,
+                 google_circuit_id: Optional[str] = None,
+                 google_demarc_id: Optional[str] = None):
+        """
+        :param str customer_demarc_id: (Output)
+               Customer-side demarc ID for this circuit.
+        :param str google_circuit_id: (Output)
+               Google-assigned unique ID for this circuit. Assigned at circuit turn-up.
+        :param str google_demarc_id: (Output)
+               Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by
+               Google to the customer in the LOA.
+        """
+        if customer_demarc_id is not None:
+            pulumi.set(__self__, "customer_demarc_id", customer_demarc_id)
+        if google_circuit_id is not None:
+            pulumi.set(__self__, "google_circuit_id", google_circuit_id)
+        if google_demarc_id is not None:
+            pulumi.set(__self__, "google_demarc_id", google_demarc_id)
+
+    @property
+    @pulumi.getter(name="customerDemarcId")
+    def customer_demarc_id(self) -> Optional[str]:
+        """
+        (Output)
+        Customer-side demarc ID for this circuit.
+        """
+        return pulumi.get(self, "customer_demarc_id")
+
+    @property
+    @pulumi.getter(name="googleCircuitId")
+    def google_circuit_id(self) -> Optional[str]:
+        """
+        (Output)
+        Google-assigned unique ID for this circuit. Assigned at circuit turn-up.
+        """
+        return pulumi.get(self, "google_circuit_id")
+
+    @property
+    @pulumi.getter(name="googleDemarcId")
+    def google_demarc_id(self) -> Optional[str]:
+        """
+        (Output)
+        Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by
+        Google to the customer in the LOA.
+        """
+        return pulumi.get(self, "google_demarc_id")
+
+
+@pulumi.output_type
+class InterconnectExpectedOutage(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "affectedCircuits":
+            suggest = "affected_circuits"
+        elif key == "endTime":
+            suggest = "end_time"
+        elif key == "issueType":
+            suggest = "issue_type"
+        elif key == "startTime":
+            suggest = "start_time"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in InterconnectExpectedOutage. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        InterconnectExpectedOutage.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        InterconnectExpectedOutage.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 affected_circuits: Optional[Sequence[str]] = None,
+                 description: Optional[str] = None,
+                 end_time: Optional[str] = None,
+                 issue_type: Optional[str] = None,
+                 name: Optional[str] = None,
+                 source: Optional[str] = None,
+                 start_time: Optional[str] = None,
+                 state: Optional[str] = None):
+        """
+        :param Sequence[str] affected_circuits: (Output)
+               If issueType is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be
+               affected.
+        :param str description: An optional description of this resource. Provide this property when you create the resource.
+        :param str end_time: (Output)
+               Scheduled end time for the outage (milliseconds since Unix epoch).
+        :param str issue_type: (Output)
+               Form this outage is expected to take. Note that the versions of this enum prefixed with
+               "IT_" have been deprecated in favor of the unprefixed values. Can take one of the
+               following values:
+               - OUTAGE: The Interconnect may be completely out of service for some or all of the
+               specified window.
+               - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain
+               up, but with reduced bandwidth.
+        :param str name: Name of the resource. Provided by the client when the resource is created. The name must be
+               1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters
+               long and match the regular expression `a-z?` which means the first
+               character must be a lowercase letter, and all following characters must be a dash,
+               lowercase letter, or digit, except the last character, which cannot be a dash.
+        :param str source: (Output)
+               The party that generated this notification. Note that the value of NSRC_GOOGLE has been
+               deprecated in favor of GOOGLE. Can take the following value:
+               - GOOGLE: this notification as generated by Google.
+        :param str start_time: (Output)
+               Scheduled start time for the outage (milliseconds since Unix epoch).
+        :param str state: (Output)
+               State of this notification. Note that the versions of this enum prefixed with "NS_" have
+               been deprecated in favor of the unprefixed values. Can take one of the following values:
+               - ACTIVE: This outage notification is active. The event could be in the past, present,
+               or future. See startTime and endTime for scheduling.
+               - CANCELLED: The outage associated with this notification was cancelled before the
+               outage was due to start.
+               - COMPLETED: The outage associated with this notification is complete.
+        """
+        if affected_circuits is not None:
+            pulumi.set(__self__, "affected_circuits", affected_circuits)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if end_time is not None:
+            pulumi.set(__self__, "end_time", end_time)
+        if issue_type is not None:
+            pulumi.set(__self__, "issue_type", issue_type)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if source is not None:
+            pulumi.set(__self__, "source", source)
+        if start_time is not None:
+            pulumi.set(__self__, "start_time", start_time)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @property
+    @pulumi.getter(name="affectedCircuits")
+    def affected_circuits(self) -> Optional[Sequence[str]]:
+        """
+        (Output)
+        If issueType is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be
+        affected.
+        """
+        return pulumi.get(self, "affected_circuits")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        An optional description of this resource. Provide this property when you create the resource.
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter(name="endTime")
+    def end_time(self) -> Optional[str]:
+        """
+        (Output)
+        Scheduled end time for the outage (milliseconds since Unix epoch).
+        """
+        return pulumi.get(self, "end_time")
+
+    @property
+    @pulumi.getter(name="issueType")
+    def issue_type(self) -> Optional[str]:
+        """
+        (Output)
+        Form this outage is expected to take. Note that the versions of this enum prefixed with
+        "IT_" have been deprecated in favor of the unprefixed values. Can take one of the
+        following values:
+        - OUTAGE: The Interconnect may be completely out of service for some or all of the
+        specified window.
+        - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain
+        up, but with reduced bandwidth.
+        """
+        return pulumi.get(self, "issue_type")
+
+    @property
+    @pulumi.getter
+    def name(self) -> Optional[str]:
+        """
+        Name of the resource. Provided by the client when the resource is created. The name must be
+        1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters
+        long and match the regular expression `a-z?` which means the first
+        character must be a lowercase letter, and all following characters must be a dash,
+        lowercase letter, or digit, except the last character, which cannot be a dash.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter
+    def source(self) -> Optional[str]:
+        """
+        (Output)
+        The party that generated this notification. Note that the value of NSRC_GOOGLE has been
+        deprecated in favor of GOOGLE. Can take the following value:
+        - GOOGLE: this notification as generated by Google.
+        """
+        return pulumi.get(self, "source")
+
+    @property
+    @pulumi.getter(name="startTime")
+    def start_time(self) -> Optional[str]:
+        """
+        (Output)
+        Scheduled start time for the outage (milliseconds since Unix epoch).
+        """
+        return pulumi.get(self, "start_time")
+
+    @property
+    @pulumi.getter
+    def state(self) -> Optional[str]:
+        """
+        (Output)
+        State of this notification. Note that the versions of this enum prefixed with "NS_" have
+        been deprecated in favor of the unprefixed values. Can take one of the following values:
+        - ACTIVE: This outage notification is active. The event could be in the past, present,
+        or future. See startTime and endTime for scheduling.
+        - CANCELLED: The outage associated with this notification was cancelled before the
+        outage was due to start.
+        - COMPLETED: The outage associated with this notification is complete.
+        """
+        return pulumi.get(self, "state")
+
+
+@pulumi.output_type
+class InterconnectMacsec(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "preSharedKeys":
+            suggest = "pre_shared_keys"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in InterconnectMacsec. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        InterconnectMacsec.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        InterconnectMacsec.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 pre_shared_keys: Sequence['outputs.InterconnectMacsecPreSharedKey']):
+        """
+        :param Sequence['InterconnectMacsecPreSharedKeyArgs'] pre_shared_keys: A keychain placeholder describing a set of named key objects along with their
+               start times. A MACsec CKN/CAK is generated for each key in the key chain.
+               Google router automatically picks the key with the most recent startTime when establishing
+               or re-establishing a MACsec secure link.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "pre_shared_keys", pre_shared_keys)
+
+    @property
+    @pulumi.getter(name="preSharedKeys")
+    def pre_shared_keys(self) -> Sequence['outputs.InterconnectMacsecPreSharedKey']:
+        """
+        A keychain placeholder describing a set of named key objects along with their
+        start times. A MACsec CKN/CAK is generated for each key in the key chain.
+        Google router automatically picks the key with the most recent startTime when establishing
+        or re-establishing a MACsec secure link.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "pre_shared_keys")
+
+
+@pulumi.output_type
+class InterconnectMacsecPreSharedKey(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "failOpen":
+            suggest = "fail_open"
+        elif key == "startTime":
+            suggest = "start_time"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in InterconnectMacsecPreSharedKey. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        InterconnectMacsecPreSharedKey.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        InterconnectMacsecPreSharedKey.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 name: str,
+                 fail_open: Optional[bool] = None,
+                 start_time: Optional[str] = None):
+        """
+        :param str name: A name for this pre-shared key. The name must be 1-63 characters long, and
+               comply with RFC1035. Specifically, the name must be 1-63 characters long and match
+               the regular expression `a-z?` which means the first character
+               must be a lowercase letter, and all following characters must be a dash, lowercase
+               letter, or digit, except the last character, which cannot be a dash.
+        :param bool fail_open: If set to true, the Interconnect connection is configured with a should-secure
+               MACsec security policy, that allows the Google router to fallback to cleartext
+               traffic if the MKA session cannot be established. By default, the Interconnect
+               connection is configured with a must-secure security policy that drops all traffic
+               if the MKA session cannot be established with your router.
+        :param str start_time: A RFC3339 timestamp on or after which the key is valid. startTime can be in the
+               future. If the keychain has a single key, startTime can be omitted. If the keychain
+               has multiple keys, startTime is mandatory for each key. The start times of keys must
+               be in increasing order. The start times of two consecutive keys must be at least 6
+               hours apart.
+        """
+        pulumi.set(__self__, "name", name)
+        if fail_open is not None:
+            pulumi.set(__self__, "fail_open", fail_open)
+        if start_time is not None:
+            pulumi.set(__self__, "start_time", start_time)
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        A name for this pre-shared key. The name must be 1-63 characters long, and
+        comply with RFC1035. Specifically, the name must be 1-63 characters long and match
+        the regular expression `a-z?` which means the first character
+        must be a lowercase letter, and all following characters must be a dash, lowercase
+        letter, or digit, except the last character, which cannot be a dash.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="failOpen")
+    def fail_open(self) -> Optional[bool]:
+        """
+        If set to true, the Interconnect connection is configured with a should-secure
+        MACsec security policy, that allows the Google router to fallback to cleartext
+        traffic if the MKA session cannot be established. By default, the Interconnect
+        connection is configured with a must-secure security policy that drops all traffic
+        if the MKA session cannot be established with your router.
+        """
+        return pulumi.get(self, "fail_open")
+
+    @property
+    @pulumi.getter(name="startTime")
+    def start_time(self) -> Optional[str]:
+        """
+        A RFC3339 timestamp on or after which the key is valid. startTime can be in the
+        future. If the keychain has a single key, startTime can be omitted. If the keychain
+        has multiple keys, startTime is mandatory for each key. The start times of keys must
+        be in increasing order. The start times of two consecutive keys must be at least 6
+        hours apart.
+        """
+        return pulumi.get(self, "start_time")
+
+
 @pulumi.output_type
 class MachineImageIamBindingCondition(dict):
     def __init__(__self__, *,
@@ -17787,6 +18306,15 @@ class RegionHealthCheckGrpcHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, gRPC health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         if grpc_service_name is not None:
             pulumi.set(__self__, "grpc_service_name", grpc_service_name)
@@ -17834,6 +18362,15 @@ class RegionHealthCheckGrpcHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, gRPC health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -18037,6 +18574,15 @@ class RegionHealthCheckHttpHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, HTTP health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -18096,6 +18642,15 @@ class RegionHealthCheckHttpHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, HTTP health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -18173,6 +18728,15 @@ class RegionHealthCheckHttpsHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, HTTPS health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -18232,6 +18796,15 @@ class RegionHealthCheckHttpsHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, HTTPS health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -18324,6 +18897,15 @@ class RegionHealthCheckSslHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, HTTP2 health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -18373,6 +18955,15 @@ class RegionHealthCheckSslHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, HTTP2 health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -18446,6 +19037,15 @@ class RegionHealthCheckTcpHealthCheck(dict):
                port_name are defined, port takes precedence.
         :param str port_specification: Specifies how port is selected for health checking, can be one of the
                following values:
+               * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+               * `USE_NAMED_PORT`: The `portName` is used for health checking.
+               * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+               network endpoint is used for health checking. For other backends, the
+               port or named port specified in the Backend Service is used for health
+               checking.
+               If not specified, TCP health check follows behavior specified in `port` and
+               `portName` fields.
+               Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         :param str proxy_header: Specifies the type of proxy header to append before sending data to the
                backend.
                Default value is `NONE`.
@@ -18495,6 +19095,15 @@ class RegionHealthCheckTcpHealthCheck(dict):
         """
         Specifies how port is selected for health checking, can be one of the
         following values:
+        * `USE_FIXED_PORT`: The port number in `port` is used for health checking.
+        * `USE_NAMED_PORT`: The `portName` is used for health checking.
+        * `USE_SERVING_PORT`: For NetworkEndpointGroup, the port specified for each
+        network endpoint is used for health checking. For other backends, the
+        port or named port specified in the Backend Service is used for health
+        checking.
+        If not specified, TCP health check follows behavior specified in `port` and
+        `portName` fields.
+        Possible values are: `USE_FIXED_PORT`, `USE_NAMED_PORT`, `USE_SERVING_PORT`.
         """
         return pulumi.get(self, "port_specification")
 
@@ -22046,17 +22655,22 @@ class RegionSecurityPolicyRuleMatch(dict):
 
     def __init__(__self__, *,
                  config: Optional['outputs.RegionSecurityPolicyRuleMatchConfig'] = None,
+                 expr: Optional['outputs.RegionSecurityPolicyRuleMatchExpr'] = None,
                  versioned_expr: Optional[str] = None):
         """
         :param 'RegionSecurityPolicyRuleMatchConfigArgs' config: The configuration options available when specifying versionedExpr.
                This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified.
                Structure is documented below.
+        :param 'RegionSecurityPolicyRuleMatchExprArgs' expr: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
+               Structure is documented below.
         :param str versioned_expr: Preconfigured versioned expression. If this field is specified, config must also be specified.
                Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config.
                Possible values are: `SRC_IPS_V1`.
         """
         if config is not None:
             pulumi.set(__self__, "config", config)
+        if expr is not None:
+            pulumi.set(__self__, "expr", expr)
         if versioned_expr is not None:
             pulumi.set(__self__, "versioned_expr", versioned_expr)
 
@@ -22070,6 +22684,15 @@ class RegionSecurityPolicyRuleMatch(dict):
         """
         return pulumi.get(self, "config")
 
+    @property
+    @pulumi.getter
+    def expr(self) -> Optional['outputs.RegionSecurityPolicyRuleMatchExpr']:
+        """
+        User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr")
+
     @property
     @pulumi.getter(name="versionedExpr")
     def versioned_expr(self) -> Optional[str]:
@@ -22117,6 +22740,24 @@ class RegionSecurityPolicyRuleMatchConfig(dict):
         return pulumi.get(self, "src_ip_ranges")
 
 
+@pulumi.output_type
+class RegionSecurityPolicyRuleMatchExpr(dict):
+    def __init__(__self__, *,
+                 expression: str):
+        """
+        :param str expression: Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
+        """
+        pulumi.set(__self__, "expression", expression)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> str:
+        """
+        Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.
+        """
+        return pulumi.get(self, "expression")
+
+
 @pulumi.output_type
 class RegionSecurityPolicyRuleNetworkMatch(dict):
     @staticmethod
@@ -22284,6 +22925,680 @@ class RegionSecurityPolicyRuleNetworkMatchUserDefinedField(dict):
         return pulumi.get(self, "values")
 
 
+@pulumi.output_type
+class RegionSecurityPolicyRulePreconfiguredWafConfig(dict):
+    def __init__(__self__, *,
+                 exclusions: Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusion']] = None):
+        """
+        :param Sequence['RegionSecurityPolicyRulePreconfiguredWafConfigExclusionArgs'] exclusions: An exclusion to apply during preconfigured WAF evaluation.
+               Structure is documented below.
+        """
+        if exclusions is not None:
+            pulumi.set(__self__, "exclusions", exclusions)
+
+    @property
+    @pulumi.getter
+    def exclusions(self) -> Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusion']]:
+        """
+        An exclusion to apply during preconfigured WAF evaluation.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "exclusions")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRulePreconfiguredWafConfigExclusion(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "targetRuleSet":
+            suggest = "target_rule_set"
+        elif key == "requestCookies":
+            suggest = "request_cookies"
+        elif key == "requestHeaders":
+            suggest = "request_headers"
+        elif key == "requestQueryParams":
+            suggest = "request_query_params"
+        elif key == "requestUris":
+            suggest = "request_uris"
+        elif key == "targetRuleIds":
+            suggest = "target_rule_ids"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyRulePreconfiguredWafConfigExclusion. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyRulePreconfiguredWafConfigExclusion.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyRulePreconfiguredWafConfigExclusion.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 target_rule_set: str,
+                 request_cookies: Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky']] = None,
+                 request_headers: Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader']] = None,
+                 request_query_params: Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam']] = None,
+                 request_uris: Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri']] = None,
+                 target_rule_ids: Optional[Sequence[str]] = None):
+        """
+        :param str target_rule_set: Target WAF rule set to apply the preconfigured WAF exclusion.
+        :param Sequence['RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArgs'] request_cookies: Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
+               Structure is documented below.
+        :param Sequence['RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeaderArgs'] request_headers: Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
+               Structure is documented below.
+        :param Sequence['RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParamArgs'] request_query_params: Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation.
+               Note that the parameter can be in the query string or in the POST body.
+               Structure is documented below.
+        :param Sequence['RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUriArgs'] request_uris: Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation.
+               When specifying this field, the query or fragment part should be excluded.
+               Structure is documented below.
+        :param Sequence[str] target_rule_ids: A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion.
+               If omitted, it refers to all the rule IDs under the WAF rule set.
+        """
+        pulumi.set(__self__, "target_rule_set", target_rule_set)
+        if request_cookies is not None:
+            pulumi.set(__self__, "request_cookies", request_cookies)
+        if request_headers is not None:
+            pulumi.set(__self__, "request_headers", request_headers)
+        if request_query_params is not None:
+            pulumi.set(__self__, "request_query_params", request_query_params)
+        if request_uris is not None:
+            pulumi.set(__self__, "request_uris", request_uris)
+        if target_rule_ids is not None:
+            pulumi.set(__self__, "target_rule_ids", target_rule_ids)
+
+    @property
+    @pulumi.getter(name="targetRuleSet")
+    def target_rule_set(self) -> str:
+        """
+        Target WAF rule set to apply the preconfigured WAF exclusion.
+        """
+        return pulumi.get(self, "target_rule_set")
+
+    @property
+    @pulumi.getter(name="requestCookies")
+    def request_cookies(self) -> Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky']]:
+        """
+        Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "request_cookies")
+
+    @property
+    @pulumi.getter(name="requestHeaders")
+    def request_headers(self) -> Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader']]:
+        """
+        Request header whose value will be excluded from inspection during preconfigured WAF evaluation.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "request_headers")
+
+    @property
+    @pulumi.getter(name="requestQueryParams")
+    def request_query_params(self) -> Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam']]:
+        """
+        Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation.
+        Note that the parameter can be in the query string or in the POST body.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "request_query_params")
+
+    @property
+    @pulumi.getter(name="requestUris")
+    def request_uris(self) -> Optional[Sequence['outputs.RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri']]:
+        """
+        Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation.
+        When specifying this field, the query or fragment part should be excluded.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "request_uris")
+
+    @property
+    @pulumi.getter(name="targetRuleIds")
+    def target_rule_ids(self) -> Optional[Sequence[str]]:
+        """
+        A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion.
+        If omitted, it refers to all the rule IDs under the WAF rule set.
+        """
+        return pulumi.get(self, "target_rule_ids")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky(dict):
+    def __init__(__self__, *,
+                 operator: str,
+                 value: Optional[str] = None):
+        """
+        :param str operator: You can specify an exact match or a partial match by using a field operator and a field value.
+               Available options:
+               EQUALS: The operator matches if the field value equals the specified value.
+               STARTS_WITH: The operator matches if the field value starts with the specified value.
+               ENDS_WITH: The operator matches if the field value ends with the specified value.
+               CONTAINS: The operator matches if the field value contains the specified value.
+               EQUALS_ANY: The operator matches if the field value is any value.
+               Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        :param str value: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+               The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        pulumi.set(__self__, "operator", operator)
+        if value is not None:
+            pulumi.set(__self__, "value", value)
+
+    @property
+    @pulumi.getter
+    def operator(self) -> str:
+        """
+        You can specify an exact match or a partial match by using a field operator and a field value.
+        Available options:
+        EQUALS: The operator matches if the field value equals the specified value.
+        STARTS_WITH: The operator matches if the field value starts with the specified value.
+        ENDS_WITH: The operator matches if the field value ends with the specified value.
+        CONTAINS: The operator matches if the field value contains the specified value.
+        EQUALS_ANY: The operator matches if the field value is any value.
+        Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        """
+        return pulumi.get(self, "operator")
+
+    @property
+    @pulumi.getter
+    def value(self) -> Optional[str]:
+        """
+        A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+        The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        return pulumi.get(self, "value")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestHeader(dict):
+    def __init__(__self__, *,
+                 operator: str,
+                 value: Optional[str] = None):
+        """
+        :param str operator: You can specify an exact match or a partial match by using a field operator and a field value.
+               Available options:
+               EQUALS: The operator matches if the field value equals the specified value.
+               STARTS_WITH: The operator matches if the field value starts with the specified value.
+               ENDS_WITH: The operator matches if the field value ends with the specified value.
+               CONTAINS: The operator matches if the field value contains the specified value.
+               EQUALS_ANY: The operator matches if the field value is any value.
+               Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        :param str value: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+               The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        pulumi.set(__self__, "operator", operator)
+        if value is not None:
+            pulumi.set(__self__, "value", value)
+
+    @property
+    @pulumi.getter
+    def operator(self) -> str:
+        """
+        You can specify an exact match or a partial match by using a field operator and a field value.
+        Available options:
+        EQUALS: The operator matches if the field value equals the specified value.
+        STARTS_WITH: The operator matches if the field value starts with the specified value.
+        ENDS_WITH: The operator matches if the field value ends with the specified value.
+        CONTAINS: The operator matches if the field value contains the specified value.
+        EQUALS_ANY: The operator matches if the field value is any value.
+        Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        """
+        return pulumi.get(self, "operator")
+
+    @property
+    @pulumi.getter
+    def value(self) -> Optional[str]:
+        """
+        A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+        The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        return pulumi.get(self, "value")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestQueryParam(dict):
+    def __init__(__self__, *,
+                 operator: str,
+                 value: Optional[str] = None):
+        """
+        :param str operator: You can specify an exact match or a partial match by using a field operator and a field value.
+               Available options:
+               EQUALS: The operator matches if the field value equals the specified value.
+               STARTS_WITH: The operator matches if the field value starts with the specified value.
+               ENDS_WITH: The operator matches if the field value ends with the specified value.
+               CONTAINS: The operator matches if the field value contains the specified value.
+               EQUALS_ANY: The operator matches if the field value is any value.
+               Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        :param str value: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+               The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        pulumi.set(__self__, "operator", operator)
+        if value is not None:
+            pulumi.set(__self__, "value", value)
+
+    @property
+    @pulumi.getter
+    def operator(self) -> str:
+        """
+        You can specify an exact match or a partial match by using a field operator and a field value.
+        Available options:
+        EQUALS: The operator matches if the field value equals the specified value.
+        STARTS_WITH: The operator matches if the field value starts with the specified value.
+        ENDS_WITH: The operator matches if the field value ends with the specified value.
+        CONTAINS: The operator matches if the field value contains the specified value.
+        EQUALS_ANY: The operator matches if the field value is any value.
+        Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        """
+        return pulumi.get(self, "operator")
+
+    @property
+    @pulumi.getter
+    def value(self) -> Optional[str]:
+        """
+        A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+        The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        return pulumi.get(self, "value")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRulePreconfiguredWafConfigExclusionRequestUri(dict):
+    def __init__(__self__, *,
+                 operator: str,
+                 value: Optional[str] = None):
+        """
+        :param str operator: You can specify an exact match or a partial match by using a field operator and a field value.
+               Available options:
+               EQUALS: The operator matches if the field value equals the specified value.
+               STARTS_WITH: The operator matches if the field value starts with the specified value.
+               ENDS_WITH: The operator matches if the field value ends with the specified value.
+               CONTAINS: The operator matches if the field value contains the specified value.
+               EQUALS_ANY: The operator matches if the field value is any value.
+               Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        :param str value: A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+               The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        pulumi.set(__self__, "operator", operator)
+        if value is not None:
+            pulumi.set(__self__, "value", value)
+
+    @property
+    @pulumi.getter
+    def operator(self) -> str:
+        """
+        You can specify an exact match or a partial match by using a field operator and a field value.
+        Available options:
+        EQUALS: The operator matches if the field value equals the specified value.
+        STARTS_WITH: The operator matches if the field value starts with the specified value.
+        ENDS_WITH: The operator matches if the field value ends with the specified value.
+        CONTAINS: The operator matches if the field value contains the specified value.
+        EQUALS_ANY: The operator matches if the field value is any value.
+        Possible values are: `CONTAINS`, `ENDS_WITH`, `EQUALS`, `EQUALS_ANY`, `STARTS_WITH`.
+        """
+        return pulumi.get(self, "operator")
+
+    @property
+    @pulumi.getter
+    def value(self) -> Optional[str]:
+        """
+        A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.
+        The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.
+        """
+        return pulumi.get(self, "value")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRuleRateLimitOptions(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "banDurationSec":
+            suggest = "ban_duration_sec"
+        elif key == "banThreshold":
+            suggest = "ban_threshold"
+        elif key == "conformAction":
+            suggest = "conform_action"
+        elif key == "enforceOnKey":
+            suggest = "enforce_on_key"
+        elif key == "enforceOnKeyConfigs":
+            suggest = "enforce_on_key_configs"
+        elif key == "enforceOnKeyName":
+            suggest = "enforce_on_key_name"
+        elif key == "exceedAction":
+            suggest = "exceed_action"
+        elif key == "rateLimitThreshold":
+            suggest = "rate_limit_threshold"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyRuleRateLimitOptions. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptions.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptions.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 ban_duration_sec: Optional[int] = None,
+                 ban_threshold: Optional['outputs.RegionSecurityPolicyRuleRateLimitOptionsBanThreshold'] = None,
+                 conform_action: Optional[str] = None,
+                 enforce_on_key: Optional[str] = None,
+                 enforce_on_key_configs: Optional[Sequence['outputs.RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig']] = None,
+                 enforce_on_key_name: Optional[str] = None,
+                 exceed_action: Optional[str] = None,
+                 rate_limit_threshold: Optional['outputs.RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold'] = None):
+        """
+        :param int ban_duration_sec: Can only be specified if the action for the rule is "rate_based_ban".
+               If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
+        :param 'RegionSecurityPolicyRuleRateLimitOptionsBanThresholdArgs' ban_threshold: Can only be specified if the action for the rule is "rate_based_ban".
+               If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
+               Structure is documented below.
+        :param str conform_action: Action to take for requests that are under the configured rate limit threshold.
+               Valid option is "allow" only.
+        :param str enforce_on_key: Determines the key to enforce the rateLimitThreshold on. Possible values are:
+               * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKey" is not configured.
+               * IP: The source IP address of the request is the key. Each IP has this limit enforced separately.
+               * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.
+               * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.
+               * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.
+               * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.
+               * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.
+               * REGION_CODE: The country/region from which the request originates.
+               * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.
+               * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP.
+               Possible values are: `ALL`, `IP`, `HTTP_HEADER`, `XFF_IP`, `HTTP_COOKIE`, `HTTP_PATH`, `SNI`, `REGION_CODE`, `TLS_JA3_FINGERPRINT`, `USER_IP`.
+        :param Sequence['RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs'] enforce_on_key_configs: If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced.
+               You can specify up to 3 enforceOnKeyConfigs.
+               If enforceOnKeyConfigs is specified, enforceOnKey must not be specified.
+               Structure is documented below.
+        :param str enforce_on_key_name: Rate limit key name applicable only for the following key types:
+               HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.
+               HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
+        :param str exceed_action: Action to take for requests that are above the configured rate limit threshold, to deny with a specified HTTP response code.
+               Valid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502.
+        :param 'RegionSecurityPolicyRuleRateLimitOptionsRateLimitThresholdArgs' rate_limit_threshold: Threshold at which to begin ratelimiting.
+               Structure is documented below.
+        """
+        if ban_duration_sec is not None:
+            pulumi.set(__self__, "ban_duration_sec", ban_duration_sec)
+        if ban_threshold is not None:
+            pulumi.set(__self__, "ban_threshold", ban_threshold)
+        if conform_action is not None:
+            pulumi.set(__self__, "conform_action", conform_action)
+        if enforce_on_key is not None:
+            pulumi.set(__self__, "enforce_on_key", enforce_on_key)
+        if enforce_on_key_configs is not None:
+            pulumi.set(__self__, "enforce_on_key_configs", enforce_on_key_configs)
+        if enforce_on_key_name is not None:
+            pulumi.set(__self__, "enforce_on_key_name", enforce_on_key_name)
+        if exceed_action is not None:
+            pulumi.set(__self__, "exceed_action", exceed_action)
+        if rate_limit_threshold is not None:
+            pulumi.set(__self__, "rate_limit_threshold", rate_limit_threshold)
+
+    @property
+    @pulumi.getter(name="banDurationSec")
+    def ban_duration_sec(self) -> Optional[int]:
+        """
+        Can only be specified if the action for the rule is "rate_based_ban".
+        If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.
+        """
+        return pulumi.get(self, "ban_duration_sec")
+
+    @property
+    @pulumi.getter(name="banThreshold")
+    def ban_threshold(self) -> Optional['outputs.RegionSecurityPolicyRuleRateLimitOptionsBanThreshold']:
+        """
+        Can only be specified if the action for the rule is "rate_based_ban".
+        If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "ban_threshold")
+
+    @property
+    @pulumi.getter(name="conformAction")
+    def conform_action(self) -> Optional[str]:
+        """
+        Action to take for requests that are under the configured rate limit threshold.
+        Valid option is "allow" only.
+        """
+        return pulumi.get(self, "conform_action")
+
+    @property
+    @pulumi.getter(name="enforceOnKey")
+    def enforce_on_key(self) -> Optional[str]:
+        """
+        Determines the key to enforce the rateLimitThreshold on. Possible values are:
+        * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKey" is not configured.
+        * IP: The source IP address of the request is the key. Each IP has this limit enforced separately.
+        * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.
+        * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.
+        * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.
+        * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.
+        * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.
+        * REGION_CODE: The country/region from which the request originates.
+        * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.
+        * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP.
+        Possible values are: `ALL`, `IP`, `HTTP_HEADER`, `XFF_IP`, `HTTP_COOKIE`, `HTTP_PATH`, `SNI`, `REGION_CODE`, `TLS_JA3_FINGERPRINT`, `USER_IP`.
+        """
+        return pulumi.get(self, "enforce_on_key")
+
+    @property
+    @pulumi.getter(name="enforceOnKeyConfigs")
+    def enforce_on_key_configs(self) -> Optional[Sequence['outputs.RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig']]:
+        """
+        If specified, any combination of values of enforceOnKeyType/enforceOnKeyName is treated as the key on which ratelimit threshold/action is enforced.
+        You can specify up to 3 enforceOnKeyConfigs.
+        If enforceOnKeyConfigs is specified, enforceOnKey must not be specified.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "enforce_on_key_configs")
+
+    @property
+    @pulumi.getter(name="enforceOnKeyName")
+    def enforce_on_key_name(self) -> Optional[str]:
+        """
+        Rate limit key name applicable only for the following key types:
+        HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.
+        HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
+        """
+        return pulumi.get(self, "enforce_on_key_name")
+
+    @property
+    @pulumi.getter(name="exceedAction")
+    def exceed_action(self) -> Optional[str]:
+        """
+        Action to take for requests that are above the configured rate limit threshold, to deny with a specified HTTP response code.
+        Valid options are deny(STATUS), where valid values for STATUS are 403, 404, 429, and 502.
+        """
+        return pulumi.get(self, "exceed_action")
+
+    @property
+    @pulumi.getter(name="rateLimitThreshold")
+    def rate_limit_threshold(self) -> Optional['outputs.RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold']:
+        """
+        Threshold at which to begin ratelimiting.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "rate_limit_threshold")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRuleRateLimitOptionsBanThreshold(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "intervalSec":
+            suggest = "interval_sec"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyRuleRateLimitOptionsBanThreshold. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptionsBanThreshold.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptionsBanThreshold.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 count: Optional[int] = None,
+                 interval_sec: Optional[int] = None):
+        """
+        :param int count: Number of HTTP(S) requests for calculating the threshold.
+        :param int interval_sec: Interval over which the threshold is computed.
+        """
+        if count is not None:
+            pulumi.set(__self__, "count", count)
+        if interval_sec is not None:
+            pulumi.set(__self__, "interval_sec", interval_sec)
+
+    @property
+    @pulumi.getter
+    def count(self) -> Optional[int]:
+        """
+        Number of HTTP(S) requests for calculating the threshold.
+        """
+        return pulumi.get(self, "count")
+
+    @property
+    @pulumi.getter(name="intervalSec")
+    def interval_sec(self) -> Optional[int]:
+        """
+        Interval over which the threshold is computed.
+        """
+        return pulumi.get(self, "interval_sec")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "enforceOnKeyName":
+            suggest = "enforce_on_key_name"
+        elif key == "enforceOnKeyType":
+            suggest = "enforce_on_key_type"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 enforce_on_key_name: Optional[str] = None,
+                 enforce_on_key_type: Optional[str] = None):
+        """
+        :param str enforce_on_key_name: Rate limit key name applicable only for the following key types:
+               HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.
+               HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
+        :param str enforce_on_key_type: Determines the key to enforce the rateLimitThreshold on. Possible values are:
+               * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKeyConfigs" is not configured.
+               * IP: The source IP address of the request is the key. Each IP has this limit enforced separately.
+               * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.
+               * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.
+               * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.
+               * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.
+               * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.
+               * REGION_CODE: The country/region from which the request originates.
+               * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.
+               * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP.
+               Possible values are: `ALL`, `IP`, `HTTP_HEADER`, `XFF_IP`, `HTTP_COOKIE`, `HTTP_PATH`, `SNI`, `REGION_CODE`, `TLS_JA3_FINGERPRINT`, `USER_IP`.
+        """
+        if enforce_on_key_name is not None:
+            pulumi.set(__self__, "enforce_on_key_name", enforce_on_key_name)
+        if enforce_on_key_type is not None:
+            pulumi.set(__self__, "enforce_on_key_type", enforce_on_key_type)
+
+    @property
+    @pulumi.getter(name="enforceOnKeyName")
+    def enforce_on_key_name(self) -> Optional[str]:
+        """
+        Rate limit key name applicable only for the following key types:
+        HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value.
+        HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.
+        """
+        return pulumi.get(self, "enforce_on_key_name")
+
+    @property
+    @pulumi.getter(name="enforceOnKeyType")
+    def enforce_on_key_type(self) -> Optional[str]:
+        """
+        Determines the key to enforce the rateLimitThreshold on. Possible values are:
+        * ALL: A single rate limit threshold is applied to all the requests matching this rule. This is the default value if "enforceOnKeyConfigs" is not configured.
+        * IP: The source IP address of the request is the key. Each IP has this limit enforced separately.
+        * HTTP_HEADER: The value of the HTTP header whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to ALL.
+        * XFF_IP: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key defaults to the source IP address of the request i.e. key type IP.
+        * HTTP_COOKIE: The value of the HTTP cookie whose name is configured under "enforceOnKeyName". The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to ALL.
+        * HTTP_PATH: The URL path of the HTTP request. The key value is truncated to the first 128 bytes.
+        * SNI: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to ALL on a HTTP session.
+        * REGION_CODE: The country/region from which the request originates.
+        * TLS_JA3_FINGERPRINT: JA3 TLS/SSL fingerprint if the client connects using HTTPS, HTTP/2 or HTTP/3. If not available, the key type defaults to ALL.
+        * USER_IP: The IP address of the originating client, which is resolved based on "userIpRequestHeaders" configured with the security policy. If there is no "userIpRequestHeaders" configuration or an IP address cannot be resolved from it, the key type defaults to IP.
+        Possible values are: `ALL`, `IP`, `HTTP_HEADER`, `XFF_IP`, `HTTP_COOKIE`, `HTTP_PATH`, `SNI`, `REGION_CODE`, `TLS_JA3_FINGERPRINT`, `USER_IP`.
+        """
+        return pulumi.get(self, "enforce_on_key_type")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "intervalSec":
+            suggest = "interval_sec"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyRuleRateLimitOptionsRateLimitThreshold.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 count: Optional[int] = None,
+                 interval_sec: Optional[int] = None):
+        """
+        :param int count: Number of HTTP(S) requests for calculating the threshold.
+        :param int interval_sec: Interval over which the threshold is computed.
+        """
+        if count is not None:
+            pulumi.set(__self__, "count", count)
+        if interval_sec is not None:
+            pulumi.set(__self__, "interval_sec", interval_sec)
+
+    @property
+    @pulumi.getter
+    def count(self) -> Optional[int]:
+        """
+        Number of HTTP(S) requests for calculating the threshold.
+        """
+        return pulumi.get(self, "count")
+
+    @property
+    @pulumi.getter(name="intervalSec")
+    def interval_sec(self) -> Optional[int]:
+        """
+        Interval over which the threshold is computed.
+        """
+        return pulumi.get(self, "interval_sec")
+
+
 @pulumi.output_type
 class RegionSecurityPolicyUserDefinedField(dict):
     def __init__(__self__, *,
@@ -29816,7 +31131,11 @@ class SecurityPolicyAdvancedOptionsConfig(dict):
         :param 'SecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs' json_custom_config: Custom configuration to apply the JSON parsing. Only applicable when
                `json_parsing` is set to `STANDARD`. Structure is documented below.
         :param str json_parsing: Whether or not to JSON parse the payload body. Defaults to `DISABLED`.
+               * `DISABLED` - Don't parse JSON payloads in POST bodies.
+               * `STANDARD` - Parse JSON payloads in POST bodies.
         :param str log_level: Log level to use. Defaults to `NORMAL`.
+               * `NORMAL` - Normal log level.
+               * `VERBOSE` - Verbose log level.
         :param Sequence[str] user_ip_request_headers: An optional list of case-insensitive request header names to use for resolving the callers client IP address.
         """
         if json_custom_config is not None:
@@ -29842,6 +31161,8 @@ class SecurityPolicyAdvancedOptionsConfig(dict):
     def json_parsing(self) -> Optional[str]:
         """
         Whether or not to JSON parse the payload body. Defaults to `DISABLED`.
+        * `DISABLED` - Don't parse JSON payloads in POST bodies.
+        * `STANDARD` - Parse JSON payloads in POST bodies.
         """
         return pulumi.get(self, "json_parsing")
 
@@ -29850,6 +31171,8 @@ class SecurityPolicyAdvancedOptionsConfig(dict):
     def log_level(self) -> Optional[str]:
         """
         Log level to use. Defaults to `NORMAL`.
+        * `NORMAL` - Normal log level.
+        * `VERBOSE` - Verbose log level.
         """
         return pulumi.get(self, "log_level")
 
@@ -30659,10 +31982,22 @@ class SecurityPolicyRuleRateLimitOptions(dict):
                If specified, the key will be banned for the configured `ban_duration_sec` when the number of requests that exceed the `rate_limit_threshold` also
                exceed this `ban_threshold`. Structure is documented below.
         :param str enforce_on_key: Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to `ALL`.
+               
+               * `ALL`: A single rate limit threshold is applied to all the requests matching this rule.
+               * `IP`: The source IP address of the request is the key. Each IP has this limit enforced separately.
+               * `HTTP_HEADER`: The value of the HTTP header whose name is configured under `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to `ALL`.
+               * `XFF_IP`: The first IP address (i.e. the originating client IP address) specified in the list of IPs under `X-Forwarded-For` HTTP header. If no such header is present or the value is not a valid IP, the key type defaults to `ALL`.
+               * `HTTP_COOKIE`: The value of the HTTP cookie whose name is configured under `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to `ALL`.
+               * `HTTP_PATH`: The URL path of the HTTP request. The key value is truncated to the first 128 bytes
+               * `SNI`: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to `ALL` on a HTTP session.
+               * `REGION_CODE`: The country/region from which the request originates.
         :param Sequence['SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfigArgs'] enforce_on_key_configs: If specified, any combination of values of enforce_on_key_type/enforce_on_key_name is treated as the key on which rate limit threshold/action is enforced. You can specify up to 3 enforce_on_key_configs. If `enforce_on_key_configs` is specified, `enforce_on_key` must be set to an empty string. Structure is documented below.
                
                **Note:** To avoid the conflict between `enforce_on_key` and `enforce_on_key_configs`, the field `enforce_on_key` needs to be set to an empty string.
         :param str enforce_on_key_name: Rate limit key name applicable only for the following key types:
+               
+               * `HTTP_HEADER` -- Name of the HTTP header whose value is taken as the key value.
+               * `HTTP_COOKIE` -- Name of the HTTP cookie whose value is taken as the key value.
         :param 'SecurityPolicyRuleRateLimitOptionsExceedRedirectOptionsArgs' exceed_redirect_options: Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.
         """
         pulumi.set(__self__, "conform_action", conform_action)
@@ -30730,6 +32065,15 @@ class SecurityPolicyRuleRateLimitOptions(dict):
     def enforce_on_key(self) -> Optional[str]:
         """
         Determines the key to enforce the rate_limit_threshold on. If not specified, defaults to `ALL`.
+
+        * `ALL`: A single rate limit threshold is applied to all the requests matching this rule.
+        * `IP`: The source IP address of the request is the key. Each IP has this limit enforced separately.
+        * `HTTP_HEADER`: The value of the HTTP header whose name is configured under `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to `ALL`.
+        * `XFF_IP`: The first IP address (i.e. the originating client IP address) specified in the list of IPs under `X-Forwarded-For` HTTP header. If no such header is present or the value is not a valid IP, the key type defaults to `ALL`.
+        * `HTTP_COOKIE`: The value of the HTTP cookie whose name is configured under `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to `ALL`.
+        * `HTTP_PATH`: The URL path of the HTTP request. The key value is truncated to the first 128 bytes
+        * `SNI`: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to `ALL` on a HTTP session.
+        * `REGION_CODE`: The country/region from which the request originates.
         """
         return pulumi.get(self, "enforce_on_key")
 
@@ -30748,6 +32092,9 @@ class SecurityPolicyRuleRateLimitOptions(dict):
     def enforce_on_key_name(self) -> Optional[str]:
         """
         Rate limit key name applicable only for the following key types:
+
+        * `HTTP_HEADER` -- Name of the HTTP header whose value is taken as the key value.
+        * `HTTP_COOKIE` -- Name of the HTTP cookie whose value is taken as the key value.
         """
         return pulumi.get(self, "enforce_on_key_name")
 
@@ -30832,7 +32179,19 @@ class SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig(dict):
                  enforce_on_key_type: Optional[str] = None):
         """
         :param str enforce_on_key_name: Rate limit key name applicable only for the following key types:
+               
+               * `HTTP_HEADER` -- Name of the HTTP header whose value is taken as the key value.
+               * `HTTP_COOKIE` -- Name of the HTTP cookie whose value is taken as the key value.
         :param str enforce_on_key_type: Determines the key to enforce the `rate_limit_threshold` on. If not specified, defaults to `ALL`.
+               
+               * `ALL`: A single rate limit threshold is applied to all the requests matching this rule.
+               * `IP`: The source IP address of the request is the key. Each IP has this limit enforced separately.
+               * `HTTP_HEADER`: The value of the HTTP header whose name is configured on `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to `ALL`.
+               * `XFF_IP`: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key type defaults to `ALL`.
+               * `HTTP_COOKIE`: The value of the HTTP cookie whose name is configured under `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to `ALL`.
+               * `HTTP_PATH`: The URL path of the HTTP request. The key value is truncated to the first 128 bytes
+               * `SNI`: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to `ALL` on a HTTP session.
+               * `REGION_CODE`: The country/region from which the request originates.
         """
         if enforce_on_key_name is not None:
             pulumi.set(__self__, "enforce_on_key_name", enforce_on_key_name)
@@ -30844,6 +32203,9 @@ class SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig(dict):
     def enforce_on_key_name(self) -> Optional[str]:
         """
         Rate limit key name applicable only for the following key types:
+
+        * `HTTP_HEADER` -- Name of the HTTP header whose value is taken as the key value.
+        * `HTTP_COOKIE` -- Name of the HTTP cookie whose value is taken as the key value.
         """
         return pulumi.get(self, "enforce_on_key_name")
 
@@ -30852,6 +32214,15 @@ class SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig(dict):
     def enforce_on_key_type(self) -> Optional[str]:
         """
         Determines the key to enforce the `rate_limit_threshold` on. If not specified, defaults to `ALL`.
+
+        * `ALL`: A single rate limit threshold is applied to all the requests matching this rule.
+        * `IP`: The source IP address of the request is the key. Each IP has this limit enforced separately.
+        * `HTTP_HEADER`: The value of the HTTP header whose name is configured on `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the header value. If no such header is present in the request, the key type defaults to `ALL`.
+        * `XFF_IP`: The first IP address (i.e. the originating client IP address) specified in the list of IPs under X-Forwarded-For HTTP header. If no such header is present or the value is not a valid IP, the key type defaults to `ALL`.
+        * `HTTP_COOKIE`: The value of the HTTP cookie whose name is configured under `enforce_on_key_name`. The key value is truncated to the first 128 bytes of the cookie value. If no such cookie is present in the request, the key type defaults to `ALL`.
+        * `HTTP_PATH`: The URL path of the HTTP request. The key value is truncated to the first 128 bytes
+        * `SNI`: Server name indication in the TLS session of the HTTPS request. The key value is truncated to the first 128 bytes. The key type defaults to `ALL` on a HTTP session.
+        * `REGION_CODE`: The country/region from which the request originates.
         """
         return pulumi.get(self, "enforce_on_key_type")
 
@@ -30939,6 +32310,9 @@ class SecurityPolicyRuleRedirectOptions(dict):
                  target: Optional[str] = None):
         """
         :param str type: Type of redirect action.
+               
+               * `EXTERNAL_302`: Redirect to an external address, configured in `target`.
+               * `GOOGLE_RECAPTCHA`: Redirect to Google reCAPTCHA.
         :param str target: External redirection target when `EXTERNAL_302` is set in `type`.
         """
         pulumi.set(__self__, "type", type)
@@ -30950,6 +32324,9 @@ class SecurityPolicyRuleRedirectOptions(dict):
     def type(self) -> str:
         """
         Type of redirect action.
+
+        * `EXTERNAL_302`: Redirect to an external address, configured in `target`.
+        * `GOOGLE_RECAPTCHA`: Redirect to Google reCAPTCHA.
         """
         return pulumi.get(self, "type")
 
@@ -40369,6 +41746,8 @@ class GetForwardingRulesRuleResult(dict):
                For internal forwarding rules within the same VPC network, two or more
                forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and
                cannot have overlapping 'portRange's.
+               
+               @pattern: \\d+(?:-\\d+)?
         :param Sequence[str] ports: The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.
                Only packets addressed to ports in the specified range will be forwarded
                to the backends configured with this forwarding rule.
@@ -40389,6 +41768,8 @@ class GetForwardingRulesRuleResult(dict):
                For internal forwarding rules within the same VPC network, two or more
                forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if
                they share at least one port number.
+               
+               @pattern: \\d+(?:-\\d+)?
         :param str project: The name of the project.
         :param str psc_connection_id: The PSC connection id of the PSC Forwarding Rule.
         :param str psc_connection_status: The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'
@@ -40774,6 +42155,8 @@ class GetForwardingRulesRuleResult(dict):
         For internal forwarding rules within the same VPC network, two or more
         forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and
         cannot have overlapping 'portRange's.
+
+        @pattern: \\d+(?:-\\d+)?
         """
         return pulumi.get(self, "port_range")
 
@@ -40801,6 +42184,8 @@ class GetForwardingRulesRuleResult(dict):
         For internal forwarding rules within the same VPC network, two or more
         forwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if
         they share at least one port number.
+
+        @pattern: \\d+(?:-\\d+)?
         """
         return pulumi.get(self, "ports")