pulumi-gcp 7.28.0a1718995220__py3-none-any.whl → 7.29.0__py3-none-any.whl

pulumi_gcp/compute/_inputs.py

@@ -437,6 +437,8 @@ __all__ = [
     'SecurityPolicyRuleMatchArgs',
     'SecurityPolicyRuleMatchConfigArgs',
     'SecurityPolicyRuleMatchExprArgs',
+    'SecurityPolicyRuleMatchExprOptionsArgs',
+    'SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs',
     'SecurityPolicyRulePreconfiguredWafConfigArgs',
     'SecurityPolicyRulePreconfiguredWafConfigExclusionArgs',
     'SecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyArgs',
@@ -30829,6 +30831,7 @@ class SecurityPolicyRuleMatchArgs:
     def __init__(__self__, *,
                  config: Optional[pulumi.Input['SecurityPolicyRuleMatchConfigArgs']] = None,
                  expr: Optional[pulumi.Input['SecurityPolicyRuleMatchExprArgs']] = None,
+                 expr_options: Optional[pulumi.Input['SecurityPolicyRuleMatchExprOptionsArgs']] = None,
                  versioned_expr: Optional[pulumi.Input[str]] = None):
         """
         :param pulumi.Input['SecurityPolicyRuleMatchConfigArgs'] config: The configuration options available when specifying versionedExpr.
@@ -30836,6 +30839,8 @@ class SecurityPolicyRuleMatchArgs:
                Structure is documented below.
         :param pulumi.Input['SecurityPolicyRuleMatchExprArgs'] expr: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
                Structure is documented below.
+        :param pulumi.Input['SecurityPolicyRuleMatchExprOptionsArgs'] expr_options: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
+               Structure is documented below.
         :param pulumi.Input[str] versioned_expr: Preconfigured versioned expression. If this field is specified, config must also be specified.
                Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config.
                Possible values are: `SRC_IPS_V1`.
@@ -30844,6 +30849,8 @@ class SecurityPolicyRuleMatchArgs:
             pulumi.set(__self__, "config", config)
         if expr is not None:
             pulumi.set(__self__, "expr", expr)
+        if expr_options is not None:
+            pulumi.set(__self__, "expr_options", expr_options)
         if versioned_expr is not None:
             pulumi.set(__self__, "versioned_expr", versioned_expr)
 
@@ -30874,6 +30881,19 @@ class SecurityPolicyRuleMatchArgs:
     def expr(self, value: Optional[pulumi.Input['SecurityPolicyRuleMatchExprArgs']]):
         pulumi.set(self, "expr", value)
 
+    @property
+    @pulumi.getter(name="exprOptions")
+    def expr_options(self) -> Optional[pulumi.Input['SecurityPolicyRuleMatchExprOptionsArgs']]:
+        """
+        The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr_options")
+
+    @expr_options.setter
+    def expr_options(self, value: Optional[pulumi.Input['SecurityPolicyRuleMatchExprOptionsArgs']]):
+        pulumi.set(self, "expr_options", value)
+
     @property
     @pulumi.getter(name="versionedExpr")
     def versioned_expr(self) -> Optional[pulumi.Input[str]]:
@@ -30934,6 +30954,69 @@ class SecurityPolicyRuleMatchExprArgs:
         pulumi.set(self, "expression", value)
 
 
+@pulumi.input_type
+class SecurityPolicyRuleMatchExprOptionsArgs:
+    def __init__(__self__, *,
+                 recaptcha_options: pulumi.Input['SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs']):
+        """
+        :param pulumi.Input['SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs'] recaptcha_options: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "recaptcha_options", recaptcha_options)
+
+    @property
+    @pulumi.getter(name="recaptchaOptions")
+    def recaptcha_options(self) -> pulumi.Input['SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs']:
+        """
+        reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "recaptcha_options")
+
+    @recaptcha_options.setter
+    def recaptcha_options(self, value: pulumi.Input['SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs']):
+        pulumi.set(self, "recaptcha_options", value)
+
+
+@pulumi.input_type
+class SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs:
+    def __init__(__self__, *,
+                 action_token_site_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 session_token_site_keys: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] action_token_site_keys: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] session_token_site_keys: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        if action_token_site_keys is not None:
+            pulumi.set(__self__, "action_token_site_keys", action_token_site_keys)
+        if session_token_site_keys is not None:
+            pulumi.set(__self__, "session_token_site_keys", session_token_site_keys)
+
+    @property
+    @pulumi.getter(name="actionTokenSiteKeys")
+    def action_token_site_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        return pulumi.get(self, "action_token_site_keys")
+
+    @action_token_site_keys.setter
+    def action_token_site_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "action_token_site_keys", value)
+
+    @property
+    @pulumi.getter(name="sessionTokenSiteKeys")
+    def session_token_site_keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        return pulumi.get(self, "session_token_site_keys")
+
+    @session_token_site_keys.setter
+    def session_token_site_keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "session_token_site_keys", value)
+
+
 @pulumi.input_type
 class SecurityPolicyRulePreconfiguredWafConfigArgs:
     def __init__(__self__, *,

pulumi_gcp/compute/disk.py

@@ -297,15 +297,13 @@ class DiskArgs:
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""")
     def interface(self) -> Optional[pulumi.Input[str]]:
         """
         Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.
 
         > **Warning:** `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.
         """
-        warnings.warn("""`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""", DeprecationWarning)
-        pulumi.log.warn("""interface is deprecated: `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""")
-
         return pulumi.get(self, "interface")
 
     @interface.setter
@@ -957,15 +955,13 @@ class _DiskState:
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""")
     def interface(self) -> Optional[pulumi.Input[str]]:
         """
         Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.
 
         > **Warning:** `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.
         """
-        warnings.warn("""`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""", DeprecationWarning)
-        pulumi.log.warn("""interface is deprecated: `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""")
-
         return pulumi.get(self, "interface")
 
     @interface.setter
@@ -2150,15 +2146,13 @@ class Disk(pulumi.CustomResource):
 
     @property
     @pulumi.getter
+    @_utilities.deprecated("""`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""")
     def interface(self) -> pulumi.Output[Optional[str]]:
         """
         Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.
 
         > **Warning:** `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.
         """
-        warnings.warn("""`interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""", DeprecationWarning)
-        pulumi.log.warn("""interface is deprecated: `interface` is deprecated and will be removed in a future major release. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment.""")
-
         return pulumi.get(self, "interface")
 
     @property

pulumi_gcp/compute/firewall.py

@@ -261,14 +261,12 @@ class FirewallArgs:
 
     @property
     @pulumi.getter(name="enableLogging")
+    @_utilities.deprecated("""Deprecated in favor of log_config""")
     def enable_logging(self) -> Optional[pulumi.Input[bool]]:
         """
         This field denotes whether to enable logging for a particular firewall rule.
         If logging is enabled, logs will be exported to Stackdriver. Deprecated in favor of `log_config`
         """
-        warnings.warn("""Deprecated in favor of log_config""", DeprecationWarning)
-        pulumi.log.warn("""enable_logging is deprecated: Deprecated in favor of log_config""")
-
         return pulumi.get(self, "enable_logging")
 
     @enable_logging.setter
@@ -688,14 +686,12 @@ class _FirewallState:
 
     @property
     @pulumi.getter(name="enableLogging")
+    @_utilities.deprecated("""Deprecated in favor of log_config""")
     def enable_logging(self) -> Optional[pulumi.Input[bool]]:
         """
         This field denotes whether to enable logging for a particular firewall rule.
         If logging is enabled, logs will be exported to Stackdriver. Deprecated in favor of `log_config`
         """
-        warnings.warn("""Deprecated in favor of log_config""", DeprecationWarning)
-        pulumi.log.warn("""enable_logging is deprecated: Deprecated in favor of log_config""")
-
         return pulumi.get(self, "enable_logging")
 
     @enable_logging.setter
@@ -1476,14 +1472,12 @@ class Firewall(pulumi.CustomResource):
 
     @property
     @pulumi.getter(name="enableLogging")
+    @_utilities.deprecated("""Deprecated in favor of log_config""")
     def enable_logging(self) -> pulumi.Output[bool]:
         """
         This field denotes whether to enable logging for a particular firewall rule.
         If logging is enabled, logs will be exported to Stackdriver. Deprecated in favor of `log_config`
         """
-        warnings.warn("""Deprecated in favor of log_config""", DeprecationWarning)
-        pulumi.log.warn("""enable_logging is deprecated: Deprecated in favor of log_config""")
-
         return pulumi.get(self, "enable_logging")
 
     @property

pulumi_gcp/compute/forwarding_rule.py

@@ -1901,7 +1901,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["allow-ssh"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw1]))
+            opts = pulumi.ResourceOptions(depends_on=[fw1]))
         fw3 = gcp.compute.Firewall("fw3",
             name="website-fw-3",
             network=default_network.id,
@@ -1914,7 +1914,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["load-balanced-backend"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw2]))
+            opts = pulumi.ResourceOptions(depends_on=[fw2]))
         fw4 = gcp.compute.Firewall("fw4",
             name="website-fw-4",
             network=default_network.id,
@@ -1935,14 +1935,14 @@ class ForwardingRule(pulumi.CustomResource):
                 ),
             ],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw3]))
+            opts = pulumi.ResourceOptions(depends_on=[fw3]))
         default_region_health_check = gcp.compute.RegionHealthCheck("default",
             region="us-central1",
             name="website-hc",
             http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
                 port_specification="USE_SERVING_PORT",
             ),
-            opts=pulumi.ResourceOptions(depends_on=[fw4]))
+            opts = pulumi.ResourceOptions(depends_on=[fw4]))
         default_region_backend_service = gcp.compute.RegionBackendService("default",
             load_balancing_scheme="INTERNAL_MANAGED",
             backends=[gcp.compute.RegionBackendServiceBackendArgs(
@@ -1981,7 +1981,7 @@ class ForwardingRule(pulumi.CustomResource):
             network=default_network.id,
             subnetwork=default_subnetwork.id,
             network_tier="PREMIUM",
-            opts=pulumi.ResourceOptions(depends_on=[proxy]))
+            opts = pulumi.ResourceOptions(depends_on=[proxy]))
         ```
         ### Forwarding Rule Regional Http Xlb
 
@@ -2051,7 +2051,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["allow-ssh"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw1]))
+            opts = pulumi.ResourceOptions(depends_on=[fw1]))
         fw3 = gcp.compute.Firewall("fw3",
             name="website-fw-3",
             network=default_network.id,
@@ -2064,7 +2064,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["load-balanced-backend"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw2]))
+            opts = pulumi.ResourceOptions(depends_on=[fw2]))
         fw4 = gcp.compute.Firewall("fw4",
             name="website-fw-4",
             network=default_network.id,
@@ -2085,14 +2085,14 @@ class ForwardingRule(pulumi.CustomResource):
                 ),
             ],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw3]))
+            opts = pulumi.ResourceOptions(depends_on=[fw3]))
         default_region_health_check = gcp.compute.RegionHealthCheck("default",
             region="us-central1",
             name="website-hc",
             http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
                 port_specification="USE_SERVING_PORT",
             ),
-            opts=pulumi.ResourceOptions(depends_on=[fw4]))
+            opts = pulumi.ResourceOptions(depends_on=[fw4]))
         default_region_backend_service = gcp.compute.RegionBackendService("default",
             load_balancing_scheme="EXTERNAL_MANAGED",
             backends=[gcp.compute.RegionBackendServiceBackendArgs(
@@ -2135,7 +2135,7 @@ class ForwardingRule(pulumi.CustomResource):
             network=default_network.id,
             ip_address=default_address.address,
             network_tier="STANDARD",
-            opts=pulumi.ResourceOptions(depends_on=[proxy]))
+            opts = pulumi.ResourceOptions(depends_on=[proxy]))
         ```
         ### Forwarding Rule Vpc Psc
 
@@ -2308,7 +2308,7 @@ class ForwardingRule(pulumi.CustomResource):
                 "34.121.88.0/24",
                 "35.187.239.137",
             ],
-            opts=pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
+            opts = pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
         ```
         ### Forwarding Rule Internallb Ipv6
 
@@ -2799,7 +2799,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["allow-ssh"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw1]))
+            opts = pulumi.ResourceOptions(depends_on=[fw1]))
         fw3 = gcp.compute.Firewall("fw3",
             name="website-fw-3",
             network=default_network.id,
@@ -2812,7 +2812,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["load-balanced-backend"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw2]))
+            opts = pulumi.ResourceOptions(depends_on=[fw2]))
         fw4 = gcp.compute.Firewall("fw4",
             name="website-fw-4",
             network=default_network.id,
@@ -2833,14 +2833,14 @@ class ForwardingRule(pulumi.CustomResource):
                 ),
             ],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw3]))
+            opts = pulumi.ResourceOptions(depends_on=[fw3]))
         default_region_health_check = gcp.compute.RegionHealthCheck("default",
             region="us-central1",
             name="website-hc",
             http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
                 port_specification="USE_SERVING_PORT",
             ),
-            opts=pulumi.ResourceOptions(depends_on=[fw4]))
+            opts = pulumi.ResourceOptions(depends_on=[fw4]))
         default_region_backend_service = gcp.compute.RegionBackendService("default",
             load_balancing_scheme="INTERNAL_MANAGED",
             backends=[gcp.compute.RegionBackendServiceBackendArgs(
@@ -2879,7 +2879,7 @@ class ForwardingRule(pulumi.CustomResource):
             network=default_network.id,
             subnetwork=default_subnetwork.id,
             network_tier="PREMIUM",
-            opts=pulumi.ResourceOptions(depends_on=[proxy]))
+            opts = pulumi.ResourceOptions(depends_on=[proxy]))
         ```
         ### Forwarding Rule Regional Http Xlb
 
@@ -2949,7 +2949,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["allow-ssh"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw1]))
+            opts = pulumi.ResourceOptions(depends_on=[fw1]))
         fw3 = gcp.compute.Firewall("fw3",
             name="website-fw-3",
             network=default_network.id,
@@ -2962,7 +2962,7 @@ class ForwardingRule(pulumi.CustomResource):
             )],
             target_tags=["load-balanced-backend"],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw2]))
+            opts = pulumi.ResourceOptions(depends_on=[fw2]))
         fw4 = gcp.compute.Firewall("fw4",
             name="website-fw-4",
             network=default_network.id,
@@ -2983,14 +2983,14 @@ class ForwardingRule(pulumi.CustomResource):
                 ),
             ],
             direction="INGRESS",
-            opts=pulumi.ResourceOptions(depends_on=[fw3]))
+            opts = pulumi.ResourceOptions(depends_on=[fw3]))
         default_region_health_check = gcp.compute.RegionHealthCheck("default",
             region="us-central1",
             name="website-hc",
             http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
                 port_specification="USE_SERVING_PORT",
             ),
-            opts=pulumi.ResourceOptions(depends_on=[fw4]))
+            opts = pulumi.ResourceOptions(depends_on=[fw4]))
         default_region_backend_service = gcp.compute.RegionBackendService("default",
             load_balancing_scheme="EXTERNAL_MANAGED",
             backends=[gcp.compute.RegionBackendServiceBackendArgs(
@@ -3033,7 +3033,7 @@ class ForwardingRule(pulumi.CustomResource):
             network=default_network.id,
             ip_address=default_address.address,
             network_tier="STANDARD",
-            opts=pulumi.ResourceOptions(depends_on=[proxy]))
+            opts = pulumi.ResourceOptions(depends_on=[proxy]))
         ```
         ### Forwarding Rule Vpc Psc
 
@@ -3206,7 +3206,7 @@ class ForwardingRule(pulumi.CustomResource):
                 "34.121.88.0/24",
                 "35.187.239.137",
             ],
-            opts=pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
+            opts = pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
         ```
         ### Forwarding Rule Internallb Ipv6
 

pulumi_gcp/compute/outputs.py

@@ -440,6 +440,8 @@ __all__ = [
     'SecurityPolicyRuleMatch',
     'SecurityPolicyRuleMatchConfig',
     'SecurityPolicyRuleMatchExpr',
+    'SecurityPolicyRuleMatchExprOptions',
+    'SecurityPolicyRuleMatchExprOptionsRecaptchaOptions',
     'SecurityPolicyRulePreconfiguredWafConfig',
     'SecurityPolicyRulePreconfiguredWafConfigExclusion',
     'SecurityPolicyRulePreconfiguredWafConfigExclusionRequestCooky',
@@ -728,6 +730,8 @@ __all__ = [
     'GetSecurityPolicyRuleMatchResult',
     'GetSecurityPolicyRuleMatchConfigResult',
     'GetSecurityPolicyRuleMatchExprResult',
+    'GetSecurityPolicyRuleMatchExprOptionResult',
+    'GetSecurityPolicyRuleMatchExprOptionRecaptchaOptionResult',
     'GetSecurityPolicyRulePreconfiguredWafConfigResult',
     'GetSecurityPolicyRulePreconfiguredWafConfigExclusionResult',
     'GetSecurityPolicyRulePreconfiguredWafConfigExclusionRequestCookyResult',
@@ -31881,7 +31885,9 @@ class SecurityPolicyRuleMatch(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "versionedExpr":
+        if key == "exprOptions":
+            suggest = "expr_options"
+        elif key == "versionedExpr":
             suggest = "versioned_expr"
 
         if suggest:
@@ -31898,6 +31904,7 @@ class SecurityPolicyRuleMatch(dict):
     def __init__(__self__, *,
                  config: Optional['outputs.SecurityPolicyRuleMatchConfig'] = None,
                  expr: Optional['outputs.SecurityPolicyRuleMatchExpr'] = None,
+                 expr_options: Optional['outputs.SecurityPolicyRuleMatchExprOptions'] = None,
                  versioned_expr: Optional[str] = None):
         """
         :param 'SecurityPolicyRuleMatchConfigArgs' config: The configuration options available when specifying versionedExpr.
@@ -31905,6 +31912,8 @@ class SecurityPolicyRuleMatch(dict):
                Structure is documented below.
         :param 'SecurityPolicyRuleMatchExprArgs' expr: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
                Structure is documented below.
+        :param 'SecurityPolicyRuleMatchExprOptionsArgs' expr_options: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
+               Structure is documented below.
         :param str versioned_expr: Preconfigured versioned expression. If this field is specified, config must also be specified.
                Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config.
                Possible values are: `SRC_IPS_V1`.
@@ -31913,6 +31922,8 @@ class SecurityPolicyRuleMatch(dict):
             pulumi.set(__self__, "config", config)
         if expr is not None:
             pulumi.set(__self__, "expr", expr)
+        if expr_options is not None:
+            pulumi.set(__self__, "expr_options", expr_options)
         if versioned_expr is not None:
             pulumi.set(__self__, "versioned_expr", versioned_expr)
 
@@ -31935,6 +31946,15 @@ class SecurityPolicyRuleMatch(dict):
         """
         return pulumi.get(self, "expr")
 
+    @property
+    @pulumi.getter(name="exprOptions")
+    def expr_options(self) -> Optional['outputs.SecurityPolicyRuleMatchExprOptions']:
+        """
+        The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
+        Structure is documented below.
+        """
+        return pulumi.get(self, "expr_options")
+
     @property
     @pulumi.getter(name="versionedExpr")
     def versioned_expr(self) -> Optional[str]:
@@ -32000,6 +32020,93 @@ class SecurityPolicyRuleMatchExpr(dict):
         return pulumi.get(self, "expression")
 
 
+@pulumi.output_type
+class SecurityPolicyRuleMatchExprOptions(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "recaptchaOptions":
+            suggest = "recaptcha_options"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in SecurityPolicyRuleMatchExprOptions. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        SecurityPolicyRuleMatchExprOptions.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        SecurityPolicyRuleMatchExprOptions.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 recaptcha_options: 'outputs.SecurityPolicyRuleMatchExprOptionsRecaptchaOptions'):
+        """
+        :param 'SecurityPolicyRuleMatchExprOptionsRecaptchaOptionsArgs' recaptcha_options: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
+               Structure is documented below.
+        """
+        pulumi.set(__self__, "recaptcha_options", recaptcha_options)
+
+    @property
+    @pulumi.getter(name="recaptchaOptions")
+    def recaptcha_options(self) -> 'outputs.SecurityPolicyRuleMatchExprOptionsRecaptchaOptions':
+        """
+        reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "recaptcha_options")
+
+
+@pulumi.output_type
+class SecurityPolicyRuleMatchExprOptionsRecaptchaOptions(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "actionTokenSiteKeys":
+            suggest = "action_token_site_keys"
+        elif key == "sessionTokenSiteKeys":
+            suggest = "session_token_site_keys"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in SecurityPolicyRuleMatchExprOptionsRecaptchaOptions. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        SecurityPolicyRuleMatchExprOptionsRecaptchaOptions.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        SecurityPolicyRuleMatchExprOptionsRecaptchaOptions.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 action_token_site_keys: Optional[Sequence[str]] = None,
+                 session_token_site_keys: Optional[Sequence[str]] = None):
+        """
+        :param Sequence[str] action_token_site_keys: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        :param Sequence[str] session_token_site_keys: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        if action_token_site_keys is not None:
+            pulumi.set(__self__, "action_token_site_keys", action_token_site_keys)
+        if session_token_site_keys is not None:
+            pulumi.set(__self__, "session_token_site_keys", session_token_site_keys)
+
+    @property
+    @pulumi.getter(name="actionTokenSiteKeys")
+    def action_token_site_keys(self) -> Optional[Sequence[str]]:
+        """
+        A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        return pulumi.get(self, "action_token_site_keys")
+
+    @property
+    @pulumi.getter(name="sessionTokenSiteKeys")
+    def session_token_site_keys(self) -> Optional[Sequence[str]]:
+        """
+        A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        return pulumi.get(self, "session_token_site_keys")
+
+
 @pulumi.output_type
 class SecurityPolicyRulePreconfiguredWafConfig(dict):
     def __init__(__self__, *,
@@ -50463,14 +50570,17 @@ class GetSecurityPolicyRuleHeaderActionRequestHeadersToAddResult(dict):
 class GetSecurityPolicyRuleMatchResult(dict):
     def __init__(__self__, *,
                  configs: Sequence['outputs.GetSecurityPolicyRuleMatchConfigResult'],
+                 expr_options: Sequence['outputs.GetSecurityPolicyRuleMatchExprOptionResult'],
                  exprs: Sequence['outputs.GetSecurityPolicyRuleMatchExprResult'],
                  versioned_expr: str):
         """
         :param Sequence['GetSecurityPolicyRuleMatchConfigArgs'] configs: The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.
+        :param Sequence['GetSecurityPolicyRuleMatchExprOptionArgs'] expr_options: The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
         :param Sequence['GetSecurityPolicyRuleMatchExprArgs'] exprs: User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.
         :param str versioned_expr: Predefined rule expression. If this field is specified, config must also be specified. Available options:   SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.
         """
         pulumi.set(__self__, "configs", configs)
+        pulumi.set(__self__, "expr_options", expr_options)
         pulumi.set(__self__, "exprs", exprs)
         pulumi.set(__self__, "versioned_expr", versioned_expr)
 
@@ -50482,6 +50592,14 @@ class GetSecurityPolicyRuleMatchResult(dict):
         """
         return pulumi.get(self, "configs")
 
+    @property
+    @pulumi.getter(name="exprOptions")
+    def expr_options(self) -> Sequence['outputs.GetSecurityPolicyRuleMatchExprOptionResult']:
+        """
+        The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').
+        """
+        return pulumi.get(self, "expr_options")
+
     @property
     @pulumi.getter
     def exprs(self) -> Sequence['outputs.GetSecurityPolicyRuleMatchExprResult']:
@@ -50535,6 +50653,53 @@ class GetSecurityPolicyRuleMatchExprResult(dict):
         return pulumi.get(self, "expression")
 
 
+@pulumi.output_type
+class GetSecurityPolicyRuleMatchExprOptionResult(dict):
+    def __init__(__self__, *,
+                 recaptcha_options: Sequence['outputs.GetSecurityPolicyRuleMatchExprOptionRecaptchaOptionResult']):
+        """
+        :param Sequence['GetSecurityPolicyRuleMatchExprOptionRecaptchaOptionArgs'] recaptcha_options: reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
+        """
+        pulumi.set(__self__, "recaptcha_options", recaptcha_options)
+
+    @property
+    @pulumi.getter(name="recaptchaOptions")
+    def recaptcha_options(self) -> Sequence['outputs.GetSecurityPolicyRuleMatchExprOptionRecaptchaOptionResult']:
+        """
+        reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.
+        """
+        return pulumi.get(self, "recaptcha_options")
+
+
+@pulumi.output_type
+class GetSecurityPolicyRuleMatchExprOptionRecaptchaOptionResult(dict):
+    def __init__(__self__, *,
+                 action_token_site_keys: Sequence[str],
+                 session_token_site_keys: Sequence[str]):
+        """
+        :param Sequence[str] action_token_site_keys: A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
+        :param Sequence[str] session_token_site_keys: A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        pulumi.set(__self__, "action_token_site_keys", action_token_site_keys)
+        pulumi.set(__self__, "session_token_site_keys", session_token_site_keys)
+
+    @property
+    @pulumi.getter(name="actionTokenSiteKeys")
+    def action_token_site_keys(self) -> Sequence[str]:
+        """
+        A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created
+        """
+        return pulumi.get(self, "action_token_site_keys")
+
+    @property
+    @pulumi.getter(name="sessionTokenSiteKeys")
+    def session_token_site_keys(self) -> Sequence[str]:
+        """
+        A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.
+        """
+        return pulumi.get(self, "session_token_site_keys")
+
+
 @pulumi.output_type
 class GetSecurityPolicyRulePreconfiguredWafConfigResult(dict):
     def __init__(__self__, *,