pulumi-gcp 7.3.0a1702567892__py3-none-any.whl → 7.3.1__py3-none-any.whl

pulumi_gcp/gkehub/scope.py

@@ -315,7 +315,7 @@ class Scope(pulumi.CustomResource):
                 "keyb": "valueb",
                 "keyc": "valuec",
             },
-            scope_id="tf-test-scope%{random_suffix}")
+            scope_id="my-scope")
         ```
 
         ## Import
@@ -383,7 +383,7 @@ class Scope(pulumi.CustomResource):
                 "keyb": "valueb",
                 "keyc": "valuec",
             },
-            scope_id="tf-test-scope%{random_suffix}")
+            scope_id="my-scope")
         ```
 
         ## Import

pulumi_gcp/iam/_inputs.py

@@ -16,6 +16,8 @@ __all__ = [
     'DenyPolicyRuleArgs',
     'DenyPolicyRuleDenyRuleArgs',
     'DenyPolicyRuleDenyRuleDenialConditionArgs',
+    'WorkforcePoolAccessRestrictionsArgs',
+    'WorkforcePoolAccessRestrictionsAllowedServiceArgs',
     'WorkforcePoolProviderOidcArgs',
     'WorkforcePoolProviderOidcClientSecretArgs',
     'WorkforcePoolProviderOidcClientSecretValueArgs',
@@ -421,6 +423,76 @@ class DenyPolicyRuleDenyRuleDenialConditionArgs:
         pulumi.set(self, "title", value)
 
 
+@pulumi.input_type
+class WorkforcePoolAccessRestrictionsArgs:
+    def __init__(__self__, *,
+                 allowed_services: Optional[pulumi.Input[Sequence[pulumi.Input['WorkforcePoolAccessRestrictionsAllowedServiceArgs']]]] = None,
+                 disable_programmatic_signin: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['WorkforcePoolAccessRestrictionsAllowedServiceArgs']]] allowed_services: Services allowed for web sign-in with the workforce pool.
+               If not set by default there are no restrictions.
+               Structure is documented below.
+        :param pulumi.Input[bool] disable_programmatic_signin: Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
+               See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
+        """
+        if allowed_services is not None:
+            pulumi.set(__self__, "allowed_services", allowed_services)
+        if disable_programmatic_signin is not None:
+            pulumi.set(__self__, "disable_programmatic_signin", disable_programmatic_signin)
+
+    @property
+    @pulumi.getter(name="allowedServices")
+    def allowed_services(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['WorkforcePoolAccessRestrictionsAllowedServiceArgs']]]]:
+        """
+        Services allowed for web sign-in with the workforce pool.
+        If not set by default there are no restrictions.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "allowed_services")
+
+    @allowed_services.setter
+    def allowed_services(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['WorkforcePoolAccessRestrictionsAllowedServiceArgs']]]]):
+        pulumi.set(self, "allowed_services", value)
+
+    @property
+    @pulumi.getter(name="disableProgrammaticSignin")
+    def disable_programmatic_signin(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
+        See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
+        """
+        return pulumi.get(self, "disable_programmatic_signin")
+
+    @disable_programmatic_signin.setter
+    def disable_programmatic_signin(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "disable_programmatic_signin", value)
+
+
+@pulumi.input_type
+class WorkforcePoolAccessRestrictionsAllowedServiceArgs:
+    def __init__(__self__, *,
+                 domain: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] domain: Domain name of the service.
+               Example: console.cloud.google
+        """
+        if domain is not None:
+            pulumi.set(__self__, "domain", domain)
+
+    @property
+    @pulumi.getter
+    def domain(self) -> Optional[pulumi.Input[str]]:
+        """
+        Domain name of the service.
+        Example: console.cloud.google
+        """
+        return pulumi.get(self, "domain")
+
+    @domain.setter
+    def domain(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "domain", value)
+
+
 @pulumi.input_type
 class WorkforcePoolProviderOidcArgs:
     def __init__(__self__, *,

pulumi_gcp/iam/outputs.py

@@ -17,6 +17,8 @@ __all__ = [
     'DenyPolicyRule',
     'DenyPolicyRuleDenyRule',
     'DenyPolicyRuleDenyRuleDenialCondition',
+    'WorkforcePoolAccessRestrictions',
+    'WorkforcePoolAccessRestrictionsAllowedService',
     'WorkforcePoolProviderOidc',
     'WorkforcePoolProviderOidcClientSecret',
     'WorkforcePoolProviderOidcClientSecretValue',
@@ -425,6 +427,83 @@ class DenyPolicyRuleDenyRuleDenialCondition(dict):
         return pulumi.get(self, "title")
 
 
+@pulumi.output_type
+class WorkforcePoolAccessRestrictions(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowedServices":
+            suggest = "allowed_services"
+        elif key == "disableProgrammaticSignin":
+            suggest = "disable_programmatic_signin"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in WorkforcePoolAccessRestrictions. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        WorkforcePoolAccessRestrictions.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        WorkforcePoolAccessRestrictions.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 allowed_services: Optional[Sequence['outputs.WorkforcePoolAccessRestrictionsAllowedService']] = None,
+                 disable_programmatic_signin: Optional[bool] = None):
+        """
+        :param Sequence['WorkforcePoolAccessRestrictionsAllowedServiceArgs'] allowed_services: Services allowed for web sign-in with the workforce pool.
+               If not set by default there are no restrictions.
+               Structure is documented below.
+        :param bool disable_programmatic_signin: Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
+               See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
+        """
+        if allowed_services is not None:
+            pulumi.set(__self__, "allowed_services", allowed_services)
+        if disable_programmatic_signin is not None:
+            pulumi.set(__self__, "disable_programmatic_signin", disable_programmatic_signin)
+
+    @property
+    @pulumi.getter(name="allowedServices")
+    def allowed_services(self) -> Optional[Sequence['outputs.WorkforcePoolAccessRestrictionsAllowedService']]:
+        """
+        Services allowed for web sign-in with the workforce pool.
+        If not set by default there are no restrictions.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "allowed_services")
+
+    @property
+    @pulumi.getter(name="disableProgrammaticSignin")
+    def disable_programmatic_signin(self) -> Optional[bool]:
+        """
+        Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.
+        See [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).
+        """
+        return pulumi.get(self, "disable_programmatic_signin")
+
+
+@pulumi.output_type
+class WorkforcePoolAccessRestrictionsAllowedService(dict):
+    def __init__(__self__, *,
+                 domain: Optional[str] = None):
+        """
+        :param str domain: Domain name of the service.
+               Example: console.cloud.google
+        """
+        if domain is not None:
+            pulumi.set(__self__, "domain", domain)
+
+    @property
+    @pulumi.getter
+    def domain(self) -> Optional[str]:
+        """
+        Domain name of the service.
+        Example: console.cloud.google
+        """
+        return pulumi.get(self, "domain")
+
+
 @pulumi.output_type
 class WorkforcePoolProviderOidc(dict):
     @staticmethod

pulumi_gcp/iam/workforce_pool.py

@@ -8,6 +8,8 @@ import pulumi
 import pulumi.runtime
 from typing import Any, Mapping, Optional, Sequence, Union, overload
 from .. import _utilities
+from . import outputs
+from ._inputs import *
 
 __all__ = ['WorkforcePoolArgs', 'WorkforcePool']
 
@@ -17,6 +19,7 @@ class WorkforcePoolArgs:
                  location: pulumi.Input[str],
                  parent: pulumi.Input[str],
                  workforce_pool_id: pulumi.Input[str],
+                 access_restrictions: Optional[pulumi.Input['WorkforcePoolAccessRestrictionsArgs']] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
@@ -31,6 +34,9 @@ class WorkforcePoolArgs:
         :param pulumi.Input[str] workforce_pool_id: The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,
                digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
                The prefix `gcp-` is reserved for use by Google, and may not be specified.
+        :param pulumi.Input['WorkforcePoolAccessRestrictionsArgs'] access_restrictions: Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+               sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+               Structure is documented below.
         :param pulumi.Input[str] description: A user-specified description of the pool. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
                or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
@@ -44,6 +50,8 @@ class WorkforcePoolArgs:
         pulumi.set(__self__, "location", location)
         pulumi.set(__self__, "parent", parent)
         pulumi.set(__self__, "workforce_pool_id", workforce_pool_id)
+        if access_restrictions is not None:
+            pulumi.set(__self__, "access_restrictions", access_restrictions)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if disabled is not None:
@@ -94,6 +102,20 @@ class WorkforcePoolArgs:
     def workforce_pool_id(self, value: pulumi.Input[str]):
         pulumi.set(self, "workforce_pool_id", value)
 
+    @property
+    @pulumi.getter(name="accessRestrictions")
+    def access_restrictions(self) -> Optional[pulumi.Input['WorkforcePoolAccessRestrictionsArgs']]:
+        """
+        Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+        sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "access_restrictions")
+
+    @access_restrictions.setter
+    def access_restrictions(self, value: Optional[pulumi.Input['WorkforcePoolAccessRestrictionsArgs']]):
+        pulumi.set(self, "access_restrictions", value)
+
     @property
     @pulumi.getter
     def description(self) -> Optional[pulumi.Input[str]]:
@@ -151,6 +173,7 @@ class WorkforcePoolArgs:
 @pulumi.input_type
 class _WorkforcePoolState:
     def __init__(__self__, *,
+                 access_restrictions: Optional[pulumi.Input['WorkforcePoolAccessRestrictionsArgs']] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
@@ -162,6 +185,9 @@ class _WorkforcePoolState:
                  workforce_pool_id: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering WorkforcePool resources.
+        :param pulumi.Input['WorkforcePoolAccessRestrictionsArgs'] access_restrictions: Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+               sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+               Structure is documented below.
         :param pulumi.Input[str] description: A user-specified description of the pool. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
                or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
@@ -192,6 +218,8 @@ class _WorkforcePoolState:
                digits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.
                The prefix `gcp-` is reserved for use by Google, and may not be specified.
         """
+        if access_restrictions is not None:
+            pulumi.set(__self__, "access_restrictions", access_restrictions)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if disabled is not None:
@@ -211,6 +239,20 @@ class _WorkforcePoolState:
         if workforce_pool_id is not None:
             pulumi.set(__self__, "workforce_pool_id", workforce_pool_id)
 
+    @property
+    @pulumi.getter(name="accessRestrictions")
+    def access_restrictions(self) -> Optional[pulumi.Input['WorkforcePoolAccessRestrictionsArgs']]:
+        """
+        Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+        sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "access_restrictions")
+
+    @access_restrictions.setter
+    def access_restrictions(self, value: Optional[pulumi.Input['WorkforcePoolAccessRestrictionsArgs']]):
+        pulumi.set(self, "access_restrictions", value)
+
     @property
     @pulumi.getter
     def description(self) -> Optional[pulumi.Input[str]]:
@@ -345,6 +387,7 @@ class WorkforcePool(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
+                 access_restrictions: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolAccessRestrictionsArgs']]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
@@ -385,6 +428,12 @@ class WorkforcePool(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         example = gcp.iam.WorkforcePool("example",
+            access_restrictions=gcp.iam.WorkforcePoolAccessRestrictionsArgs(
+                allowed_services=[gcp.iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs(
+                    domain="backstory.chronicle.security",
+                )],
+                disable_programmatic_signin=False,
+            ),
             description="A sample workforce pool.",
             disabled=False,
             display_name="Display name",
@@ -416,6 +465,9 @@ class WorkforcePool(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[pulumi.InputType['WorkforcePoolAccessRestrictionsArgs']] access_restrictions: Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+               sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+               Structure is documented below.
         :param pulumi.Input[str] description: A user-specified description of the pool. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
                or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
@@ -472,6 +524,12 @@ class WorkforcePool(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         example = gcp.iam.WorkforcePool("example",
+            access_restrictions=gcp.iam.WorkforcePoolAccessRestrictionsArgs(
+                allowed_services=[gcp.iam.WorkforcePoolAccessRestrictionsAllowedServiceArgs(
+                    domain="backstory.chronicle.security",
+                )],
+                disable_programmatic_signin=False,
+            ),
             description="A sample workforce pool.",
             disabled=False,
             display_name="Display name",
@@ -516,6 +574,7 @@ class WorkforcePool(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
+                 access_restrictions: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolAccessRestrictionsArgs']]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
                  display_name: Optional[pulumi.Input[str]] = None,
@@ -532,6 +591,7 @@ class WorkforcePool(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = WorkforcePoolArgs.__new__(WorkforcePoolArgs)
 
+            __props__.__dict__["access_restrictions"] = access_restrictions
             __props__.__dict__["description"] = description
             __props__.__dict__["disabled"] = disabled
             __props__.__dict__["display_name"] = display_name
@@ -557,6 +617,7 @@ class WorkforcePool(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
+            access_restrictions: Optional[pulumi.Input[pulumi.InputType['WorkforcePoolAccessRestrictionsArgs']]] = None,
             description: Optional[pulumi.Input[str]] = None,
             disabled: Optional[pulumi.Input[bool]] = None,
             display_name: Optional[pulumi.Input[str]] = None,
@@ -573,6 +634,9 @@ class WorkforcePool(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[pulumi.InputType['WorkforcePoolAccessRestrictionsArgs']] access_restrictions: Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+               sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+               Structure is documented below.
         :param pulumi.Input[str] description: A user-specified description of the pool. Cannot exceed 256 characters.
         :param pulumi.Input[bool] disabled: Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,
                or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.
@@ -607,6 +671,7 @@ class WorkforcePool(pulumi.CustomResource):
 
         __props__ = _WorkforcePoolState.__new__(_WorkforcePoolState)
 
+        __props__.__dict__["access_restrictions"] = access_restrictions
         __props__.__dict__["description"] = description
         __props__.__dict__["disabled"] = disabled
         __props__.__dict__["display_name"] = display_name
@@ -618,6 +683,16 @@ class WorkforcePool(pulumi.CustomResource):
         __props__.__dict__["workforce_pool_id"] = workforce_pool_id
         return WorkforcePool(resource_name, opts=opts, __props__=__props__)
 
+    @property
+    @pulumi.getter(name="accessRestrictions")
+    def access_restrictions(self) -> pulumi.Output[Optional['outputs.WorkforcePoolAccessRestrictions']]:
+        """
+        Configure access restrictions on the workforce pool users. This is an optional field. If specified web
+        sign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "access_restrictions")
+
     @property
     @pulumi.getter
     def description(self) -> pulumi.Output[Optional[str]]:

pulumi_gcp/identityplatform/project_default_config.py

@@ -126,6 +126,8 @@ class ProjectDefaultConfig(pulumi.CustomResource):
                  sign_in: Optional[pulumi.Input[pulumi.InputType['ProjectDefaultConfigSignInArgs']]] = None,
                  __props__=None):
         """
+        > **Warning:** `identityplatform.Config` is deprecated and will be removed in the next major release of the provider. Use the `identityplatform.Config` resource instead. It contains a more comprehensive list of fields, and was created before `identityplatform.ProjectDefaultConfig` was added.
+
         There is no persistent data associated with this resource.
 
         > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
@@ -197,6 +199,8 @@ class ProjectDefaultConfig(pulumi.CustomResource):
                  args: Optional[ProjectDefaultConfigArgs] = None,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
+        > **Warning:** `identityplatform.Config` is deprecated and will be removed in the next major release of the provider. Use the `identityplatform.Config` resource instead. It contains a more comprehensive list of fields, and was created before `identityplatform.ProjectDefaultConfig` was added.
+
         There is no persistent data associated with this resource.
 
         > **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,

pulumi_gcp/logging/__init__.py

@@ -11,7 +11,10 @@ from .billing_account_sink import *
 from .folder_bucket_config import *
 from .folder_exclusion import *
 from .folder_sink import *
+from .get_folder_settings import *
+from .get_organization_settings import *
 from .get_project_cmek_settings import *
+from .get_project_settings import *
 from .get_sink import *
 from .linked_dataset import *
 from .log_view import *

pulumi_gcp/logging/get_folder_settings.py

@@ -0,0 +1,197 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+from .. import _utilities
+
+__all__ = [
+    'GetFolderSettingsResult',
+    'AwaitableGetFolderSettingsResult',
+    'get_folder_settings',
+    'get_folder_settings_output',
+]
+
+@pulumi.output_type
+class GetFolderSettingsResult:
+    """
+    A collection of values returned by getFolderSettings.
+    """
+    def __init__(__self__, disable_default_sink=None, folder=None, id=None, kms_key_name=None, kms_service_account_id=None, logging_service_account_id=None, name=None, storage_location=None):
+        if disable_default_sink and not isinstance(disable_default_sink, bool):
+            raise TypeError("Expected argument 'disable_default_sink' to be a bool")
+        pulumi.set(__self__, "disable_default_sink", disable_default_sink)
+        if folder and not isinstance(folder, str):
+            raise TypeError("Expected argument 'folder' to be a str")
+        pulumi.set(__self__, "folder", folder)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if kms_key_name and not isinstance(kms_key_name, str):
+            raise TypeError("Expected argument 'kms_key_name' to be a str")
+        pulumi.set(__self__, "kms_key_name", kms_key_name)
+        if kms_service_account_id and not isinstance(kms_service_account_id, str):
+            raise TypeError("Expected argument 'kms_service_account_id' to be a str")
+        pulumi.set(__self__, "kms_service_account_id", kms_service_account_id)
+        if logging_service_account_id and not isinstance(logging_service_account_id, str):
+            raise TypeError("Expected argument 'logging_service_account_id' to be a str")
+        pulumi.set(__self__, "logging_service_account_id", logging_service_account_id)
+        if name and not isinstance(name, str):
+            raise TypeError("Expected argument 'name' to be a str")
+        pulumi.set(__self__, "name", name)
+        if storage_location and not isinstance(storage_location, str):
+            raise TypeError("Expected argument 'storage_location' to be a str")
+        pulumi.set(__self__, "storage_location", storage_location)
+
+    @property
+    @pulumi.getter(name="disableDefaultSink")
+    def disable_default_sink(self) -> bool:
+        """
+        If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.
+        """
+        return pulumi.get(self, "disable_default_sink")
+
+    @property
+    @pulumi.getter
+    def folder(self) -> str:
+        return pulumi.get(self, "folder")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter(name="kmsKeyName")
+    def kms_key_name(self) -> str:
+        """
+        The resource name for the configured Cloud KMS key.
+        KMS key name format:
+        `'projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]'`
+        To enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.
+        The Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.
+        See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.
+        """
+        return pulumi.get(self, "kms_key_name")
+
+    @property
+    @pulumi.getter(name="kmsServiceAccountId")
+    def kms_service_account_id(self) -> str:
+        """
+        The service account associated with a project for which CMEK will apply.
+        Before enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. See [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.
+        """
+        return pulumi.get(self, "kms_service_account_id")
+
+    @property
+    @pulumi.getter(name="loggingServiceAccountId")
+    def logging_service_account_id(self) -> str:
+        """
+        The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.
+        """
+        return pulumi.get(self, "logging_service_account_id")
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        The resource name of the settings.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="storageLocation")
+    def storage_location(self) -> str:
+        """
+        The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.
+        """
+        return pulumi.get(self, "storage_location")
+
+
+class AwaitableGetFolderSettingsResult(GetFolderSettingsResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetFolderSettingsResult(
+            disable_default_sink=self.disable_default_sink,
+            folder=self.folder,
+            id=self.id,
+            kms_key_name=self.kms_key_name,
+            kms_service_account_id=self.kms_service_account_id,
+            logging_service_account_id=self.logging_service_account_id,
+            name=self.name,
+            storage_location=self.storage_location)
+
+
+def get_folder_settings(folder: Optional[str] = None,
+                        opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetFolderSettingsResult:
+    """
+    Describes the settings associated with a folder.
+
+    To get more information about LoggingFolderSettings, see:
+
+    * [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/folders/getSettings)
+    * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).
+
+    ## Example Usage
+    ### Logging Folder Settings Basic
+
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+
+    settings = gcp.logging.get_folder_settings(folder="my-folder-name")
+    ```
+
+
+    :param str folder: The ID of the folder for which to retrieve settings.
+    """
+    __args__ = dict()
+    __args__['folder'] = folder
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('gcp:logging/getFolderSettings:getFolderSettings', __args__, opts=opts, typ=GetFolderSettingsResult).value
+
+    return AwaitableGetFolderSettingsResult(
+        disable_default_sink=pulumi.get(__ret__, 'disable_default_sink'),
+        folder=pulumi.get(__ret__, 'folder'),
+        id=pulumi.get(__ret__, 'id'),
+        kms_key_name=pulumi.get(__ret__, 'kms_key_name'),
+        kms_service_account_id=pulumi.get(__ret__, 'kms_service_account_id'),
+        logging_service_account_id=pulumi.get(__ret__, 'logging_service_account_id'),
+        name=pulumi.get(__ret__, 'name'),
+        storage_location=pulumi.get(__ret__, 'storage_location'))
+
+
+@_utilities.lift_output_func(get_folder_settings)
+def get_folder_settings_output(folder: Optional[pulumi.Input[str]] = None,
+                               opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetFolderSettingsResult]:
+    """
+    Describes the settings associated with a folder.
+
+    To get more information about LoggingFolderSettings, see:
+
+    * [API documentation](https://cloud.google.com/logging/docs/reference/v2/rest/v2/folders/getSettings)
+    * [Configure default settings for organizations and folders](https://cloud.google.com/logging/docs/default-settings).
+
+    ## Example Usage
+    ### Logging Folder Settings Basic
+
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+
+    settings = gcp.logging.get_folder_settings(folder="my-folder-name")
+    ```
+
+
+    :param str folder: The ID of the folder for which to retrieve settings.
+    """
+    ...