pulumi-gcp 7.31.0a1720765508__py3-none-any.whl → 7.31.0a1721039192__py3-none-any.whl

pulumi_gcp/__init__.py

@@ -6895,6 +6895,38 @@ _utilities.register(
    "gcp:securesourcemanager/instanceIamPolicy:InstanceIamPolicy": "InstanceIamPolicy"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "securesourcemanager/repository",
+  "fqn": "pulumi_gcp.securesourcemanager",
+  "classes": {
+   "gcp:securesourcemanager/repository:Repository": "Repository"
+  }
+ },
+ {
+  "pkg": "gcp",
+  "mod": "securesourcemanager/repositoryIamBinding",
+  "fqn": "pulumi_gcp.securesourcemanager",
+  "classes": {
+   "gcp:securesourcemanager/repositoryIamBinding:RepositoryIamBinding": "RepositoryIamBinding"
+  }
+ },
+ {
+  "pkg": "gcp",
+  "mod": "securesourcemanager/repositoryIamMember",
+  "fqn": "pulumi_gcp.securesourcemanager",
+  "classes": {
+   "gcp:securesourcemanager/repositoryIamMember:RepositoryIamMember": "RepositoryIamMember"
+  }
+ },
+ {
+  "pkg": "gcp",
+  "mod": "securesourcemanager/repositoryIamPolicy",
+  "fqn": "pulumi_gcp.securesourcemanager",
+  "classes": {
+   "gcp:securesourcemanager/repositoryIamPolicy:RepositoryIamPolicy": "RepositoryIamPolicy"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "securitycenter/eventThreatDetectionCustomModule",
@@ -7031,6 +7063,14 @@ _utilities.register(
    "gcp:securitycenter/sourceIamPolicy:SourceIamPolicy": "SourceIamPolicy"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "securitycenter/v2OrganizationNotificationConfig",
+  "fqn": "pulumi_gcp.securitycenter",
+  "classes": {
+   "gcp:securitycenter/v2OrganizationNotificationConfig:V2OrganizationNotificationConfig": "V2OrganizationNotificationConfig"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "securityposture/posture",

pulumi_gcp/applicationintegration/auth_config.py

@@ -562,8 +562,8 @@ class AuthConfig(pulumi.CustomResource):
 
         * [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.authConfigs)
         * How-to Guides
-            * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)
             * [Manage authentication profiles](https://cloud.google.com/application-integration/docs/configure-authentication-profiles)
+            * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)
 
         ## Example Usage
 
@@ -634,8 +634,8 @@ class AuthConfig(pulumi.CustomResource):
 
         * [API documentation](https://cloud.google.com/application-integration/docs/reference/rest/v1/projects.locations.authConfigs)
         * How-to Guides
-            * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)
             * [Manage authentication profiles](https://cloud.google.com/application-integration/docs/configure-authentication-profiles)
+            * [Official Documentation](https://cloud.google.com/application-integration/docs/overview)
 
         ## Example Usage
 

pulumi_gcp/bigquery/reservation_assignment.py

@@ -31,10 +31,10 @@ class ReservationAssignmentArgs:
         :param pulumi.Input[str] reservation: The reservation for the resource
                
                
-               
                - - -
         :param pulumi.Input[str] location: The location for the resource
-        :param pulumi.Input[str] project: The project for the resource
+        :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
+               If it is not provided, the provider project is used.
         """
         pulumi.set(__self__, "assignee", assignee)
         pulumi.set(__self__, "job_type", job_type)
@@ -75,7 +75,6 @@ class ReservationAssignmentArgs:
         The reservation for the resource
 
 
-
         - - -
         """
         return pulumi.get(self, "reservation")
@@ -100,7 +99,8 @@ class ReservationAssignmentArgs:
     @pulumi.getter
     def project(self) -> Optional[pulumi.Input[str]]:
         """
-        The project for the resource
+        The ID of the project in which the resource belongs.
+        If it is not provided, the provider project is used.
         """
         return pulumi.get(self, "project")
 
@@ -125,13 +125,14 @@ class _ReservationAssignmentState:
         :param pulumi.Input[str] job_type: Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY
         :param pulumi.Input[str] location: The location for the resource
         :param pulumi.Input[str] name: Output only. The resource name of the assignment.
-        :param pulumi.Input[str] project: The project for the resource
+        :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
+               If it is not provided, the provider project is used.
         :param pulumi.Input[str] reservation: The reservation for the resource
                
                
-               
                - - -
-        :param pulumi.Input[str] state: Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
+        :param pulumi.Input[str] state: Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active.
+               Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
         """
         if assignee is not None:
             pulumi.set(__self__, "assignee", assignee)
@@ -200,7 +201,8 @@ class _ReservationAssignmentState:
     @pulumi.getter
     def project(self) -> Optional[pulumi.Input[str]]:
         """
-        The project for the resource
+        The ID of the project in which the resource belongs.
+        If it is not provided, the provider project is used.
         """
         return pulumi.get(self, "project")
 
@@ -215,7 +217,6 @@ class _ReservationAssignmentState:
         The reservation for the resource
 
 
-
         - - -
         """
         return pulumi.get(self, "reservation")
@@ -228,7 +229,8 @@ class _ReservationAssignmentState:
     @pulumi.getter
     def state(self) -> Optional[pulumi.Input[str]]:
         """
-        Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
+        Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active.
+        Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
         """
         return pulumi.get(self, "state")
 
@@ -249,22 +251,29 @@ class ReservationAssignment(pulumi.CustomResource):
                  reservation: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        The BigqueryReservation Assignment resource
+        The BigqueryReservation Assignment resource.
+
+        To get more information about ReservationAssignment, see:
+
+        * [API documentation](https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/projects.locations.reservations.assignments)
+        * How-to Guides
+            * [Work with reservation assignments](https://cloud.google.com/bigquery/docs/reservations-assignments)
 
         ## Example Usage
 
-        ### Basic
+        ### Bigquery Reservation Assignment Basic
+
         ```python
         import pulumi
         import pulumi_gcp as gcp
 
         basic = gcp.bigquery.Reservation("basic",
-            name="tf-test-my-reservation",
+            name="example-reservation",
             project="my-project-name",
             location="us-central1",
             slot_capacity=0,
             ignore_idle_slots=False)
-        primary = gcp.bigquery.ReservationAssignment("primary",
+        assignment = gcp.bigquery.ReservationAssignment("assignment",
             assignee="projects/my-project-name",
             job_type="PIPELINE",
             reservation=basic.id)
@@ -272,7 +281,7 @@ class ReservationAssignment(pulumi.CustomResource):
 
         ## Import
 
-        Assignment can be imported using any of these accepted formats:
+        ReservationAssignment can be imported using any of these accepted formats:
 
         * `projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}`
 
@@ -280,7 +289,7 @@ class ReservationAssignment(pulumi.CustomResource):
 
         * `{{location}}/{{reservation}}/{{name}}`
 
-        When using the `pulumi import` command, Assignment can be imported using one of the formats above. For example:
+        When using the `pulumi import` command, ReservationAssignment can be imported using one of the formats above. For example:
 
         ```sh
         $ pulumi import gcp:bigquery/reservationAssignment:ReservationAssignment default projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}
@@ -299,11 +308,11 @@ class ReservationAssignment(pulumi.CustomResource):
         :param pulumi.Input[str] assignee: The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.
         :param pulumi.Input[str] job_type: Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY
         :param pulumi.Input[str] location: The location for the resource
-        :param pulumi.Input[str] project: The project for the resource
+        :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
+               If it is not provided, the provider project is used.
         :param pulumi.Input[str] reservation: The reservation for the resource
                
                
-               
                - - -
         """
         ...
@@ -313,22 +322,29 @@ class ReservationAssignment(pulumi.CustomResource):
                  args: ReservationAssignmentArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        The BigqueryReservation Assignment resource
+        The BigqueryReservation Assignment resource.
+
+        To get more information about ReservationAssignment, see:
+
+        * [API documentation](https://cloud.google.com/bigquery/docs/reference/reservations/rest/v1/projects.locations.reservations.assignments)
+        * How-to Guides
+            * [Work with reservation assignments](https://cloud.google.com/bigquery/docs/reservations-assignments)
 
         ## Example Usage
 
-        ### Basic
+        ### Bigquery Reservation Assignment Basic
+
         ```python
         import pulumi
         import pulumi_gcp as gcp
 
         basic = gcp.bigquery.Reservation("basic",
-            name="tf-test-my-reservation",
+            name="example-reservation",
             project="my-project-name",
             location="us-central1",
             slot_capacity=0,
             ignore_idle_slots=False)
-        primary = gcp.bigquery.ReservationAssignment("primary",
+        assignment = gcp.bigquery.ReservationAssignment("assignment",
             assignee="projects/my-project-name",
             job_type="PIPELINE",
             reservation=basic.id)
@@ -336,7 +352,7 @@ class ReservationAssignment(pulumi.CustomResource):
 
         ## Import
 
-        Assignment can be imported using any of these accepted formats:
+        ReservationAssignment can be imported using any of these accepted formats:
 
         * `projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}`
 
@@ -344,7 +360,7 @@ class ReservationAssignment(pulumi.CustomResource):
 
         * `{{location}}/{{reservation}}/{{name}}`
 
-        When using the `pulumi import` command, Assignment can be imported using one of the formats above. For example:
+        When using the `pulumi import` command, ReservationAssignment can be imported using one of the formats above. For example:
 
         ```sh
         $ pulumi import gcp:bigquery/reservationAssignment:ReservationAssignment default projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}
@@ -428,13 +444,14 @@ class ReservationAssignment(pulumi.CustomResource):
         :param pulumi.Input[str] job_type: Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY
         :param pulumi.Input[str] location: The location for the resource
         :param pulumi.Input[str] name: Output only. The resource name of the assignment.
-        :param pulumi.Input[str] project: The project for the resource
+        :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
+               If it is not provided, the provider project is used.
         :param pulumi.Input[str] reservation: The reservation for the resource
                
                
-               
                - - -
-        :param pulumi.Input[str] state: Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
+        :param pulumi.Input[str] state: Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active.
+               Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -485,7 +502,8 @@ class ReservationAssignment(pulumi.CustomResource):
     @pulumi.getter
     def project(self) -> pulumi.Output[str]:
         """
-        The project for the resource
+        The ID of the project in which the resource belongs.
+        If it is not provided, the provider project is used.
         """
         return pulumi.get(self, "project")
 
@@ -496,7 +514,6 @@ class ReservationAssignment(pulumi.CustomResource):
         The reservation for the resource
 
 
-
         - - -
         """
         return pulumi.get(self, "reservation")
@@ -505,7 +522,8 @@ class ReservationAssignment(pulumi.CustomResource):
     @pulumi.getter
     def state(self) -> pulumi.Output[str]:
         """
-        Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
+        Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active.
+        Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE
         """
         return pulumi.get(self, "state")
 

pulumi_gcp/certificateauthority/certificate_template.py

@@ -445,9 +445,9 @@ class CertificateTemplate(pulumi.CustomResource):
 
         * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
         * How-to Guides
+            * [Common configurations and Certificate Profiles](https://cloud.google.com/certificate-authority-service/docs/certificate-profile)
             * [Official Documentation](https://cloud.google.com/certificate-authority-service)
             * [Understanding Certificate Templates](https://cloud.google.com/certificate-authority-service/docs/certificate-template)
-            * [Common configurations and Certificate Profiles](https://cloud.google.com/certificate-authority-service/docs/certificate-profile)
 
         ## Example Usage
 
@@ -594,9 +594,9 @@ class CertificateTemplate(pulumi.CustomResource):
 
         * [API documentation](https://cloud.google.com/certificate-authority-service/docs/reference/rest)
         * How-to Guides
+            * [Common configurations and Certificate Profiles](https://cloud.google.com/certificate-authority-service/docs/certificate-profile)
             * [Official Documentation](https://cloud.google.com/certificate-authority-service)
             * [Understanding Certificate Templates](https://cloud.google.com/certificate-authority-service/docs/certificate-template)
-            * [Common configurations and Certificate Profiles](https://cloud.google.com/certificate-authority-service/docs/certificate-profile)
 
         ## Example Usage
 

pulumi_gcp/certificatemanager/_inputs.py

@@ -33,6 +33,8 @@ __all__ = [
     'CertificateSelfManagedArgsDict',
     'DnsAuthorizationDnsResourceRecordArgs',
     'DnsAuthorizationDnsResourceRecordArgsDict',
+    'TrustConfigAllowlistedCertificateArgs',
+    'TrustConfigAllowlistedCertificateArgsDict',
     'TrustConfigTrustStoreArgs',
     'TrustConfigTrustStoreArgsDict',
     'TrustConfigTrustStoreIntermediateCaArgs',
@@ -828,6 +830,37 @@ class DnsAuthorizationDnsResourceRecordArgs:
         pulumi.set(self, "type", value)
 
 
+if not MYPY:
+    class TrustConfigAllowlistedCertificateArgsDict(TypedDict):
+        pem_certificate: pulumi.Input[str]
+        """
+        PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
+        """
+elif False:
+    TrustConfigAllowlistedCertificateArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class TrustConfigAllowlistedCertificateArgs:
+    def __init__(__self__, *,
+                 pem_certificate: pulumi.Input[str]):
+        """
+        :param pulumi.Input[str] pem_certificate: PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
+        """
+        pulumi.set(__self__, "pem_certificate", pem_certificate)
+
+    @property
+    @pulumi.getter(name="pemCertificate")
+    def pem_certificate(self) -> pulumi.Input[str]:
+        """
+        PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
+        """
+        return pulumi.get(self, "pem_certificate")
+
+    @pem_certificate.setter
+    def pem_certificate(self, value: pulumi.Input[str]):
+        pulumi.set(self, "pem_certificate", value)
+
+
 if not MYPY:
     class TrustConfigTrustStoreArgsDict(TypedDict):
         intermediate_cas: NotRequired[pulumi.Input[Sequence[pulumi.Input['TrustConfigTrustStoreIntermediateCaArgsDict']]]]

pulumi_gcp/certificatemanager/outputs.py

@@ -25,6 +25,7 @@ __all__ = [
     'CertificateMapGclbTargetIpConfig',
     'CertificateSelfManaged',
     'DnsAuthorizationDnsResourceRecord',
+    'TrustConfigAllowlistedCertificate',
     'TrustConfigTrustStore',
     'TrustConfigTrustStoreIntermediateCa',
     'TrustConfigTrustStoreTrustAnchor',
@@ -643,6 +644,41 @@ class DnsAuthorizationDnsResourceRecord(dict):
         return pulumi.get(self, "type")
 
 
+@pulumi.output_type
+class TrustConfigAllowlistedCertificate(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "pemCertificate":
+            suggest = "pem_certificate"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in TrustConfigAllowlistedCertificate. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        TrustConfigAllowlistedCertificate.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        TrustConfigAllowlistedCertificate.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 pem_certificate: str):
+        """
+        :param str pem_certificate: PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
+        """
+        pulumi.set(__self__, "pem_certificate", pem_certificate)
+
+    @property
+    @pulumi.getter(name="pemCertificate")
+    def pem_certificate(self) -> str:
+        """
+        PEM certificate that is allowlisted. The certificate can be up to 5k bytes, and must be a parseable X.509 certificate.
+        """
+        return pulumi.get(self, "pem_certificate")
+
+
 @pulumi.output_type
 class TrustConfigTrustStore(dict):
     @staticmethod

pulumi_gcp/certificatemanager/trust_config.py

@@ -22,6 +22,7 @@ __all__ = ['TrustConfigArgs', 'TrustConfig']
 class TrustConfigArgs:
     def __init__(__self__, *,
                  location: pulumi.Input[str],
+                 allowlisted_certificates: Optional[pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -33,6 +34,9 @@ class TrustConfigArgs:
                
                
                - - -
+        :param pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]] allowlisted_certificates: Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+               the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+               Structure is documented below.
         :param pulumi.Input[str] description: One or more paragraphs of text description of a trust config.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of label tags associated with the trust config.
                **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
@@ -45,6 +49,8 @@ class TrustConfigArgs:
                Structure is documented below.
         """
         pulumi.set(__self__, "location", location)
+        if allowlisted_certificates is not None:
+            pulumi.set(__self__, "allowlisted_certificates", allowlisted_certificates)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if labels is not None:
@@ -71,6 +77,20 @@ class TrustConfigArgs:
     def location(self, value: pulumi.Input[str]):
         pulumi.set(self, "location", value)
 
+    @property
+    @pulumi.getter(name="allowlistedCertificates")
+    def allowlisted_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]]]:
+        """
+        Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+        the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "allowlisted_certificates")
+
+    @allowlisted_certificates.setter
+    def allowlisted_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]]]):
+        pulumi.set(self, "allowlisted_certificates", value)
+
     @property
     @pulumi.getter
     def description(self) -> Optional[pulumi.Input[str]]:
@@ -140,6 +160,7 @@ class TrustConfigArgs:
 @pulumi.input_type
 class _TrustConfigState:
     def __init__(__self__, *,
+                 allowlisted_certificates: Optional[pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]]] = None,
                  create_time: Optional[pulumi.Input[str]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -152,6 +173,9 @@ class _TrustConfigState:
                  update_time: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering TrustConfig resources.
+        :param pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]] allowlisted_certificates: Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+               the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+               Structure is documented below.
         :param pulumi.Input[str] create_time: The creation timestamp of a TrustConfig.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
                Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
@@ -176,6 +200,8 @@ class _TrustConfigState:
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
                Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
         """
+        if allowlisted_certificates is not None:
+            pulumi.set(__self__, "allowlisted_certificates", allowlisted_certificates)
         if create_time is not None:
             pulumi.set(__self__, "create_time", create_time)
         if description is not None:
@@ -197,6 +223,20 @@ class _TrustConfigState:
         if update_time is not None:
             pulumi.set(__self__, "update_time", update_time)
 
+    @property
+    @pulumi.getter(name="allowlistedCertificates")
+    def allowlisted_certificates(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]]]:
+        """
+        Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+        the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "allowlisted_certificates")
+
+    @allowlisted_certificates.setter
+    def allowlisted_certificates(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['TrustConfigAllowlistedCertificateArgs']]]]):
+        pulumi.set(self, "allowlisted_certificates", value)
+
     @property
     @pulumi.getter(name="createTime")
     def create_time(self) -> Optional[pulumi.Input[str]]:
@@ -336,6 +376,7 @@ class TrustConfig(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
+                 allowlisted_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[Union['TrustConfigAllowlistedCertificateArgs', 'TrustConfigAllowlistedCertificateArgsDict']]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  location: Optional[pulumi.Input[str]] = None,
@@ -377,6 +418,29 @@ class TrustConfig(pulumi.CustomResource):
                 "foo": "bar",
             })
         ```
+        ### Certificate Manager Trust Config Allowlisted Certificates
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_std as std
+
+        default = gcp.certificatemanager.TrustConfig("default",
+            name="trust-config",
+            description="A sample trust config resource with allowlisted certificates",
+            location="global",
+            allowlisted_certificates=[
+                {
+                    "pemCertificate": std.file(input="test-fixtures/cert.pem").result,
+                },
+                {
+                    "pemCertificate": std.file(input="test-fixtures/cert2.pem").result,
+                },
+            ],
+            labels={
+                "foo": "bar",
+            })
+        ```
 
         ## Import
 
@@ -404,6 +468,9 @@ class TrustConfig(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['TrustConfigAllowlistedCertificateArgs', 'TrustConfigAllowlistedCertificateArgsDict']]]] allowlisted_certificates: Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+               the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+               Structure is documented below.
         :param pulumi.Input[str] description: One or more paragraphs of text description of a trust config.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Set of label tags associated with the trust config.
                **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
@@ -459,6 +526,29 @@ class TrustConfig(pulumi.CustomResource):
                 "foo": "bar",
             })
         ```
+        ### Certificate Manager Trust Config Allowlisted Certificates
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_std as std
+
+        default = gcp.certificatemanager.TrustConfig("default",
+            name="trust-config",
+            description="A sample trust config resource with allowlisted certificates",
+            location="global",
+            allowlisted_certificates=[
+                {
+                    "pemCertificate": std.file(input="test-fixtures/cert.pem").result,
+                },
+                {
+                    "pemCertificate": std.file(input="test-fixtures/cert2.pem").result,
+                },
+            ],
+            labels={
+                "foo": "bar",
+            })
+        ```
 
         ## Import
 
@@ -499,6 +589,7 @@ class TrustConfig(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
+                 allowlisted_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[Union['TrustConfigAllowlistedCertificateArgs', 'TrustConfigAllowlistedCertificateArgsDict']]]]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  location: Optional[pulumi.Input[str]] = None,
@@ -514,6 +605,7 @@ class TrustConfig(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = TrustConfigArgs.__new__(TrustConfigArgs)
 
+            __props__.__dict__["allowlisted_certificates"] = allowlisted_certificates
             __props__.__dict__["description"] = description
             __props__.__dict__["labels"] = labels
             if location is None and not opts.urn:
@@ -538,6 +630,7 @@ class TrustConfig(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
+            allowlisted_certificates: Optional[pulumi.Input[Sequence[pulumi.Input[Union['TrustConfigAllowlistedCertificateArgs', 'TrustConfigAllowlistedCertificateArgsDict']]]]] = None,
             create_time: Optional[pulumi.Input[str]] = None,
             description: Optional[pulumi.Input[str]] = None,
             effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
@@ -555,6 +648,9 @@ class TrustConfig(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['TrustConfigAllowlistedCertificateArgs', 'TrustConfigAllowlistedCertificateArgsDict']]]] allowlisted_certificates: Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+               the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+               Structure is documented below.
         :param pulumi.Input[str] create_time: The creation timestamp of a TrustConfig.
                A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
                Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
@@ -583,6 +679,7 @@ class TrustConfig(pulumi.CustomResource):
 
         __props__ = _TrustConfigState.__new__(_TrustConfigState)
 
+        __props__.__dict__["allowlisted_certificates"] = allowlisted_certificates
         __props__.__dict__["create_time"] = create_time
         __props__.__dict__["description"] = description
         __props__.__dict__["effective_labels"] = effective_labels
@@ -595,6 +692,16 @@ class TrustConfig(pulumi.CustomResource):
         __props__.__dict__["update_time"] = update_time
         return TrustConfig(resource_name, opts=opts, __props__=__props__)
 
+    @property
+    @pulumi.getter(name="allowlistedCertificates")
+    def allowlisted_certificates(self) -> pulumi.Output[Optional[Sequence['outputs.TrustConfigAllowlistedCertificate']]]:
+        """
+        Allowlisted PEM-encoded certificates. A certificate matching an allowlisted certificate is always considered valid as long as
+        the certificate is parseable, proof of private key possession is established, and constraints on the certificate's SAN field are met.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "allowlisted_certificates")
+
     @property
     @pulumi.getter(name="createTime")
     def create_time(self) -> pulumi.Output[str]: