pulumi-gcp 7.32.0__py3-none-any.whl → 7.32.0a1721151794__py3-none-any.whl

pulumi_gcp/compute/target_instance.py

@@ -452,7 +452,7 @@ class TargetInstance(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         target_vm = gcp.compute.get_network(name="default")
-        vmimage = gcp.compute.get_image(family="debian-12",
+        vmimage = gcp.compute.get_image(family="debian-10",
             project="debian-cloud")
         target_vm_instance = gcp.compute.Instance("target-vm",
             name="custom-network-target-vm",
@@ -642,7 +642,7 @@ class TargetInstance(pulumi.CustomResource):
         import pulumi_gcp as gcp
 
         target_vm = gcp.compute.get_network(name="default")
-        vmimage = gcp.compute.get_image(family="debian-12",
+        vmimage = gcp.compute.get_image(family="debian-10",
             project="debian-cloud")
         target_vm_instance = gcp.compute.Instance("target-vm",
             name="custom-network-target-vm",

pulumi_gcp/config/__init__.pyi

@@ -319,8 +319,6 @@ serviceNetworkingCustomEndpoint: Optional[str]
 
 serviceUsageCustomEndpoint: Optional[str]
 
-siteVerificationCustomEndpoint: Optional[str]
-
 skipRegionValidation: bool
 
 sourceRepoCustomEndpoint: Optional[str]

pulumi_gcp/config/vars.py

@@ -629,10 +629,6 @@ class _ExportableConfig(types.ModuleType):
     def service_usage_custom_endpoint(self) -> Optional[str]:
         return __config__.get('serviceUsageCustomEndpoint')
 
-    @property
-    def site_verification_custom_endpoint(self) -> Optional[str]:
-        return __config__.get('siteVerificationCustomEndpoint')
-
     @property
     def skip_region_validation(self) -> bool:
         return __config__.get_bool('skipRegionValidation') or (_utilities.get_env_bool('PULUMI_GCP_SKIP_REGION_VALIDATION') or False)

pulumi_gcp/gkehub/__init__.py

@@ -12,7 +12,6 @@ from .feature_iam_policy import *
 from .feature_membership import *
 from .fleet import *
 from .get_feature_iam_policy import *
-from .get_membership_binding import *
 from .get_membership_iam_policy import *
 from .get_scope_iam_policy import *
 from .membership import *

pulumi_gcp/gkehub/outputs.py

@@ -88,7 +88,6 @@ __all__ = [
     'ScopeRbacRoleBindingRole',
     'ScopeRbacRoleBindingState',
     'ScopeState',
-    'GetMembershipBindingStateResult',
 ]
 
 @pulumi.output_type
@@ -3589,21 +3588,3 @@ class ScopeState(dict):
         return pulumi.get(self, "code")
 
 
-@pulumi.output_type
-class GetMembershipBindingStateResult(dict):
-    def __init__(__self__, *,
-                 code: str):
-        """
-        :param str code: Code describes the state of a MembershipBinding resource.
-        """
-        pulumi.set(__self__, "code", code)
-
-    @property
-    @pulumi.getter
-    def code(self) -> str:
-        """
-        Code describes the state of a MembershipBinding resource.
-        """
-        return pulumi.get(self, "code")
-
-

pulumi_gcp/iap/client.py

@@ -25,7 +25,7 @@ class ClientArgs:
         The set of arguments for constructing a Client resource.
         :param pulumi.Input[str] brand: Identifier of the brand to which this client
                is attached to. The format is
-               `projects/{project_number}/brands/{brand_id}`.
+               `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
                
                
                - - -
@@ -40,7 +40,7 @@ class ClientArgs:
         """
         Identifier of the brand to which this client
         is attached to. The format is
-        `projects/{project_number}/brands/{brand_id}`.
+        `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
 
 
         - - -
@@ -75,7 +75,7 @@ class _ClientState:
         Input properties used for looking up and filtering Client resources.
         :param pulumi.Input[str] brand: Identifier of the brand to which this client
                is attached to. The format is
-               `projects/{project_number}/brands/{brand_id}`.
+               `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
                
                
                - - -
@@ -99,7 +99,7 @@ class _ClientState:
         """
         Identifier of the brand to which this client
         is attached to. The format is
-        `projects/{project_number}/brands/{brand_id}`.
+        `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
 
 
         - - -
@@ -215,7 +215,7 @@ class Client(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] brand: Identifier of the brand to which this client
                is attached to. The format is
-               `projects/{project_number}/brands/{brand_id}`.
+               `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
                
                
                - - -
@@ -341,7 +341,7 @@ class Client(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] brand: Identifier of the brand to which this client
                is attached to. The format is
-               `projects/{project_number}/brands/{brand_id}`.
+               `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
                
                
                - - -
@@ -366,7 +366,7 @@ class Client(pulumi.CustomResource):
         """
         Identifier of the brand to which this client
         is attached to. The format is
-        `projects/{project_number}/brands/{brand_id}`.
+        `projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}`.
 
 
         - - -

pulumi_gcp/kms/_inputs.py

@@ -19,8 +19,6 @@ __all__ = [
     'CryptoKeyIAMBindingConditionArgsDict',
     'CryptoKeyIAMMemberConditionArgs',
     'CryptoKeyIAMMemberConditionArgsDict',
-    'CryptoKeyKeyAccessJustificationsPolicyArgs',
-    'CryptoKeyKeyAccessJustificationsPolicyArgsDict',
     'CryptoKeyPrimaryArgs',
     'CryptoKeyPrimaryArgsDict',
     'CryptoKeyVersionAttestationArgs',
@@ -213,44 +211,6 @@ class CryptoKeyIAMMemberConditionArgs:
         pulumi.set(self, "description", value)
 
 
-if not MYPY:
-    class CryptoKeyKeyAccessJustificationsPolicyArgsDict(TypedDict):
-        allowed_access_reasons: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        The list of allowed reasons for access to this CryptoKey. Zero allowed
-        access reasons means all encrypt, decrypt, and sign operations for
-        this CryptoKey will fail.
-        """
-elif False:
-    CryptoKeyKeyAccessJustificationsPolicyArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class CryptoKeyKeyAccessJustificationsPolicyArgs:
-    def __init__(__self__, *,
-                 allowed_access_reasons: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
-        """
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_access_reasons: The list of allowed reasons for access to this CryptoKey. Zero allowed
-               access reasons means all encrypt, decrypt, and sign operations for
-               this CryptoKey will fail.
-        """
-        if allowed_access_reasons is not None:
-            pulumi.set(__self__, "allowed_access_reasons", allowed_access_reasons)
-
-    @property
-    @pulumi.getter(name="allowedAccessReasons")
-    def allowed_access_reasons(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        The list of allowed reasons for access to this CryptoKey. Zero allowed
-        access reasons means all encrypt, decrypt, and sign operations for
-        this CryptoKey will fail.
-        """
-        return pulumi.get(self, "allowed_access_reasons")
-
-    @allowed_access_reasons.setter
-    def allowed_access_reasons(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "allowed_access_reasons", value)
-
-
 if not MYPY:
     class CryptoKeyPrimaryArgsDict(TypedDict):
         name: NotRequired[pulumi.Input[str]]

pulumi_gcp/kms/crypto_key.py

@@ -25,7 +25,6 @@ class CryptoKeyArgs:
                  crypto_key_backend: Optional[pulumi.Input[str]] = None,
                  destroy_scheduled_duration: Optional[pulumi.Input[str]] = None,
                  import_only: Optional[pulumi.Input[bool]] = None,
-                 key_access_justifications_policy: Optional[pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs']] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  name: Optional[pulumi.Input[str]] = None,
                  purpose: Optional[pulumi.Input[str]] = None,
@@ -44,15 +43,6 @@ class CryptoKeyArgs:
         :param pulumi.Input[str] destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
                If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
-        :param pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs'] key_access_justifications_policy: The policy used for Key Access Justifications Policy Enforcement. If this
-               field is present and this key is enrolled in Key Access Justifications
-               Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-               sign operations, and the operation will fail if rejected by the policy. The
-               policy is defined by specifying zero or more allowed justification codes.
-               https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-               By default, this field is absent, and all justification codes are allowed.
-               This field is currently in beta and is subject to change.
-               Structure is documented below.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] labels: Labels with user-defined metadata to apply to this resource.
                
                **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
@@ -79,8 +69,6 @@ class CryptoKeyArgs:
             pulumi.set(__self__, "destroy_scheduled_duration", destroy_scheduled_duration)
         if import_only is not None:
             pulumi.set(__self__, "import_only", import_only)
-        if key_access_justifications_policy is not None:
-            pulumi.set(__self__, "key_access_justifications_policy", key_access_justifications_policy)
         if labels is not None:
             pulumi.set(__self__, "labels", labels)
         if name is not None:
@@ -148,26 +136,6 @@ class CryptoKeyArgs:
     def import_only(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "import_only", value)
 
-    @property
-    @pulumi.getter(name="keyAccessJustificationsPolicy")
-    def key_access_justifications_policy(self) -> Optional[pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs']]:
-        """
-        The policy used for Key Access Justifications Policy Enforcement. If this
-        field is present and this key is enrolled in Key Access Justifications
-        Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-        sign operations, and the operation will fail if rejected by the policy. The
-        policy is defined by specifying zero or more allowed justification codes.
-        https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-        By default, this field is absent, and all justification codes are allowed.
-        This field is currently in beta and is subject to change.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "key_access_justifications_policy")
-
-    @key_access_justifications_policy.setter
-    def key_access_justifications_policy(self, value: Optional[pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs']]):
-        pulumi.set(self, "key_access_justifications_policy", value)
-
     @property
     @pulumi.getter
     def labels(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]:
@@ -260,7 +228,6 @@ class _CryptoKeyState:
                  destroy_scheduled_duration: Optional[pulumi.Input[str]] = None,
                  effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  import_only: Optional[pulumi.Input[bool]] = None,
-                 key_access_justifications_policy: Optional[pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs']] = None,
                  key_ring: Optional[pulumi.Input[str]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -278,15 +245,6 @@ class _CryptoKeyState:
                If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
-        :param pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs'] key_access_justifications_policy: The policy used for Key Access Justifications Policy Enforcement. If this
-               field is present and this key is enrolled in Key Access Justifications
-               Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-               sign operations, and the operation will fail if rejected by the policy. The
-               policy is defined by specifying zero or more allowed justification codes.
-               https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-               By default, this field is absent, and all justification codes are allowed.
-               This field is currently in beta and is subject to change.
-               Structure is documented below.
         :param pulumi.Input[str] key_ring: The KeyRing that this key belongs to.
                Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
                
@@ -324,8 +282,6 @@ class _CryptoKeyState:
             pulumi.set(__self__, "effective_labels", effective_labels)
         if import_only is not None:
             pulumi.set(__self__, "import_only", import_only)
-        if key_access_justifications_policy is not None:
-            pulumi.set(__self__, "key_access_justifications_policy", key_access_justifications_policy)
         if key_ring is not None:
             pulumi.set(__self__, "key_ring", key_ring)
         if labels is not None:
@@ -395,26 +351,6 @@ class _CryptoKeyState:
     def import_only(self, value: Optional[pulumi.Input[bool]]):
         pulumi.set(self, "import_only", value)
 
-    @property
-    @pulumi.getter(name="keyAccessJustificationsPolicy")
-    def key_access_justifications_policy(self) -> Optional[pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs']]:
-        """
-        The policy used for Key Access Justifications Policy Enforcement. If this
-        field is present and this key is enrolled in Key Access Justifications
-        Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-        sign operations, and the operation will fail if rejected by the policy. The
-        policy is defined by specifying zero or more allowed justification codes.
-        https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-        By default, this field is absent, and all justification codes are allowed.
-        This field is currently in beta and is subject to change.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "key_access_justifications_policy")
-
-    @key_access_justifications_policy.setter
-    def key_access_justifications_policy(self, value: Optional[pulumi.Input['CryptoKeyKeyAccessJustificationsPolicyArgs']]):
-        pulumi.set(self, "key_access_justifications_policy", value)
-
     @property
     @pulumi.getter(name="keyRing")
     def key_ring(self) -> Optional[pulumi.Input[str]]:
@@ -551,7 +487,6 @@ class CryptoKey(pulumi.CustomResource):
                  crypto_key_backend: Optional[pulumi.Input[str]] = None,
                  destroy_scheduled_duration: Optional[pulumi.Input[str]] = None,
                  import_only: Optional[pulumi.Input[bool]] = None,
-                 key_access_justifications_policy: Optional[pulumi.Input[Union['CryptoKeyKeyAccessJustificationsPolicyArgs', 'CryptoKeyKeyAccessJustificationsPolicyArgsDict']]] = None,
                  key_ring: Optional[pulumi.Input[str]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -635,15 +570,6 @@ class CryptoKey(pulumi.CustomResource):
         :param pulumi.Input[str] destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
                If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
-        :param pulumi.Input[Union['CryptoKeyKeyAccessJustificationsPolicyArgs', 'CryptoKeyKeyAccessJustificationsPolicyArgsDict']] key_access_justifications_policy: The policy used for Key Access Justifications Policy Enforcement. If this
-               field is present and this key is enrolled in Key Access Justifications
-               Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-               sign operations, and the operation will fail if rejected by the policy. The
-               policy is defined by specifying zero or more allowed justification codes.
-               https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-               By default, this field is absent, and all justification codes are allowed.
-               This field is currently in beta and is subject to change.
-               Structure is documented below.
         :param pulumi.Input[str] key_ring: The KeyRing that this key belongs to.
                Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
                
@@ -760,7 +686,6 @@ class CryptoKey(pulumi.CustomResource):
                  crypto_key_backend: Optional[pulumi.Input[str]] = None,
                  destroy_scheduled_duration: Optional[pulumi.Input[str]] = None,
                  import_only: Optional[pulumi.Input[bool]] = None,
-                 key_access_justifications_policy: Optional[pulumi.Input[Union['CryptoKeyKeyAccessJustificationsPolicyArgs', 'CryptoKeyKeyAccessJustificationsPolicyArgsDict']]] = None,
                  key_ring: Optional[pulumi.Input[str]] = None,
                  labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                  name: Optional[pulumi.Input[str]] = None,
@@ -780,7 +705,6 @@ class CryptoKey(pulumi.CustomResource):
             __props__.__dict__["crypto_key_backend"] = crypto_key_backend
             __props__.__dict__["destroy_scheduled_duration"] = destroy_scheduled_duration
             __props__.__dict__["import_only"] = import_only
-            __props__.__dict__["key_access_justifications_policy"] = key_access_justifications_policy
             if key_ring is None and not opts.urn:
                 raise TypeError("Missing required property 'key_ring'")
             __props__.__dict__["key_ring"] = key_ring
@@ -809,7 +733,6 @@ class CryptoKey(pulumi.CustomResource):
             destroy_scheduled_duration: Optional[pulumi.Input[str]] = None,
             effective_labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             import_only: Optional[pulumi.Input[bool]] = None,
-            key_access_justifications_policy: Optional[pulumi.Input[Union['CryptoKeyKeyAccessJustificationsPolicyArgs', 'CryptoKeyKeyAccessJustificationsPolicyArgsDict']]] = None,
             key_ring: Optional[pulumi.Input[str]] = None,
             labels: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
             name: Optional[pulumi.Input[str]] = None,
@@ -832,15 +755,6 @@ class CryptoKey(pulumi.CustomResource):
                If not specified at creation time, the default duration is 30 days.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] effective_labels: All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
         :param pulumi.Input[bool] import_only: Whether this key may contain imported versions only.
-        :param pulumi.Input[Union['CryptoKeyKeyAccessJustificationsPolicyArgs', 'CryptoKeyKeyAccessJustificationsPolicyArgsDict']] key_access_justifications_policy: The policy used for Key Access Justifications Policy Enforcement. If this
-               field is present and this key is enrolled in Key Access Justifications
-               Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-               sign operations, and the operation will fail if rejected by the policy. The
-               policy is defined by specifying zero or more allowed justification codes.
-               https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-               By default, this field is absent, and all justification codes are allowed.
-               This field is currently in beta and is subject to change.
-               Structure is documented below.
         :param pulumi.Input[str] key_ring: The KeyRing that this key belongs to.
                Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
                
@@ -878,7 +792,6 @@ class CryptoKey(pulumi.CustomResource):
         __props__.__dict__["destroy_scheduled_duration"] = destroy_scheduled_duration
         __props__.__dict__["effective_labels"] = effective_labels
         __props__.__dict__["import_only"] = import_only
-        __props__.__dict__["key_access_justifications_policy"] = key_access_justifications_policy
         __props__.__dict__["key_ring"] = key_ring
         __props__.__dict__["labels"] = labels
         __props__.__dict__["name"] = name
@@ -924,22 +837,6 @@ class CryptoKey(pulumi.CustomResource):
         """
         return pulumi.get(self, "import_only")
 
-    @property
-    @pulumi.getter(name="keyAccessJustificationsPolicy")
-    def key_access_justifications_policy(self) -> pulumi.Output['outputs.CryptoKeyKeyAccessJustificationsPolicy']:
-        """
-        The policy used for Key Access Justifications Policy Enforcement. If this
-        field is present and this key is enrolled in Key Access Justifications
-        Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-        sign operations, and the operation will fail if rejected by the policy. The
-        policy is defined by specifying zero or more allowed justification codes.
-        https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-        By default, this field is absent, and all justification codes are allowed.
-        This field is currently in beta and is subject to change.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "key_access_justifications_policy")
-
     @property
     @pulumi.getter(name="keyRing")
     def key_ring(self) -> pulumi.Output[str]:

pulumi_gcp/kms/get_kms_crypto_key.py

@@ -27,7 +27,7 @@ class GetKMSCryptoKeyResult:
     """
     A collection of values returned by getKMSCryptoKey.
     """
-    def __init__(__self__, crypto_key_backend=None, destroy_scheduled_duration=None, effective_labels=None, id=None, import_only=None, key_access_justifications_policies=None, key_ring=None, labels=None, name=None, primaries=None, pulumi_labels=None, purpose=None, rotation_period=None, skip_initial_version_creation=None, version_templates=None):
+    def __init__(__self__, crypto_key_backend=None, destroy_scheduled_duration=None, effective_labels=None, id=None, import_only=None, key_ring=None, labels=None, name=None, primaries=None, pulumi_labels=None, purpose=None, rotation_period=None, skip_initial_version_creation=None, version_templates=None):
         if crypto_key_backend and not isinstance(crypto_key_backend, str):
             raise TypeError("Expected argument 'crypto_key_backend' to be a str")
         pulumi.set(__self__, "crypto_key_backend", crypto_key_backend)
@@ -43,9 +43,6 @@ class GetKMSCryptoKeyResult:
         if import_only and not isinstance(import_only, bool):
             raise TypeError("Expected argument 'import_only' to be a bool")
         pulumi.set(__self__, "import_only", import_only)
-        if key_access_justifications_policies and not isinstance(key_access_justifications_policies, list):
-            raise TypeError("Expected argument 'key_access_justifications_policies' to be a list")
-        pulumi.set(__self__, "key_access_justifications_policies", key_access_justifications_policies)
         if key_ring and not isinstance(key_ring, str):
             raise TypeError("Expected argument 'key_ring' to be a str")
         pulumi.set(__self__, "key_ring", key_ring)
@@ -102,11 +99,6 @@ class GetKMSCryptoKeyResult:
     def import_only(self) -> bool:
         return pulumi.get(self, "import_only")
 
-    @property
-    @pulumi.getter(name="keyAccessJustificationsPolicies")
-    def key_access_justifications_policies(self) -> Sequence['outputs.GetKMSCryptoKeyKeyAccessJustificationsPolicyResult']:
-        return pulumi.get(self, "key_access_justifications_policies")
-
     @property
     @pulumi.getter(name="keyRing")
     def key_ring(self) -> str:
@@ -172,7 +164,6 @@ class AwaitableGetKMSCryptoKeyResult(GetKMSCryptoKeyResult):
             effective_labels=self.effective_labels,
             id=self.id,
             import_only=self.import_only,
-            key_access_justifications_policies=self.key_access_justifications_policies,
             key_ring=self.key_ring,
             labels=self.labels,
             name=self.name,
@@ -225,7 +216,6 @@ def get_kms_crypto_key(key_ring: Optional[str] = None,
         effective_labels=pulumi.get(__ret__, 'effective_labels'),
         id=pulumi.get(__ret__, 'id'),
         import_only=pulumi.get(__ret__, 'import_only'),
-        key_access_justifications_policies=pulumi.get(__ret__, 'key_access_justifications_policies'),
         key_ring=pulumi.get(__ret__, 'key_ring'),
         labels=pulumi.get(__ret__, 'labels'),
         name=pulumi.get(__ret__, 'name'),

pulumi_gcp/kms/outputs.py

@@ -18,7 +18,6 @@ from . import outputs
 __all__ = [
     'CryptoKeyIAMBindingCondition',
     'CryptoKeyIAMMemberCondition',
-    'CryptoKeyKeyAccessJustificationsPolicy',
     'CryptoKeyPrimary',
     'CryptoKeyVersionAttestation',
     'CryptoKeyVersionAttestationCertChains',
@@ -32,10 +31,8 @@ __all__ = [
     'KeyRingImportJobAttestation',
     'KeyRingImportJobPublicKey',
     'GetCryptoKeysKeyResult',
-    'GetCryptoKeysKeyKeyAccessJustificationsPolicyResult',
     'GetCryptoKeysKeyPrimaryResult',
     'GetCryptoKeysKeyVersionTemplateResult',
-    'GetKMSCryptoKeyKeyAccessJustificationsPolicyResult',
     'GetKMSCryptoKeyPrimaryResult',
     'GetKMSCryptoKeyVersionPublicKeyResult',
     'GetKMSCryptoKeyVersionTemplateResult',
@@ -140,46 +137,6 @@ class CryptoKeyIAMMemberCondition(dict):
         return pulumi.get(self, "description")
 
 
-@pulumi.output_type
-class CryptoKeyKeyAccessJustificationsPolicy(dict):
-    @staticmethod
-    def __key_warning(key: str):
-        suggest = None
-        if key == "allowedAccessReasons":
-            suggest = "allowed_access_reasons"
-
-        if suggest:
-            pulumi.log.warn(f"Key '{key}' not found in CryptoKeyKeyAccessJustificationsPolicy. Access the value via the '{suggest}' property getter instead.")
-
-    def __getitem__(self, key: str) -> Any:
-        CryptoKeyKeyAccessJustificationsPolicy.__key_warning(key)
-        return super().__getitem__(key)
-
-    def get(self, key: str, default = None) -> Any:
-        CryptoKeyKeyAccessJustificationsPolicy.__key_warning(key)
-        return super().get(key, default)
-
-    def __init__(__self__, *,
-                 allowed_access_reasons: Optional[Sequence[str]] = None):
-        """
-        :param Sequence[str] allowed_access_reasons: The list of allowed reasons for access to this CryptoKey. Zero allowed
-               access reasons means all encrypt, decrypt, and sign operations for
-               this CryptoKey will fail.
-        """
-        if allowed_access_reasons is not None:
-            pulumi.set(__self__, "allowed_access_reasons", allowed_access_reasons)
-
-    @property
-    @pulumi.getter(name="allowedAccessReasons")
-    def allowed_access_reasons(self) -> Optional[Sequence[str]]:
-        """
-        The list of allowed reasons for access to this CryptoKey. Zero allowed
-        access reasons means all encrypt, decrypt, and sign operations for
-        this CryptoKey will fail.
-        """
-        return pulumi.get(self, "allowed_access_reasons")
-
-
 @pulumi.output_type
 class CryptoKeyPrimary(dict):
     def __init__(__self__, *,
@@ -915,7 +872,6 @@ class GetCryptoKeysKeyResult(dict):
                  effective_labels: Mapping[str, str],
                  id: str,
                  import_only: bool,
-                 key_access_justifications_policies: Sequence['outputs.GetCryptoKeysKeyKeyAccessJustificationsPolicyResult'],
                  labels: Mapping[str, str],
                  primaries: Sequence['outputs.GetCryptoKeysKeyPrimaryResult'],
                  pulumi_labels: Mapping[str, str],
@@ -931,14 +887,6 @@ class GetCryptoKeysKeyResult(dict):
         :param str destroy_scheduled_duration: The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
                If not specified at creation time, the default duration is 30 days.
         :param bool import_only: Whether this key may contain imported versions only.
-        :param Sequence['GetCryptoKeysKeyKeyAccessJustificationsPolicyArgs'] key_access_justifications_policies: The policy used for Key Access Justifications Policy Enforcement. If this
-               field is present and this key is enrolled in Key Access Justifications
-               Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-               sign operations, and the operation will fail if rejected by the policy. The
-               policy is defined by specifying zero or more allowed justification codes.
-               https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-               By default, this field is absent, and all justification codes are allowed.
-               This field is currently in beta and is subject to change.
         :param Mapping[str, str] labels: Labels with user-defined metadata to apply to this resource.
                
                
@@ -968,7 +916,6 @@ class GetCryptoKeysKeyResult(dict):
         pulumi.set(__self__, "effective_labels", effective_labels)
         pulumi.set(__self__, "id", id)
         pulumi.set(__self__, "import_only", import_only)
-        pulumi.set(__self__, "key_access_justifications_policies", key_access_justifications_policies)
         pulumi.set(__self__, "labels", labels)
         pulumi.set(__self__, "primaries", primaries)
         pulumi.set(__self__, "pulumi_labels", pulumi_labels)
@@ -1017,21 +964,6 @@ class GetCryptoKeysKeyResult(dict):
         """
         return pulumi.get(self, "import_only")
 
-    @property
-    @pulumi.getter(name="keyAccessJustificationsPolicies")
-    def key_access_justifications_policies(self) -> Sequence['outputs.GetCryptoKeysKeyKeyAccessJustificationsPolicyResult']:
-        """
-        The policy used for Key Access Justifications Policy Enforcement. If this
-        field is present and this key is enrolled in Key Access Justifications
-        Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and
-        sign operations, and the operation will fail if rejected by the policy. The
-        policy is defined by specifying zero or more allowed justification codes.
-        https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
-        By default, this field is absent, and all justification codes are allowed.
-        This field is currently in beta and is subject to change.
-        """
-        return pulumi.get(self, "key_access_justifications_policies")
-
     @property
     @pulumi.getter
     def labels(self) -> Mapping[str, str]:
@@ -1119,28 +1051,6 @@ class GetCryptoKeysKeyResult(dict):
         return pulumi.get(self, "name")
 
 
-@pulumi.output_type
-class GetCryptoKeysKeyKeyAccessJustificationsPolicyResult(dict):
-    def __init__(__self__, *,
-                 allowed_access_reasons: Sequence[str]):
-        """
-        :param Sequence[str] allowed_access_reasons: The list of allowed reasons for access to this CryptoKey. Zero allowed
-               access reasons means all encrypt, decrypt, and sign operations for
-               this CryptoKey will fail.
-        """
-        pulumi.set(__self__, "allowed_access_reasons", allowed_access_reasons)
-
-    @property
-    @pulumi.getter(name="allowedAccessReasons")
-    def allowed_access_reasons(self) -> Sequence[str]:
-        """
-        The list of allowed reasons for access to this CryptoKey. Zero allowed
-        access reasons means all encrypt, decrypt, and sign operations for
-        this CryptoKey will fail.
-        """
-        return pulumi.get(self, "allowed_access_reasons")
-
-
 @pulumi.output_type
 class GetCryptoKeysKeyPrimaryResult(dict):
     def __init__(__self__, *,
@@ -1201,28 +1111,6 @@ class GetCryptoKeysKeyVersionTemplateResult(dict):
         return pulumi.get(self, "protection_level")
 
 
-@pulumi.output_type
-class GetKMSCryptoKeyKeyAccessJustificationsPolicyResult(dict):
-    def __init__(__self__, *,
-                 allowed_access_reasons: Sequence[str]):
-        """
-        :param Sequence[str] allowed_access_reasons: The list of allowed reasons for access to this CryptoKey. Zero allowed
-               access reasons means all encrypt, decrypt, and sign operations for
-               this CryptoKey will fail.
-        """
-        pulumi.set(__self__, "allowed_access_reasons", allowed_access_reasons)
-
-    @property
-    @pulumi.getter(name="allowedAccessReasons")
-    def allowed_access_reasons(self) -> Sequence[str]:
-        """
-        The list of allowed reasons for access to this CryptoKey. Zero allowed
-        access reasons means all encrypt, decrypt, and sign operations for
-        this CryptoKey will fail.
-        """
-        return pulumi.get(self, "allowed_access_reasons")
-
-
 @pulumi.output_type
 class GetKMSCryptoKeyPrimaryResult(dict):
     def __init__(__self__, *,

pulumi_gcp/networksecurity/address_group.py

@@ -863,7 +863,7 @@ class AddressGroup(pulumi.CustomResource):
 
     @property
     @pulumi.getter
-    def purposes(self) -> pulumi.Output[Sequence[str]]:
+    def purposes(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
         List of supported purposes of the Address Group.
         Each value may be one of: `DEFAULT`, `CLOUD_ARMOR`.

pulumi_gcp/privilegedaccessmanager/entitlement.py

@@ -449,8 +449,6 @@ class Entitlement(pulumi.CustomResource):
                  requester_justification_config: Optional[pulumi.Input[Union['EntitlementRequesterJustificationConfigArgs', 'EntitlementRequesterJustificationConfigArgsDict']]] = None,
                  __props__=None):
         """
-        An Entitlement defines the eligibility of a set of users to obtain a predefined access for some time possibly after going through an approval workflow.
-
         ## Example Usage
 
         ### Privileged Access Manager Entitlement Basic
@@ -537,8 +535,6 @@ class Entitlement(pulumi.CustomResource):
                  args: EntitlementArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        An Entitlement defines the eligibility of a set of users to obtain a predefined access for some time possibly after going through an approval workflow.
-
         ## Example Usage
 
         ### Privileged Access Manager Entitlement Basic