pulumi-gcp 7.34.0a1722421695__py3-none-any.whl → 7.35.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pulumi-gcp might be problematic. Click here for more details.

Files changed (96) hide show
  1. pulumi_gcp/__init__.py +40 -0
  2. pulumi_gcp/accesscontextmanager/_inputs.py +12 -3
  3. pulumi_gcp/accesscontextmanager/access_policy.py +18 -18
  4. pulumi_gcp/accesscontextmanager/outputs.py +8 -2
  5. pulumi_gcp/alloydb/_inputs.py +174 -0
  6. pulumi_gcp/alloydb/instance.py +54 -0
  7. pulumi_gcp/alloydb/outputs.py +133 -0
  8. pulumi_gcp/apigee/__init__.py +2 -0
  9. pulumi_gcp/apigee/environment_keyvaluemaps.py +370 -0
  10. pulumi_gcp/apigee/environment_keyvaluemaps_entries.py +440 -0
  11. pulumi_gcp/apigee/instance.py +2 -2
  12. pulumi_gcp/apigee/nat_address.py +2 -2
  13. pulumi_gcp/apigee/organization.py +4 -4
  14. pulumi_gcp/apphub/service_project_attachment.py +11 -11
  15. pulumi_gcp/bigquery/_inputs.py +36 -0
  16. pulumi_gcp/bigquery/app_profile.py +54 -0
  17. pulumi_gcp/bigquery/data_transfer_config.py +52 -0
  18. pulumi_gcp/bigquery/outputs.py +38 -0
  19. pulumi_gcp/bigquery/reservation.py +34 -4
  20. pulumi_gcp/bigquery/table.py +65 -21
  21. pulumi_gcp/bigtable/table.py +27 -26
  22. pulumi_gcp/certificateauthority/authority.py +4 -4
  23. pulumi_gcp/cloudfunctions/function.py +47 -0
  24. pulumi_gcp/cloudfunctions/get_function.py +11 -1
  25. pulumi_gcp/cloudfunctionsv2/function.py +2 -2
  26. pulumi_gcp/cloudrun/_inputs.py +24 -21
  27. pulumi_gcp/cloudrun/outputs.py +20 -24
  28. pulumi_gcp/cloudrunv2/_inputs.py +3 -0
  29. pulumi_gcp/cloudrunv2/outputs.py +4 -0
  30. pulumi_gcp/compute/__init__.py +2 -0
  31. pulumi_gcp/compute/_inputs.py +2358 -353
  32. pulumi_gcp/compute/backend_service.py +6 -0
  33. pulumi_gcp/compute/disk.py +75 -0
  34. pulumi_gcp/compute/get_disk.py +11 -1
  35. pulumi_gcp/compute/get_hc_vpn_gateway.py +11 -1
  36. pulumi_gcp/compute/get_instance_template.py +2 -2
  37. pulumi_gcp/compute/get_region_instance_template.py +2 -2
  38. pulumi_gcp/compute/get_snapshot.py +2 -2
  39. pulumi_gcp/compute/ha_vpn_gateway.py +68 -7
  40. pulumi_gcp/compute/outputs.py +1490 -31
  41. pulumi_gcp/compute/public_advertised_prefix.py +30 -2
  42. pulumi_gcp/compute/resize_request.py +782 -0
  43. pulumi_gcp/compute/router_peer.py +437 -0
  44. pulumi_gcp/compute/router_route_policy.py +616 -0
  45. pulumi_gcp/compute/service_attachment.py +7 -14
  46. pulumi_gcp/container/_inputs.py +218 -21
  47. pulumi_gcp/container/node_pool.py +0 -14
  48. pulumi_gcp/container/outputs.py +228 -14
  49. pulumi_gcp/databasemigrationservice/private_connection.py +10 -6
  50. pulumi_gcp/dataloss/_inputs.py +707 -21
  51. pulumi_gcp/dataloss/outputs.py +588 -14
  52. pulumi_gcp/datastore/data_store_index.py +24 -12
  53. pulumi_gcp/datastream/_inputs.py +83 -3
  54. pulumi_gcp/datastream/outputs.py +51 -3
  55. pulumi_gcp/datastream/stream.py +170 -0
  56. pulumi_gcp/firebase/database_instance.py +8 -8
  57. pulumi_gcp/firebase/hosting_site.py +8 -8
  58. pulumi_gcp/firebase/project.py +10 -2
  59. pulumi_gcp/firestore/index.py +10 -10
  60. pulumi_gcp/gkeonprem/_inputs.py +78 -78
  61. pulumi_gcp/gkeonprem/outputs.py +52 -52
  62. pulumi_gcp/iap/client.py +4 -4
  63. pulumi_gcp/integrationconnectors/_inputs.py +30 -30
  64. pulumi_gcp/integrationconnectors/outputs.py +20 -20
  65. pulumi_gcp/kms/key_handle.py +7 -7
  66. pulumi_gcp/migrationcenter/_inputs.py +21 -129
  67. pulumi_gcp/migrationcenter/outputs.py +14 -86
  68. pulumi_gcp/netapp/volume.py +1 -1
  69. pulumi_gcp/networkconnectivity/_inputs.py +3 -6
  70. pulumi_gcp/networkconnectivity/hub.py +129 -49
  71. pulumi_gcp/networkconnectivity/outputs.py +2 -4
  72. pulumi_gcp/networkconnectivity/spoke.py +159 -104
  73. pulumi_gcp/networksecurity/tls_inspection_policy.py +2 -2
  74. pulumi_gcp/organizations/project.py +16 -7
  75. pulumi_gcp/orgpolicy/policy.py +4 -4
  76. pulumi_gcp/projects/get_project_service.py +11 -1
  77. pulumi_gcp/projects/service.py +68 -0
  78. pulumi_gcp/projects/service_identity.py +30 -2
  79. pulumi_gcp/pubsub/subscription.py +6 -6
  80. pulumi_gcp/pulumi-plugin.json +1 -1
  81. pulumi_gcp/securesourcemanager/instance.py +528 -4
  82. pulumi_gcp/securitycenter/__init__.py +1 -0
  83. pulumi_gcp/securitycenter/v2_organization_mute_config.py +673 -0
  84. pulumi_gcp/sql/_inputs.py +35 -15
  85. pulumi_gcp/sql/database_instance.py +2 -2
  86. pulumi_gcp/sql/outputs.py +50 -14
  87. pulumi_gcp/vertex/ai_feature_online_store_featureview.py +4 -4
  88. pulumi_gcp/vmwareengine/get_private_cloud.py +21 -1
  89. pulumi_gcp/vmwareengine/private_cloud.py +121 -2
  90. pulumi_gcp/workbench/_inputs.py +77 -0
  91. pulumi_gcp/workbench/instance.py +18 -4
  92. pulumi_gcp/workbench/outputs.py +67 -1
  93. {pulumi_gcp-7.34.0a1722421695.dist-info → pulumi_gcp-7.35.0.dist-info}/METADATA +1 -1
  94. {pulumi_gcp-7.34.0a1722421695.dist-info → pulumi_gcp-7.35.0.dist-info}/RECORD +96 -91
  95. {pulumi_gcp-7.34.0a1722421695.dist-info → pulumi_gcp-7.35.0.dist-info}/WHEEL +0 -0
  96. {pulumi_gcp-7.34.0a1722421695.dist-info → pulumi_gcp-7.35.0.dist-info}/top_level.txt +0 -0
pulumi_gcp/securesourcemanager/instance.py CHANGED
@@ -500,7 +500,7 @@ class Instance(pulumi.CustomResource):
500
500
  role="roles/privateca.certificateRequester",
501
501
  members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
502
502
  # ca pool IAM permissions can take time to propagate
503
- wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
503
+ wait120_seconds = time.index.Sleep("wait_120_seconds", create_duration=120s,
504
504
  opts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))
505
505
  default = gcp.securesourcemanager.Instance("default",
506
506
  instance_id="my-instance",
@@ -511,9 +511,271 @@ class Instance(pulumi.CustomResource):
511
511
  },
512
512
  opts = pulumi.ResourceOptions(depends_on=[
513
513
  root_ca,
514
- wait60_seconds,
514
+ wait120_seconds,
515
515
  ]))
516
516
  ```
517
+ ### Secure Source Manager Instance Private Psc Backend
518
+
519
+ ```python
520
+ import pulumi
521
+ import pulumi_gcp as gcp
522
+ import pulumi_time as time
523
+
524
+ project = gcp.organizations.get_project()
525
+ ca_pool = gcp.certificateauthority.CaPool("ca_pool",
526
+ name="ca-pool",
527
+ location="us-central1",
528
+ tier="ENTERPRISE",
529
+ publishing_options={
530
+ "publish_ca_cert": True,
531
+ "publish_crl": True,
532
+ })
533
+ root_ca = gcp.certificateauthority.Authority("root_ca",
534
+ pool=ca_pool.name,
535
+ certificate_authority_id="root-ca",
536
+ location="us-central1",
537
+ config={
538
+ "subject_config": {
539
+ "subject": {
540
+ "organization": "google",
541
+ "common_name": "my-certificate-authority",
542
+ },
543
+ },
544
+ "x509_config": {
545
+ "ca_options": {
546
+ "is_ca": True,
547
+ },
548
+ "key_usage": {
549
+ "base_key_usage": {
550
+ "cert_sign": True,
551
+ "crl_sign": True,
552
+ },
553
+ "extended_key_usage": {
554
+ "server_auth": True,
555
+ },
556
+ },
557
+ },
558
+ },
559
+ key_spec={
560
+ "algorithm": "RSA_PKCS1_4096_SHA256",
561
+ },
562
+ deletion_protection=False,
563
+ ignore_active_certificates_on_deletion=True,
564
+ skip_grace_period=True)
565
+ ca_pool_binding = gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding",
566
+ ca_pool=ca_pool.id,
567
+ role="roles/privateca.certificateRequester",
568
+ members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
569
+ # ca pool IAM permissions can take time to propagate
570
+ wait120_seconds = time.index.Sleep("wait_120_seconds", create_duration=120s,
571
+ opts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))
572
+ # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api
573
+ default = gcp.securesourcemanager.Instance("default",
574
+ instance_id="my-instance",
575
+ location="us-central1",
576
+ private_config={
577
+ "is_private": True,
578
+ "ca_pool": ca_pool.id,
579
+ },
580
+ opts = pulumi.ResourceOptions(depends_on=[
581
+ root_ca,
582
+ wait120_seconds,
583
+ ]))
584
+ # Connect SSM private instance with L4 proxy ILB.
585
+ network = gcp.compute.Network("network",
586
+ name="my-network",
587
+ auto_create_subnetworks=False)
588
+ subnet = gcp.compute.Subnetwork("subnet",
589
+ name="my-subnet",
590
+ region="us-central1",
591
+ network=network.id,
592
+ ip_cidr_range="10.0.1.0/24",
593
+ private_ip_google_access=True)
594
+ psc_neg = gcp.compute.RegionNetworkEndpointGroup("psc_neg",
595
+ name="my-neg",
596
+ region="us-central1",
597
+ network_endpoint_type="PRIVATE_SERVICE_CONNECT",
598
+ psc_target_service=default.private_config.http_service_attachment,
599
+ network=network.id,
600
+ subnetwork=subnet.id)
601
+ backend_service = gcp.compute.RegionBackendService("backend_service",
602
+ name="my-backend-service",
603
+ region="us-central1",
604
+ protocol="TCP",
605
+ load_balancing_scheme="INTERNAL_MANAGED",
606
+ backends=[{
607
+ "group": psc_neg.id,
608
+ "balancing_mode": "UTILIZATION",
609
+ "capacity_scaler": 1,
610
+ }])
611
+ proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
612
+ name="my-proxy-subnet",
613
+ region="us-central1",
614
+ network=network.id,
615
+ ip_cidr_range="10.0.2.0/24",
616
+ purpose="REGIONAL_MANAGED_PROXY",
617
+ role="ACTIVE")
618
+ target_proxy = gcp.compute.RegionTargetTcpProxy("target_proxy",
619
+ name="my-target-proxy",
620
+ region="us-central1",
621
+ backend_service=backend_service.id)
622
+ fw_rule_target_proxy = gcp.compute.ForwardingRule("fw_rule_target_proxy",
623
+ name="fw-rule-target-proxy",
624
+ region="us-central1",
625
+ load_balancing_scheme="INTERNAL_MANAGED",
626
+ ip_protocol="TCP",
627
+ port_range="443",
628
+ target=target_proxy.id,
629
+ network=network.id,
630
+ subnetwork=subnet.id,
631
+ network_tier="PREMIUM",
632
+ opts = pulumi.ResourceOptions(depends_on=[proxy_subnet]))
633
+ private_zone = gcp.dns.ManagedZone("private_zone",
634
+ name="my-dns-zone",
635
+ dns_name="p.sourcemanager.dev.",
636
+ visibility="private",
637
+ private_visibility_config={
638
+ "networks": [{
639
+ "network_url": network.id,
640
+ }],
641
+ })
642
+ ssm_instance_html_record = gcp.dns.RecordSet("ssm_instance_html_record",
643
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].html}."),
644
+ type="A",
645
+ ttl=300,
646
+ managed_zone=private_zone.name,
647
+ rrdatas=[fw_rule_target_proxy.ip_address])
648
+ ssm_instance_api_record = gcp.dns.RecordSet("ssm_instance_api_record",
649
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].api}."),
650
+ type="A",
651
+ ttl=300,
652
+ managed_zone=private_zone.name,
653
+ rrdatas=[fw_rule_target_proxy.ip_address])
654
+ ssm_instance_git_record = gcp.dns.RecordSet("ssm_instance_git_record",
655
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].git_http}."),
656
+ type="A",
657
+ ttl=300,
658
+ managed_zone=private_zone.name,
659
+ rrdatas=[fw_rule_target_proxy.ip_address])
660
+ ```
661
+ ### Secure Source Manager Instance Private Psc Endpoint
662
+
663
+ ```python
664
+ import pulumi
665
+ import pulumi_gcp as gcp
666
+ import pulumi_time as time
667
+
668
+ project = gcp.organizations.get_project()
669
+ ca_pool = gcp.certificateauthority.CaPool("ca_pool",
670
+ name="ca-pool",
671
+ location="us-central1",
672
+ tier="ENTERPRISE",
673
+ publishing_options={
674
+ "publish_ca_cert": True,
675
+ "publish_crl": True,
676
+ })
677
+ root_ca = gcp.certificateauthority.Authority("root_ca",
678
+ pool=ca_pool.name,
679
+ certificate_authority_id="root-ca",
680
+ location="us-central1",
681
+ config={
682
+ "subject_config": {
683
+ "subject": {
684
+ "organization": "google",
685
+ "common_name": "my-certificate-authority",
686
+ },
687
+ },
688
+ "x509_config": {
689
+ "ca_options": {
690
+ "is_ca": True,
691
+ },
692
+ "key_usage": {
693
+ "base_key_usage": {
694
+ "cert_sign": True,
695
+ "crl_sign": True,
696
+ },
697
+ "extended_key_usage": {
698
+ "server_auth": True,
699
+ },
700
+ },
701
+ },
702
+ },
703
+ key_spec={
704
+ "algorithm": "RSA_PKCS1_4096_SHA256",
705
+ },
706
+ deletion_protection=False,
707
+ ignore_active_certificates_on_deletion=True,
708
+ skip_grace_period=True)
709
+ ca_pool_binding = gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding",
710
+ ca_pool=ca_pool.id,
711
+ role="roles/privateca.certificateRequester",
712
+ members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
713
+ # ca pool IAM permissions can take time to propagate
714
+ wait120_seconds = time.index.Sleep("wait_120_seconds", create_duration=120s,
715
+ opts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))
716
+ # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api
717
+ default = gcp.securesourcemanager.Instance("default",
718
+ instance_id="my-instance",
719
+ location="us-central1",
720
+ private_config={
721
+ "is_private": True,
722
+ "ca_pool": ca_pool.id,
723
+ },
724
+ opts = pulumi.ResourceOptions(depends_on=[
725
+ root_ca,
726
+ wait120_seconds,
727
+ ]))
728
+ # Connect SSM private instance with endpoint.
729
+ network = gcp.compute.Network("network",
730
+ name="my-network",
731
+ auto_create_subnetworks=False)
732
+ subnet = gcp.compute.Subnetwork("subnet",
733
+ name="my-subnet",
734
+ region="us-central1",
735
+ network=network.id,
736
+ ip_cidr_range="10.0.60.0/24",
737
+ private_ip_google_access=True)
738
+ address = gcp.compute.Address("address",
739
+ name="my-address",
740
+ region="us-central1",
741
+ address="10.0.60.100",
742
+ address_type="INTERNAL",
743
+ subnetwork=subnet.id)
744
+ fw_rule_service_attachment = gcp.compute.ForwardingRule("fw_rule_service_attachment",
745
+ name="fw-rule-service-attachment",
746
+ region="us-central1",
747
+ load_balancing_scheme="",
748
+ ip_address=address.id,
749
+ network=network.id,
750
+ target=default.private_config.http_service_attachment)
751
+ private_zone = gcp.dns.ManagedZone("private_zone",
752
+ name="my-dns-zone",
753
+ dns_name="p.sourcemanager.dev.",
754
+ visibility="private",
755
+ private_visibility_config={
756
+ "networks": [{
757
+ "network_url": network.id,
758
+ }],
759
+ })
760
+ ssm_instance_html_record = gcp.dns.RecordSet("ssm_instance_html_record",
761
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].html}."),
762
+ type="A",
763
+ ttl=300,
764
+ managed_zone=private_zone.name,
765
+ rrdatas=[fw_rule_service_attachment.ip_address])
766
+ ssm_instance_api_record = gcp.dns.RecordSet("ssm_instance_api_record",
767
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].api}."),
768
+ type="A",
769
+ ttl=300,
770
+ managed_zone=private_zone.name,
771
+ rrdatas=[fw_rule_service_attachment.ip_address])
772
+ ssm_instance_git_record = gcp.dns.RecordSet("ssm_instance_git_record",
773
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].git_http}."),
774
+ type="A",
775
+ ttl=300,
776
+ managed_zone=private_zone.name,
777
+ rrdatas=[fw_rule_service_attachment.ip_address])
778
+ ```
517
779
 
518
780
  ## Import
519
781
 
@@ -668,7 +930,7 @@ class Instance(pulumi.CustomResource):
668
930
  role="roles/privateca.certificateRequester",
669
931
  members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
670
932
  # ca pool IAM permissions can take time to propagate
671
- wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
933
+ wait120_seconds = time.index.Sleep("wait_120_seconds", create_duration=120s,
672
934
  opts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))
673
935
  default = gcp.securesourcemanager.Instance("default",
674
936
  instance_id="my-instance",
@@ -679,9 +941,271 @@ class Instance(pulumi.CustomResource):
679
941
  },
680
942
  opts = pulumi.ResourceOptions(depends_on=[
681
943
  root_ca,
682
- wait60_seconds,
944
+ wait120_seconds,
683
945
  ]))
684
946
  ```
947
+ ### Secure Source Manager Instance Private Psc Backend
948
+
949
+ ```python
950
+ import pulumi
951
+ import pulumi_gcp as gcp
952
+ import pulumi_time as time
953
+
954
+ project = gcp.organizations.get_project()
955
+ ca_pool = gcp.certificateauthority.CaPool("ca_pool",
956
+ name="ca-pool",
957
+ location="us-central1",
958
+ tier="ENTERPRISE",
959
+ publishing_options={
960
+ "publish_ca_cert": True,
961
+ "publish_crl": True,
962
+ })
963
+ root_ca = gcp.certificateauthority.Authority("root_ca",
964
+ pool=ca_pool.name,
965
+ certificate_authority_id="root-ca",
966
+ location="us-central1",
967
+ config={
968
+ "subject_config": {
969
+ "subject": {
970
+ "organization": "google",
971
+ "common_name": "my-certificate-authority",
972
+ },
973
+ },
974
+ "x509_config": {
975
+ "ca_options": {
976
+ "is_ca": True,
977
+ },
978
+ "key_usage": {
979
+ "base_key_usage": {
980
+ "cert_sign": True,
981
+ "crl_sign": True,
982
+ },
983
+ "extended_key_usage": {
984
+ "server_auth": True,
985
+ },
986
+ },
987
+ },
988
+ },
989
+ key_spec={
990
+ "algorithm": "RSA_PKCS1_4096_SHA256",
991
+ },
992
+ deletion_protection=False,
993
+ ignore_active_certificates_on_deletion=True,
994
+ skip_grace_period=True)
995
+ ca_pool_binding = gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding",
996
+ ca_pool=ca_pool.id,
997
+ role="roles/privateca.certificateRequester",
998
+ members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
999
+ # ca pool IAM permissions can take time to propagate
1000
+ wait120_seconds = time.index.Sleep("wait_120_seconds", create_duration=120s,
1001
+ opts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))
1002
+ # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api
1003
+ default = gcp.securesourcemanager.Instance("default",
1004
+ instance_id="my-instance",
1005
+ location="us-central1",
1006
+ private_config={
1007
+ "is_private": True,
1008
+ "ca_pool": ca_pool.id,
1009
+ },
1010
+ opts = pulumi.ResourceOptions(depends_on=[
1011
+ root_ca,
1012
+ wait120_seconds,
1013
+ ]))
1014
+ # Connect SSM private instance with L4 proxy ILB.
1015
+ network = gcp.compute.Network("network",
1016
+ name="my-network",
1017
+ auto_create_subnetworks=False)
1018
+ subnet = gcp.compute.Subnetwork("subnet",
1019
+ name="my-subnet",
1020
+ region="us-central1",
1021
+ network=network.id,
1022
+ ip_cidr_range="10.0.1.0/24",
1023
+ private_ip_google_access=True)
1024
+ psc_neg = gcp.compute.RegionNetworkEndpointGroup("psc_neg",
1025
+ name="my-neg",
1026
+ region="us-central1",
1027
+ network_endpoint_type="PRIVATE_SERVICE_CONNECT",
1028
+ psc_target_service=default.private_config.http_service_attachment,
1029
+ network=network.id,
1030
+ subnetwork=subnet.id)
1031
+ backend_service = gcp.compute.RegionBackendService("backend_service",
1032
+ name="my-backend-service",
1033
+ region="us-central1",
1034
+ protocol="TCP",
1035
+ load_balancing_scheme="INTERNAL_MANAGED",
1036
+ backends=[{
1037
+ "group": psc_neg.id,
1038
+ "balancing_mode": "UTILIZATION",
1039
+ "capacity_scaler": 1,
1040
+ }])
1041
+ proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
1042
+ name="my-proxy-subnet",
1043
+ region="us-central1",
1044
+ network=network.id,
1045
+ ip_cidr_range="10.0.2.0/24",
1046
+ purpose="REGIONAL_MANAGED_PROXY",
1047
+ role="ACTIVE")
1048
+ target_proxy = gcp.compute.RegionTargetTcpProxy("target_proxy",
1049
+ name="my-target-proxy",
1050
+ region="us-central1",
1051
+ backend_service=backend_service.id)
1052
+ fw_rule_target_proxy = gcp.compute.ForwardingRule("fw_rule_target_proxy",
1053
+ name="fw-rule-target-proxy",
1054
+ region="us-central1",
1055
+ load_balancing_scheme="INTERNAL_MANAGED",
1056
+ ip_protocol="TCP",
1057
+ port_range="443",
1058
+ target=target_proxy.id,
1059
+ network=network.id,
1060
+ subnetwork=subnet.id,
1061
+ network_tier="PREMIUM",
1062
+ opts = pulumi.ResourceOptions(depends_on=[proxy_subnet]))
1063
+ private_zone = gcp.dns.ManagedZone("private_zone",
1064
+ name="my-dns-zone",
1065
+ dns_name="p.sourcemanager.dev.",
1066
+ visibility="private",
1067
+ private_visibility_config={
1068
+ "networks": [{
1069
+ "network_url": network.id,
1070
+ }],
1071
+ })
1072
+ ssm_instance_html_record = gcp.dns.RecordSet("ssm_instance_html_record",
1073
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].html}."),
1074
+ type="A",
1075
+ ttl=300,
1076
+ managed_zone=private_zone.name,
1077
+ rrdatas=[fw_rule_target_proxy.ip_address])
1078
+ ssm_instance_api_record = gcp.dns.RecordSet("ssm_instance_api_record",
1079
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].api}."),
1080
+ type="A",
1081
+ ttl=300,
1082
+ managed_zone=private_zone.name,
1083
+ rrdatas=[fw_rule_target_proxy.ip_address])
1084
+ ssm_instance_git_record = gcp.dns.RecordSet("ssm_instance_git_record",
1085
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].git_http}."),
1086
+ type="A",
1087
+ ttl=300,
1088
+ managed_zone=private_zone.name,
1089
+ rrdatas=[fw_rule_target_proxy.ip_address])
1090
+ ```
1091
+ ### Secure Source Manager Instance Private Psc Endpoint
1092
+
1093
+ ```python
1094
+ import pulumi
1095
+ import pulumi_gcp as gcp
1096
+ import pulumi_time as time
1097
+
1098
+ project = gcp.organizations.get_project()
1099
+ ca_pool = gcp.certificateauthority.CaPool("ca_pool",
1100
+ name="ca-pool",
1101
+ location="us-central1",
1102
+ tier="ENTERPRISE",
1103
+ publishing_options={
1104
+ "publish_ca_cert": True,
1105
+ "publish_crl": True,
1106
+ })
1107
+ root_ca = gcp.certificateauthority.Authority("root_ca",
1108
+ pool=ca_pool.name,
1109
+ certificate_authority_id="root-ca",
1110
+ location="us-central1",
1111
+ config={
1112
+ "subject_config": {
1113
+ "subject": {
1114
+ "organization": "google",
1115
+ "common_name": "my-certificate-authority",
1116
+ },
1117
+ },
1118
+ "x509_config": {
1119
+ "ca_options": {
1120
+ "is_ca": True,
1121
+ },
1122
+ "key_usage": {
1123
+ "base_key_usage": {
1124
+ "cert_sign": True,
1125
+ "crl_sign": True,
1126
+ },
1127
+ "extended_key_usage": {
1128
+ "server_auth": True,
1129
+ },
1130
+ },
1131
+ },
1132
+ },
1133
+ key_spec={
1134
+ "algorithm": "RSA_PKCS1_4096_SHA256",
1135
+ },
1136
+ deletion_protection=False,
1137
+ ignore_active_certificates_on_deletion=True,
1138
+ skip_grace_period=True)
1139
+ ca_pool_binding = gcp.certificateauthority.CaPoolIamBinding("ca_pool_binding",
1140
+ ca_pool=ca_pool.id,
1141
+ role="roles/privateca.certificateRequester",
1142
+ members=[f"serviceAccount:service-{project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"])
1143
+ # ca pool IAM permissions can take time to propagate
1144
+ wait120_seconds = time.index.Sleep("wait_120_seconds", create_duration=120s,
1145
+ opts = pulumi.ResourceOptions(depends_on=[ca_pool_binding]))
1146
+ # See https://cloud.google.com/secure-source-manager/docs/create-private-service-connect-instance#root-ca-api
1147
+ default = gcp.securesourcemanager.Instance("default",
1148
+ instance_id="my-instance",
1149
+ location="us-central1",
1150
+ private_config={
1151
+ "is_private": True,
1152
+ "ca_pool": ca_pool.id,
1153
+ },
1154
+ opts = pulumi.ResourceOptions(depends_on=[
1155
+ root_ca,
1156
+ wait120_seconds,
1157
+ ]))
1158
+ # Connect SSM private instance with endpoint.
1159
+ network = gcp.compute.Network("network",
1160
+ name="my-network",
1161
+ auto_create_subnetworks=False)
1162
+ subnet = gcp.compute.Subnetwork("subnet",
1163
+ name="my-subnet",
1164
+ region="us-central1",
1165
+ network=network.id,
1166
+ ip_cidr_range="10.0.60.0/24",
1167
+ private_ip_google_access=True)
1168
+ address = gcp.compute.Address("address",
1169
+ name="my-address",
1170
+ region="us-central1",
1171
+ address="10.0.60.100",
1172
+ address_type="INTERNAL",
1173
+ subnetwork=subnet.id)
1174
+ fw_rule_service_attachment = gcp.compute.ForwardingRule("fw_rule_service_attachment",
1175
+ name="fw-rule-service-attachment",
1176
+ region="us-central1",
1177
+ load_balancing_scheme="",
1178
+ ip_address=address.id,
1179
+ network=network.id,
1180
+ target=default.private_config.http_service_attachment)
1181
+ private_zone = gcp.dns.ManagedZone("private_zone",
1182
+ name="my-dns-zone",
1183
+ dns_name="p.sourcemanager.dev.",
1184
+ visibility="private",
1185
+ private_visibility_config={
1186
+ "networks": [{
1187
+ "network_url": network.id,
1188
+ }],
1189
+ })
1190
+ ssm_instance_html_record = gcp.dns.RecordSet("ssm_instance_html_record",
1191
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].html}."),
1192
+ type="A",
1193
+ ttl=300,
1194
+ managed_zone=private_zone.name,
1195
+ rrdatas=[fw_rule_service_attachment.ip_address])
1196
+ ssm_instance_api_record = gcp.dns.RecordSet("ssm_instance_api_record",
1197
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].api}."),
1198
+ type="A",
1199
+ ttl=300,
1200
+ managed_zone=private_zone.name,
1201
+ rrdatas=[fw_rule_service_attachment.ip_address])
1202
+ ssm_instance_git_record = gcp.dns.RecordSet("ssm_instance_git_record",
1203
+ name=default.host_configs.apply(lambda host_configs: f"{host_configs[0].git_http}."),
1204
+ type="A",
1205
+ ttl=300,
1206
+ managed_zone=private_zone.name,
1207
+ rrdatas=[fw_rule_service_attachment.ip_address])
1208
+ ```
685
1209
 
686
1210
  ## Import
687
1211
 
pulumi_gcp/securitycenter/__init__.py CHANGED
@@ -24,6 +24,7 @@ from .source import *
24
24
  from .source_iam_binding import *
25
25
  from .source_iam_member import *
26
26
  from .source_iam_policy import *
27
+ from .v2_organization_mute_config import *
27
28
  from .v2_organization_notification_config import *
28
29
  from ._inputs import *
29
30
  from . import outputs