pulumi-gcp 7.35.0a1722924350__py3-none-any.whl → 7.36.0__py3-none-any.whl

pulumi_gcp/accesscontextmanager/_inputs.py

@@ -2686,7 +2686,10 @@ if not MYPY:
         """
         A Google Cloud resource that is allowed to ingress the perimeter.
         Requests from these resources will be allowed to access perimeter data.
-        Currently only projects are allowed. Format `projects/{project_number}`
+        Currently only projects and VPCs are allowed.
+        Project format: `projects/{projectNumber}`
+        VPC network format:
+        `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
         The project may be in any Google Cloud organization, not just the
         organization that the perimeter is defined in. `*` is not allowed, the case
         of allowing all Google Cloud resources only is not supported.
@@ -2710,7 +2713,10 @@ class ServicePerimeterIngressPolicyIngressFromSourceArgs:
                If * is specified, then all IngressSources will be allowed.
         :param pulumi.Input[str] resource: A Google Cloud resource that is allowed to ingress the perimeter.
                Requests from these resources will be allowed to access perimeter data.
-               Currently only projects are allowed. Format `projects/{project_number}`
+               Currently only projects and VPCs are allowed.
+               Project format: `projects/{projectNumber}`
+               VPC network format:
+               `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
                The project may be in any Google Cloud organization, not just the
                organization that the perimeter is defined in. `*` is not allowed, the case
                of allowing all Google Cloud resources only is not supported.
@@ -2745,7 +2751,10 @@ class ServicePerimeterIngressPolicyIngressFromSourceArgs:
         """
         A Google Cloud resource that is allowed to ingress the perimeter.
         Requests from these resources will be allowed to access perimeter data.
-        Currently only projects are allowed. Format `projects/{project_number}`
+        Currently only projects and VPCs are allowed.
+        Project format: `projects/{projectNumber}`
+        VPC network format:
+        `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
         The project may be in any Google Cloud organization, not just the
         organization that the perimeter is defined in. `*` is not allowed, the case
         of allowing all Google Cloud resources only is not supported.

pulumi_gcp/accesscontextmanager/access_policy.py

@@ -25,13 +25,13 @@ class AccessPolicyArgs:
         """
         The set of arguments for constructing a AccessPolicy resource.
         :param pulumi.Input[str] parent: The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-               Format: organizations/{organization_id}
+               Format: 'organizations/{{organization_id}}'
         :param pulumi.Input[str] title: Human readable title. Does not affect behavior.
                
                
                - - -
         :param pulumi.Input[str] scopes: Folder or project on which this policy is applicable.
-               Format: folders/{{folder_id}} or projects/{{project_id}}
+               Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         """
         pulumi.set(__self__, "parent", parent)
         pulumi.set(__self__, "title", title)
@@ -43,7 +43,7 @@ class AccessPolicyArgs:
     def parent(self) -> pulumi.Input[str]:
         """
         The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-        Format: organizations/{organization_id}
+        Format: 'organizations/{{organization_id}}'
         """
         return pulumi.get(self, "parent")
 
@@ -71,7 +71,7 @@ class AccessPolicyArgs:
     def scopes(self) -> Optional[pulumi.Input[str]]:
         """
         Folder or project on which this policy is applicable.
-        Format: folders/{{folder_id}} or projects/{{project_id}}
+        Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         """
         return pulumi.get(self, "scopes")
 
@@ -92,11 +92,11 @@ class _AccessPolicyState:
         """
         Input properties used for looking up and filtering AccessPolicy resources.
         :param pulumi.Input[str] create_time: Time the AccessPolicy was created in UTC.
-        :param pulumi.Input[str] name: Resource name of the AccessPolicy. Format: {policy_id}
+        :param pulumi.Input[str] name: Resource name of the AccessPolicy. Format: '{{policy_id}}'
         :param pulumi.Input[str] parent: The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-               Format: organizations/{organization_id}
+               Format: 'organizations/{{organization_id}}'
         :param pulumi.Input[str] scopes: Folder or project on which this policy is applicable.
-               Format: folders/{{folder_id}} or projects/{{project_id}}
+               Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         :param pulumi.Input[str] title: Human readable title. Does not affect behavior.
                
                
@@ -132,7 +132,7 @@ class _AccessPolicyState:
     @pulumi.getter
     def name(self) -> Optional[pulumi.Input[str]]:
         """
-        Resource name of the AccessPolicy. Format: {policy_id}
+        Resource name of the AccessPolicy. Format: '{{policy_id}}'
         """
         return pulumi.get(self, "name")
 
@@ -145,7 +145,7 @@ class _AccessPolicyState:
     def parent(self) -> Optional[pulumi.Input[str]]:
         """
         The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-        Format: organizations/{organization_id}
+        Format: 'organizations/{{organization_id}}'
         """
         return pulumi.get(self, "parent")
 
@@ -158,7 +158,7 @@ class _AccessPolicyState:
     def scopes(self) -> Optional[pulumi.Input[str]]:
         """
         Folder or project on which this policy is applicable.
-        Format: folders/{{folder_id}} or projects/{{project_id}}
+        Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         """
         return pulumi.get(self, "scopes")
 
@@ -265,9 +265,9 @@ class AccessPolicy(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] parent: The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-               Format: organizations/{organization_id}
+               Format: 'organizations/{{organization_id}}'
         :param pulumi.Input[str] scopes: Folder or project on which this policy is applicable.
-               Format: folders/{{folder_id}} or projects/{{project_id}}
+               Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         :param pulumi.Input[str] title: Human readable title. Does not affect behavior.
                
                
@@ -399,11 +399,11 @@ class AccessPolicy(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] create_time: Time the AccessPolicy was created in UTC.
-        :param pulumi.Input[str] name: Resource name of the AccessPolicy. Format: {policy_id}
+        :param pulumi.Input[str] name: Resource name of the AccessPolicy. Format: '{{policy_id}}'
         :param pulumi.Input[str] parent: The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-               Format: organizations/{organization_id}
+               Format: 'organizations/{{organization_id}}'
         :param pulumi.Input[str] scopes: Folder or project on which this policy is applicable.
-               Format: folders/{{folder_id}} or projects/{{project_id}}
+               Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         :param pulumi.Input[str] title: Human readable title. Does not affect behavior.
                
                
@@ -434,7 +434,7 @@ class AccessPolicy(pulumi.CustomResource):
     @pulumi.getter
     def name(self) -> pulumi.Output[str]:
         """
-        Resource name of the AccessPolicy. Format: {policy_id}
+        Resource name of the AccessPolicy. Format: '{{policy_id}}'
         """
         return pulumi.get(self, "name")
 
@@ -443,7 +443,7 @@ class AccessPolicy(pulumi.CustomResource):
     def parent(self) -> pulumi.Output[str]:
         """
         The parent of this AccessPolicy in the Cloud Resource Hierarchy.
-        Format: organizations/{organization_id}
+        Format: 'organizations/{{organization_id}}'
         """
         return pulumi.get(self, "parent")
 
@@ -452,7 +452,7 @@ class AccessPolicy(pulumi.CustomResource):
     def scopes(self) -> pulumi.Output[Optional[str]]:
         """
         Folder or project on which this policy is applicable.
-        Format: folders/{{folder_id}} or projects/{{project_id}}
+        Format: 'folders/{{folder_id}}' or 'projects/{{project_number}}'
         """
         return pulumi.get(self, "scopes")
 

pulumi_gcp/accesscontextmanager/access_policy_iam_binding.py

@@ -280,6 +280,26 @@ class AccessPolicyIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy
+        Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
+        * `accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
+        * `accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `accesscontextmanager.AccessPolicyIamBinding` and `accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## accesscontextmanager.AccessPolicyIamPolicy
 
         ```python
@@ -431,6 +451,26 @@ class AccessPolicyIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy
+        Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
+        * `accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
+        * `accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `accesscontextmanager.AccessPolicyIamBinding` and `accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## accesscontextmanager.AccessPolicyIamPolicy
 
         ```python

pulumi_gcp/accesscontextmanager/access_policy_iam_member.py

@@ -280,6 +280,26 @@ class AccessPolicyIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy
+        Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
+        * `accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
+        * `accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `accesscontextmanager.AccessPolicyIamBinding` and `accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## accesscontextmanager.AccessPolicyIamPolicy
 
         ```python
@@ -431,6 +451,26 @@ class AccessPolicyIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy
+        Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
+        * `accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
+        * `accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `accesscontextmanager.AccessPolicyIamBinding` and `accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## accesscontextmanager.AccessPolicyIamPolicy
 
         ```python

pulumi_gcp/accesscontextmanager/access_policy_iam_policy.py

@@ -177,6 +177,26 @@ class AccessPolicyIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy
+        Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
+        * `accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
+        * `accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `accesscontextmanager.AccessPolicyIamBinding` and `accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## accesscontextmanager.AccessPolicyIamPolicy
 
         ```python
@@ -316,6 +336,26 @@ class AccessPolicyIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy
+        Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.
+        * `accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.
+        * `accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `accesscontextmanager.AccessPolicyIamBinding` and `accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## accesscontextmanager.AccessPolicyIamPolicy
 
         ```python

pulumi_gcp/accesscontextmanager/outputs.py

@@ -2049,7 +2049,10 @@ class ServicePerimeterIngressPolicyIngressFromSource(dict):
                If * is specified, then all IngressSources will be allowed.
         :param str resource: A Google Cloud resource that is allowed to ingress the perimeter.
                Requests from these resources will be allowed to access perimeter data.
-               Currently only projects are allowed. Format `projects/{project_number}`
+               Currently only projects and VPCs are allowed.
+               Project format: `projects/{projectNumber}`
+               VPC network format:
+               `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
                The project may be in any Google Cloud organization, not just the
                organization that the perimeter is defined in. `*` is not allowed, the case
                of allowing all Google Cloud resources only is not supported.
@@ -2080,7 +2083,10 @@ class ServicePerimeterIngressPolicyIngressFromSource(dict):
         """
         A Google Cloud resource that is allowed to ingress the perimeter.
         Requests from these resources will be allowed to access perimeter data.
-        Currently only projects are allowed. Format `projects/{project_number}`
+        Currently only projects and VPCs are allowed.
+        Project format: `projects/{projectNumber}`
+        VPC network format:
+        `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.
         The project may be in any Google Cloud organization, not just the
         organization that the perimeter is defined in. `*` is not allowed, the case
         of allowing all Google Cloud resources only is not supported.

pulumi_gcp/apigateway/api_config_iam_binding.py

@@ -347,6 +347,25 @@ class ApiConfigIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway ApiConfig
+        Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:
+
+        * `apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.
+        * `apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.
+        * `apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig
+
+        > **Note:** `apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `apigateway.ApiConfigIamBinding` and `apigateway.ApiConfigIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy
 
         ```python
@@ -511,6 +530,25 @@ class ApiConfigIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway ApiConfig
+        Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:
+
+        * `apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.
+        * `apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.
+        * `apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig
+
+        > **Note:** `apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `apigateway.ApiConfigIamBinding` and `apigateway.ApiConfigIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy
 
         ```python

pulumi_gcp/apigateway/api_config_iam_member.py

@@ -347,6 +347,25 @@ class ApiConfigIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway ApiConfig
+        Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:
+
+        * `apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.
+        * `apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.
+        * `apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig
+
+        > **Note:** `apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `apigateway.ApiConfigIamBinding` and `apigateway.ApiConfigIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy
 
         ```python
@@ -511,6 +530,25 @@ class ApiConfigIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway ApiConfig
+        Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:
+
+        * `apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.
+        * `apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.
+        * `apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig
+
+        > **Note:** `apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `apigateway.ApiConfigIamBinding` and `apigateway.ApiConfigIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy
 
         ```python

pulumi_gcp/apigateway/api_config_iam_policy.py

@@ -244,6 +244,25 @@ class ApiConfigIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway ApiConfig
+        Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:
+
+        * `apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.
+        * `apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.
+        * `apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig
+
+        > **Note:** `apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `apigateway.ApiConfigIamBinding` and `apigateway.ApiConfigIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy
 
         ```python
@@ -396,6 +415,25 @@ class ApiConfigIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway ApiConfig
+        Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:
+
+        * `apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.
+        * `apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.
+        * `apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig
+
+        > **Note:** `apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `apigateway.ApiConfigIamBinding` and `apigateway.ApiConfigIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy
 
         ```python

pulumi_gcp/apigateway/api_iam_binding.py

@@ -311,6 +311,25 @@ class ApiIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway Api
+        Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:
+
+        * `apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.
+        * `apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.
+        * `apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api
+
+        > **Note:** `apigateway.ApiIamPolicy` **cannot** be used in conjunction with `apigateway.ApiIamBinding` and `apigateway.ApiIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiIamBinding` resources **can be** used in conjunction with `apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_iam\\_policy
 
         ```python
@@ -471,6 +490,25 @@ class ApiIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway Api
+        Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:
+
+        * `apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.
+        * `apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.
+        * `apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api
+
+        > **Note:** `apigateway.ApiIamPolicy` **cannot** be used in conjunction with `apigateway.ApiIamBinding` and `apigateway.ApiIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiIamBinding` resources **can be** used in conjunction with `apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_iam\\_policy
 
         ```python

pulumi_gcp/apigateway/api_iam_member.py

@@ -311,6 +311,25 @@ class ApiIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway Api
+        Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:
+
+        * `apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.
+        * `apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.
+        * `apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api
+
+        > **Note:** `apigateway.ApiIamPolicy` **cannot** be used in conjunction with `apigateway.ApiIamBinding` and `apigateway.ApiIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiIamBinding` resources **can be** used in conjunction with `apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_iam\\_policy
 
         ```python
@@ -471,6 +490,25 @@ class ApiIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for API Gateway Api
+        Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:
+
+        * `apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.
+        * `apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.
+        * `apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api
+
+        > **Note:** `apigateway.ApiIamPolicy` **cannot** be used in conjunction with `apigateway.ApiIamBinding` and `apigateway.ApiIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `apigateway.ApiIamBinding` resources **can be** used in conjunction with `apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_api\\_gateway\\_api\\_iam\\_policy
 
         ```python