pulumi-gcp 7.35.0a1722924350__py3-none-any.whl → 7.36.0__py3-none-any.whl

pulumi_gcp/dataproc/metastore_federation_iam_policy.py

@@ -256,6 +256,25 @@ class MetastoreFederationIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Federation
+        Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.
+        * `dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.
+        * `dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation
+
+        > **Note:** `dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreFederationIamBinding` and `dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreFederationIamPolicy
 
         ```python
@@ -416,6 +435,25 @@ class MetastoreFederationIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Federation
+        Three different resources help you manage your IAM policy for Dataproc metastore Federation. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreFederationIamPolicy`: Authoritative. Sets the IAM policy for the federation and replaces any existing policy already attached.
+        * `dataproc.MetastoreFederationIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the federation are preserved.
+        * `dataproc.MetastoreFederationIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the federation are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreFederationIamPolicy`: Retrieves the IAM policy for the federation
+
+        > **Note:** `dataproc.MetastoreFederationIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreFederationIamBinding` and `dataproc.MetastoreFederationIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreFederationIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreFederationIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreFederationIamPolicy
 
         ```python

pulumi_gcp/dataproc/metastore_service_iam_binding.py

@@ -363,6 +363,25 @@ class MetastoreServiceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Service
+        Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreServiceIamBinding` and `dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreServiceIamPolicy
 
         ```python
@@ -536,6 +555,25 @@ class MetastoreServiceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Service
+        Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreServiceIamBinding` and `dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreServiceIamPolicy
 
         ```python

pulumi_gcp/dataproc/metastore_service_iam_member.py

@@ -363,6 +363,25 @@ class MetastoreServiceIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Service
+        Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreServiceIamBinding` and `dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreServiceIamPolicy
 
         ```python
@@ -536,6 +555,25 @@ class MetastoreServiceIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Service
+        Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreServiceIamBinding` and `dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreServiceIamPolicy
 
         ```python

pulumi_gcp/dataproc/metastore_service_iam_policy.py

@@ -260,6 +260,25 @@ class MetastoreServiceIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Service
+        Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreServiceIamBinding` and `dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreServiceIamPolicy
 
         ```python
@@ -421,6 +440,25 @@ class MetastoreServiceIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Dataproc metastore Service
+        Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:
+
+        * `dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `dataproc.MetastoreServiceIamBinding` and `dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dataproc.MetastoreServiceIamPolicy
 
         ```python

pulumi_gcp/dns/dns_managed_zone_iam_binding.py

@@ -319,6 +319,25 @@ class DnsManagedZoneIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Cloud DNS ManagedZone
+        Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:
+
+        * `dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.
+        * `dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.
+        * `dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone
+
+        > **Note:** `dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `dns.DnsManagedZoneIamBinding` and `dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dns.DnsManagedZoneIamPolicy
 
         ```python
@@ -480,6 +499,25 @@ class DnsManagedZoneIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Cloud DNS ManagedZone
+        Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:
+
+        * `dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.
+        * `dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.
+        * `dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone
+
+        > **Note:** `dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `dns.DnsManagedZoneIamBinding` and `dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dns.DnsManagedZoneIamPolicy
 
         ```python

pulumi_gcp/dns/dns_managed_zone_iam_member.py

@@ -319,6 +319,25 @@ class DnsManagedZoneIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Cloud DNS ManagedZone
+        Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:
+
+        * `dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.
+        * `dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.
+        * `dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone
+
+        > **Note:** `dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `dns.DnsManagedZoneIamBinding` and `dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dns.DnsManagedZoneIamPolicy
 
         ```python
@@ -480,6 +499,25 @@ class DnsManagedZoneIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Cloud DNS ManagedZone
+        Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:
+
+        * `dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.
+        * `dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.
+        * `dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone
+
+        > **Note:** `dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `dns.DnsManagedZoneIamBinding` and `dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dns.DnsManagedZoneIamPolicy
 
         ```python

pulumi_gcp/dns/dns_managed_zone_iam_policy.py

@@ -216,6 +216,25 @@ class DnsManagedZoneIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Cloud DNS ManagedZone
+        Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:
+
+        * `dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.
+        * `dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.
+        * `dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone
+
+        > **Note:** `dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `dns.DnsManagedZoneIamBinding` and `dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dns.DnsManagedZoneIamPolicy
 
         ```python
@@ -365,6 +384,25 @@ class DnsManagedZoneIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Cloud DNS ManagedZone
+        Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:
+
+        * `dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.
+        * `dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.
+        * `dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone
+
+        > **Note:** `dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `dns.DnsManagedZoneIamBinding` and `dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## dns.DnsManagedZoneIamPolicy
 
         ```python

pulumi_gcp/endpoints/service_iam_binding.py

@@ -271,6 +271,26 @@ class ServiceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Cloud Endpoints Service
+        Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:
+
+        * `endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `endpoints.ServiceIamBinding` and `endpoints.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `endpoints.ServiceIamBinding` resources **can be** used in conjunction with `endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## endpoints.ServiceIamPolicy
 
         ```python
@@ -421,6 +441,26 @@ class ServiceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Cloud Endpoints Service
+        Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:
+
+        * `endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `endpoints.ServiceIamBinding` and `endpoints.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `endpoints.ServiceIamBinding` resources **can be** used in conjunction with `endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## endpoints.ServiceIamPolicy
 
         ```python

pulumi_gcp/endpoints/service_iam_member.py

@@ -271,6 +271,26 @@ class ServiceIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Cloud Endpoints Service
+        Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:
+
+        * `endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `endpoints.ServiceIamBinding` and `endpoints.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `endpoints.ServiceIamBinding` resources **can be** used in conjunction with `endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## endpoints.ServiceIamPolicy
 
         ```python
@@ -421,6 +441,26 @@ class ServiceIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Cloud Endpoints Service
+        Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:
+
+        * `endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `endpoints.ServiceIamBinding` and `endpoints.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `endpoints.ServiceIamBinding` resources **can be** used in conjunction with `endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## endpoints.ServiceIamPolicy
 
         ```python

pulumi_gcp/endpoints/service_iam_policy.py

@@ -168,6 +168,26 @@ class ServiceIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Cloud Endpoints Service
+        Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:
+
+        * `endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `endpoints.ServiceIamBinding` and `endpoints.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `endpoints.ServiceIamBinding` resources **can be** used in conjunction with `endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## endpoints.ServiceIamPolicy
 
         ```python
@@ -306,6 +326,26 @@ class ServiceIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Cloud Endpoints Service
+        Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:
+
+        * `endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `endpoints.ServiceIamBinding` and `endpoints.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `endpoints.ServiceIamBinding` resources **can be** used in conjunction with `endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## endpoints.ServiceIamPolicy
 
         ```python

pulumi_gcp/firebase/project.py

@@ -117,7 +117,11 @@ class Project(pulumi.CustomResource):
 
         * [API documentation](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects)
         * How-to Guides
-            * [Official Documentation](https://firebase.google.com/)
+            * Official Documentation
+
+        > **Note:** This resource should usually be used with a provider configuration
+        with `user_project_override = true` unless you wish for your quota
+        project to be different from the Firebase project.
 
         ## Example Usage
 
@@ -176,7 +180,11 @@ class Project(pulumi.CustomResource):
 
         * [API documentation](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects)
         * How-to Guides
-            * [Official Documentation](https://firebase.google.com/)
+            * Official Documentation
+
+        > **Note:** This resource should usually be used with a provider configuration
+        with `user_project_override = true` unless you wish for your quota
+        project to be different from the Firebase project.
 
         ## Example Usage
 

pulumi_gcp/folder/iam_audit_config.py

@@ -288,49 +288,6 @@ class IamAuditConfig(pulumi.CustomResource):
             ])
         ```
 
-        ## folder.IAMPolicy
-
-        !> **Be careful!** You can accidentally lock yourself out of your folder
-           using this resource. Deleting a `folder.IAMPolicy` removes access
-           from anyone without permissions on its parent folder/organization. Proceed with caution.
-           It's not recommended to use `folder.IAMPolicy` with your provider folder
-           to avoid locking yourself out, and it should generally only be used with folders
-           fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
-           applying the change.
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        admin = gcp.organizations.get_iam_policy(bindings=[{
-            "role": "roles/editor",
-            "members": ["user:jane@example.com"],
-        }])
-        folder = gcp.folder.IAMPolicy("folder",
-            folder="folders/1234567",
-            policy_data=admin.policy_data)
-        ```
-
-        With IAM Conditions:
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        admin = gcp.organizations.get_iam_policy(bindings=[{
-            "role": "roles/compute.admin",
-            "members": ["user:jane@example.com"],
-            "condition": {
-                "title": "expires_after_2019_12_31",
-                "description": "Expiring at midnight of 2019-12-31",
-                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
-            },
-        }])
-        folder = gcp.folder.IAMPolicy("folder",
-            folder="folders/1234567",
-            policy_data=admin.policy_data)
-        ```
-
         ## folder.IAMBinding
 
         ```python
@@ -583,49 +540,6 @@ class IamAuditConfig(pulumi.CustomResource):
             ])
         ```
 
-        ## folder.IAMPolicy
-
-        !> **Be careful!** You can accidentally lock yourself out of your folder
-           using this resource. Deleting a `folder.IAMPolicy` removes access
-           from anyone without permissions on its parent folder/organization. Proceed with caution.
-           It's not recommended to use `folder.IAMPolicy` with your provider folder
-           to avoid locking yourself out, and it should generally only be used with folders
-           fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before
-           applying the change.
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        admin = gcp.organizations.get_iam_policy(bindings=[{
-            "role": "roles/editor",
-            "members": ["user:jane@example.com"],
-        }])
-        folder = gcp.folder.IAMPolicy("folder",
-            folder="folders/1234567",
-            policy_data=admin.policy_data)
-        ```
-
-        With IAM Conditions:
-
-        ```python
-        import pulumi
-        import pulumi_gcp as gcp
-
-        admin = gcp.organizations.get_iam_policy(bindings=[{
-            "role": "roles/compute.admin",
-            "members": ["user:jane@example.com"],
-            "condition": {
-                "title": "expires_after_2019_12_31",
-                "description": "Expiring at midnight of 2019-12-31",
-                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
-            },
-        }])
-        folder = gcp.folder.IAMPolicy("folder",
-            folder="folders/1234567",
-            policy_data=admin.policy_data)
-        ```
-
         ## folder.IAMBinding
 
         ```python