pulumi-gcp 7.35.0a1722924350__py3-none-any.whl → 7.36.0__py3-none-any.whl

pulumi_gcp/secretmanager/secret_iam_binding.py

@@ -380,6 +380,27 @@ class SecretIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secret Manager Secret
+        Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
+
+        * `secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
+        * `secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
+        * `secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
+
+        > **Note:** `secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `secretmanager.SecretIamBinding` and `secretmanager.SecretIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `secretmanager.SecretIamBinding` resources **can be** used in conjunction with `secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## secretmanager.SecretIamPolicy
 
         ```python
@@ -654,6 +675,27 @@ class SecretIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secret Manager Secret
+        Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
+
+        * `secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
+        * `secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
+        * `secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
+
+        > **Note:** `secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `secretmanager.SecretIamBinding` and `secretmanager.SecretIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `secretmanager.SecretIamBinding` resources **can be** used in conjunction with `secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## secretmanager.SecretIamPolicy
 
         ```python

pulumi_gcp/secretmanager/secret_iam_member.py

@@ -380,6 +380,27 @@ class SecretIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secret Manager Secret
+        Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
+
+        * `secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
+        * `secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
+        * `secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
+
+        > **Note:** `secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `secretmanager.SecretIamBinding` and `secretmanager.SecretIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `secretmanager.SecretIamBinding` resources **can be** used in conjunction with `secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## secretmanager.SecretIamPolicy
 
         ```python
@@ -654,6 +675,27 @@ class SecretIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secret Manager Secret
+        Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
+
+        * `secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
+        * `secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
+        * `secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
+
+        > **Note:** `secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `secretmanager.SecretIamBinding` and `secretmanager.SecretIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `secretmanager.SecretIamBinding` resources **can be** used in conjunction with `secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## secretmanager.SecretIamPolicy
 
         ```python

pulumi_gcp/secretmanager/secret_iam_policy.py

@@ -265,6 +265,27 @@ class SecretIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secret Manager Secret
+        Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
+
+        * `secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
+        * `secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
+        * `secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
+
+        > **Note:** `secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `secretmanager.SecretIamBinding` and `secretmanager.SecretIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `secretmanager.SecretIamBinding` resources **can be** used in conjunction with `secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## secretmanager.SecretIamPolicy
 
         ```python
@@ -525,6 +546,27 @@ class SecretIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secret Manager Secret
+        Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:
+
+        * `secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.
+        * `secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.
+        * `secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret
+
+        > **Note:** `secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `secretmanager.SecretIamBinding` and `secretmanager.SecretIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `secretmanager.SecretIamBinding` resources **can be** used in conjunction with `secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## secretmanager.SecretIamPolicy
 
         ```python

pulumi_gcp/securesourcemanager/repository_iam_binding.py

@@ -371,6 +371,25 @@ class RepositoryIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secure Source Manager Repository
+        Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:
+
+        * `securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.
+        * `securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.
+        * `securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository
+
+        > **Note:** `securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `securesourcemanager.RepositoryIamBinding` and `securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## securesourcemanager.RepositoryIamPolicy
 
         ```python
@@ -545,6 +564,25 @@ class RepositoryIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secure Source Manager Repository
+        Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:
+
+        * `securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.
+        * `securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.
+        * `securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository
+
+        > **Note:** `securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `securesourcemanager.RepositoryIamBinding` and `securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## securesourcemanager.RepositoryIamPolicy
 
         ```python

pulumi_gcp/securesourcemanager/repository_iam_member.py

@@ -371,6 +371,25 @@ class RepositoryIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secure Source Manager Repository
+        Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:
+
+        * `securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.
+        * `securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.
+        * `securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository
+
+        > **Note:** `securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `securesourcemanager.RepositoryIamBinding` and `securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## securesourcemanager.RepositoryIamPolicy
 
         ```python
@@ -545,6 +564,25 @@ class RepositoryIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secure Source Manager Repository
+        Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:
+
+        * `securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.
+        * `securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.
+        * `securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository
+
+        > **Note:** `securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `securesourcemanager.RepositoryIamBinding` and `securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## securesourcemanager.RepositoryIamPolicy
 
         ```python

pulumi_gcp/securesourcemanager/repository_iam_policy.py

@@ -268,6 +268,25 @@ class RepositoryIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secure Source Manager Repository
+        Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:
+
+        * `securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.
+        * `securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.
+        * `securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository
+
+        > **Note:** `securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `securesourcemanager.RepositoryIamBinding` and `securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## securesourcemanager.RepositoryIamPolicy
 
         ```python
@@ -430,6 +449,25 @@ class RepositoryIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Secure Source Manager Repository
+        Three different resources help you manage your IAM policy for Secure Source Manager Repository. Each of these resources serves a different use case:
+
+        * `securesourcemanager.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.
+        * `securesourcemanager.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.
+        * `securesourcemanager.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `securesourcemanager.RepositoryIamPolicy`: Retrieves the IAM policy for the repository
+
+        > **Note:** `securesourcemanager.RepositoryIamPolicy` **cannot** be used in conjunction with `securesourcemanager.RepositoryIamBinding` and `securesourcemanager.RepositoryIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `securesourcemanager.RepositoryIamBinding` resources **can be** used in conjunction with `securesourcemanager.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## securesourcemanager.RepositoryIamPolicy
 
         ```python

pulumi_gcp/serviceaccount/get_account.py

@@ -155,9 +155,9 @@ def get_account(account_id: Optional[str] = None,
     myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
     mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
     google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
-        metadata=kubernetes.meta.v1.ObjectMetaArgs(
-            name="google-application-credentials",
-        ),
+        metadata={
+            "name": "google-application-credentials",
+        },
         data={
             "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
         })
@@ -220,9 +220,9 @@ def get_account_output(account_id: Optional[pulumi.Input[str]] = None,
     myaccount = gcp.serviceaccount.get_account(account_id="myaccount-id")
     mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
     google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
-        metadata=kubernetes.meta.v1.ObjectMetaArgs(
-            name="google-application-credentials",
-        ),
+        metadata={
+            "name": "google-application-credentials",
+        },
         data={
             "json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
         })

pulumi_gcp/serviceaccount/key.py

@@ -402,9 +402,9 @@ class Key(pulumi.CustomResource):
             display_name="My Service Account")
         mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
         google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
-            metadata=kubernetes.meta.v1.ObjectMetaArgs(
-                name="google-application-credentials",
-            ),
+            metadata={
+                "name": "google-application-credentials",
+            },
             data={
                 "credentials.json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
             })
@@ -488,9 +488,9 @@ class Key(pulumi.CustomResource):
             display_name="My Service Account")
         mykey = gcp.serviceaccount.Key("mykey", service_account_id=myaccount.name)
         google_application_credentials = kubernetes.core.v1.Secret("google-application-credentials",
-            metadata=kubernetes.meta.v1.ObjectMetaArgs(
-                name="google-application-credentials",
-            ),
+            metadata={
+                "name": "google-application-credentials",
+            },
             data={
                 "credentials.json": std.base64decode_output(input=mykey.private_key).apply(lambda invoke: invoke.result),
             })

pulumi_gcp/servicedirectory/namespace_iam_binding.py

@@ -280,6 +280,26 @@ class NamespaceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Namespace
+        Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:
+
+        * `servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.
+        * `servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.
+        * `servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace
+
+        > **Note:** `servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `servicedirectory.NamespaceIamBinding` and `servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_namespace\\_iam\\_policy
 
         ```python
@@ -433,6 +453,26 @@ class NamespaceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Namespace
+        Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:
+
+        * `servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.
+        * `servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.
+        * `servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace
+
+        > **Note:** `servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `servicedirectory.NamespaceIamBinding` and `servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_namespace\\_iam\\_policy
 
         ```python

pulumi_gcp/servicedirectory/namespace_iam_member.py

@@ -280,6 +280,26 @@ class NamespaceIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Namespace
+        Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:
+
+        * `servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.
+        * `servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.
+        * `servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace
+
+        > **Note:** `servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `servicedirectory.NamespaceIamBinding` and `servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_namespace\\_iam\\_policy
 
         ```python
@@ -433,6 +453,26 @@ class NamespaceIamMember(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Namespace
+        Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:
+
+        * `servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.
+        * `servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.
+        * `servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace
+
+        > **Note:** `servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `servicedirectory.NamespaceIamBinding` and `servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_namespace\\_iam\\_policy
 
         ```python

pulumi_gcp/servicedirectory/namespace_iam_policy.py

@@ -177,6 +177,26 @@ class NamespaceIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Namespace
+        Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:
+
+        * `servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.
+        * `servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.
+        * `servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace
+
+        > **Note:** `servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `servicedirectory.NamespaceIamBinding` and `servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_namespace\\_iam\\_policy
 
         ```python
@@ -318,6 +338,26 @@ class NamespaceIamPolicy(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Namespace
+        Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:
+
+        * `servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.
+        * `servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.
+        * `servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace
+
+        > **Note:** `servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `servicedirectory.NamespaceIamBinding` and `servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_namespace\\_iam\\_policy
 
         ```python

pulumi_gcp/servicedirectory/service_iam_binding.py

@@ -280,6 +280,26 @@ class ServiceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Service
+        Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:
+
+        * `servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `servicedirectory.ServiceIamBinding` and `servicedirectory.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_service\\_iam\\_policy
 
         ```python
@@ -433,6 +453,26 @@ class ServiceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
+        ## > **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the
+
+        full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.
+        ---
+
+        # IAM policy for Service Directory Service
+        Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:
+
+        * `servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.
+        * `servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.
+        * `servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service
+
+        > **Note:** `servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `servicedirectory.ServiceIamBinding` and `servicedirectory.ServiceIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.
+
         ## google\\_service\\_directory\\_service\\_iam\\_policy
 
         ```python