pulumi-gcp 7.36.0__py3-none-any.whl → 7.36.0a1723105270__py3-none-any.whl

pulumi_gcp/iap/web_type_app_enging_iam_member.py

@@ -388,27 +388,6 @@ class WebTypeAppEngingIamMember(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeAppEngine
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
-
-        * `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
-        * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
-        * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
-
-        > **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeAppEngingIamPolicy
 
         ```python
@@ -684,27 +663,6 @@ class WebTypeAppEngingIamMember(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeAppEngine
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
-
-        * `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
-        * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
-        * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
-
-        > **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeAppEngingIamPolicy
 
         ```python

pulumi_gcp/iap/web_type_app_enging_iam_policy.py

@@ -273,27 +273,6 @@ class WebTypeAppEngingIamPolicy(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeAppEngine
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
-
-        * `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
-        * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
-        * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
-
-        > **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeAppEngingIamPolicy
 
         ```python
@@ -555,27 +534,6 @@ class WebTypeAppEngingIamPolicy(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeAppEngine
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:
-
-        * `iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.
-        * `iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.
-        * `iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine
-
-        > **Note:** `iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `iap.WebTypeAppEngingIamBinding` and `iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeAppEngingIamPolicy
 
         ```python

pulumi_gcp/iap/web_type_compute_iam_binding.py

@@ -350,27 +350,6 @@ class WebTypeComputeIamBinding(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeCompute
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
-
-        * `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
-        * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
-        * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
-
-        > **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeComputeIamPolicy
 
         ```python
@@ -631,27 +610,6 @@ class WebTypeComputeIamBinding(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeCompute
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
-
-        * `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
-        * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
-        * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
-
-        > **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeComputeIamPolicy
 
         ```python

pulumi_gcp/iap/web_type_compute_iam_member.py

@@ -350,27 +350,6 @@ class WebTypeComputeIamMember(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeCompute
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
-
-        * `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
-        * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
-        * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
-
-        > **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeComputeIamPolicy
 
         ```python
@@ -631,27 +610,6 @@ class WebTypeComputeIamMember(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeCompute
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
-
-        * `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
-        * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
-        * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
-
-        > **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeComputeIamPolicy
 
         ```python

pulumi_gcp/iap/web_type_compute_iam_policy.py

@@ -235,27 +235,6 @@ class WebTypeComputeIamPolicy(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeCompute
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
-
-        * `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
-        * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
-        * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
-
-        > **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeComputeIamPolicy
 
         ```python
@@ -502,27 +481,6 @@ class WebTypeComputeIamPolicy(pulumi.CustomResource):
             })
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Identity-Aware Proxy WebTypeCompute
-        Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:
-
-        * `iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.
-        * `iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.
-        * `iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute
-
-        > **Note:** `iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `iap.WebTypeComputeIamBinding` and `iap.WebTypeComputeIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.
-
-        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
-
         ## iap.WebTypeComputeIamPolicy
 
         ```python

pulumi_gcp/kms/key_ring_iam_binding.py

@@ -347,6 +347,47 @@ class KeyRingIAMBinding(pulumi.CustomResource):
             })
         ```
 
+        ## kms.KeyRingIAMPolicy
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+            "condition": {
+                "title": "expires_after_2019_12_31",
+                "description": "Expiring at midnight of 2019-12-31",
+                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
+            },
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
         ## kms.KeyRingIAMBinding
 
         ```python
@@ -567,6 +608,47 @@ class KeyRingIAMBinding(pulumi.CustomResource):
             })
         ```
 
+        ## kms.KeyRingIAMPolicy
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+            "condition": {
+                "title": "expires_after_2019_12_31",
+                "description": "Expiring at midnight of 2019-12-31",
+                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
+            },
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
         ## kms.KeyRingIAMBinding
 
         ```python

pulumi_gcp/kms/key_ring_iam_member.py

@@ -347,6 +347,47 @@ class KeyRingIAMMember(pulumi.CustomResource):
             })
         ```
 
+        ## kms.KeyRingIAMPolicy
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+            "condition": {
+                "title": "expires_after_2019_12_31",
+                "description": "Expiring at midnight of 2019-12-31",
+                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
+            },
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
         ## kms.KeyRingIAMBinding
 
         ```python
@@ -567,6 +608,47 @@ class KeyRingIAMMember(pulumi.CustomResource):
             })
         ```
 
+        ## kms.KeyRingIAMPolicy
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+            "condition": {
+                "title": "expires_after_2019_12_31",
+                "description": "Expiring at midnight of 2019-12-31",
+                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
+            },
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
         ## kms.KeyRingIAMBinding
 
         ```python

pulumi_gcp/kms/key_ring_iam_policy.py

@@ -244,6 +244,47 @@ class KeyRingIAMPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## kms.KeyRingIAMPolicy
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+            "condition": {
+                "title": "expires_after_2019_12_31",
+                "description": "Expiring at midnight of 2019-12-31",
+                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
+            },
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
         ## kms.KeyRingIAMBinding
 
         ```python
@@ -453,6 +494,47 @@ class KeyRingIAMPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## kms.KeyRingIAMPolicy
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
+        With IAM Conditions:
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+
+        keyring = gcp.kms.KeyRing("keyring",
+            name="keyring-example",
+            location="global")
+        admin = gcp.organizations.get_iam_policy(bindings=[{
+            "role": "roles/editor",
+            "members": ["user:jane@example.com"],
+            "condition": {
+                "title": "expires_after_2019_12_31",
+                "description": "Expiring at midnight of 2019-12-31",
+                "expression": "request.time < timestamp(\\"2020-01-01T00:00:00Z\\")",
+            },
+        }])
+        key_ring = gcp.kms.KeyRingIAMPolicy("key_ring",
+            key_ring_id=keyring.id,
+            policy_data=admin.policy_data)
+        ```
+
         ## kms.KeyRingIAMBinding
 
         ```python

pulumi_gcp/notebooks/instance_iam_binding.py

@@ -363,25 +363,6 @@ class InstanceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Cloud AI Notebooks Instance
-        Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:
-
-        * `notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
-        * `notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
-        * `notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance
-
-        > **Note:** `notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `notebooks.InstanceIamBinding` and `notebooks.InstanceIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `notebooks.InstanceIamBinding` resources **can be** used in conjunction with `notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.
-
         ## notebooks.InstanceIamPolicy
 
         ```python
@@ -554,25 +535,6 @@ class InstanceIamBinding(pulumi.CustomResource):
             member="user:jane@example.com")
         ```
 
-        ## This resource supports User Project Overrides.
-
-        - 
-
-        # IAM policy for Cloud AI Notebooks Instance
-        Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:
-
-        * `notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.
-        * `notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.
-        * `notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.
-
-        A data source can be used to retrieve policy data in advent you do not need creation
-
-        * `notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance
-
-        > **Note:** `notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `notebooks.InstanceIamBinding` and `notebooks.InstanceIamMember` or they will fight over what your policy should be.
-
-        > **Note:** `notebooks.InstanceIamBinding` resources **can be** used in conjunction with `notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.
-
         ## notebooks.InstanceIamPolicy
 
         ```python