pulumi-gcp 7.36.0a1723105270__py3-none-any.whl → 7.36.0a1723631483__py3-none-any.whl

pulumi_gcp/iap/app_engine_version_iam_binding.py

@@ -464,6 +464,27 @@ class AppEngineVersionIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy AppEngineVersion
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
+
+        * `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
+        * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
+        * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
+
+        > **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.AppEngineVersionIamPolicy
 
         ```python
@@ -767,6 +788,27 @@ class AppEngineVersionIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy AppEngineVersion
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
+
+        * `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
+        * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
+        * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
+
+        > **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.AppEngineVersionIamPolicy
 
         ```python

pulumi_gcp/iap/app_engine_version_iam_member.py

@@ -464,6 +464,27 @@ class AppEngineVersionIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy AppEngineVersion
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
+
+        * `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
+        * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
+        * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
+
+        > **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.AppEngineVersionIamPolicy
 
         ```python
@@ -767,6 +788,27 @@ class AppEngineVersionIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy AppEngineVersion
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
+
+        * `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
+        * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
+        * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
+
+        > **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.AppEngineVersionIamPolicy
 
         ```python

pulumi_gcp/iap/app_engine_version_iam_policy.py

@@ -349,6 +349,27 @@ class AppEngineVersionIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy AppEngineVersion
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
+
+        * `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
+        * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
+        * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
+
+        > **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.AppEngineVersionIamPolicy
 
         ```python
@@ -638,6 +659,27 @@ class AppEngineVersionIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy AppEngineVersion
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:
+
+        * `iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.
+        * `iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.
+        * `iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion
+
+        > **Note:** `iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `iap.AppEngineVersionIamBinding` and `iap.AppEngineVersionIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.AppEngineVersionIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_dest_group_iam_binding.py

@@ -431,6 +431,27 @@ class TunnelDestGroupIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelDestGroup
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:
+
+        * `iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.
+        * `iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.
+        * `iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup
+
+        > **Note:** `iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `iap.TunnelDestGroupIamBinding` and `iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelDestGroupIamPolicy
 
         ```python
@@ -725,6 +746,27 @@ class TunnelDestGroupIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelDestGroup
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:
+
+        * `iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.
+        * `iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.
+        * `iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup
+
+        > **Note:** `iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `iap.TunnelDestGroupIamBinding` and `iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelDestGroupIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_dest_group_iam_member.py

@@ -431,6 +431,27 @@ class TunnelDestGroupIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelDestGroup
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:
+
+        * `iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.
+        * `iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.
+        * `iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup
+
+        > **Note:** `iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `iap.TunnelDestGroupIamBinding` and `iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelDestGroupIamPolicy
 
         ```python
@@ -725,6 +746,27 @@ class TunnelDestGroupIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelDestGroup
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:
+
+        * `iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.
+        * `iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.
+        * `iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup
+
+        > **Note:** `iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `iap.TunnelDestGroupIamBinding` and `iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelDestGroupIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_dest_group_iam_policy.py

@@ -316,6 +316,27 @@ class TunnelDestGroupIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelDestGroup
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:
+
+        * `iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.
+        * `iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.
+        * `iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup
+
+        > **Note:** `iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `iap.TunnelDestGroupIamBinding` and `iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelDestGroupIamPolicy
 
         ```python
@@ -596,6 +617,27 @@ class TunnelDestGroupIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelDestGroup
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:
+
+        * `iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.
+        * `iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.
+        * `iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup
+
+        > **Note:** `iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `iap.TunnelDestGroupIamBinding` and `iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelDestGroupIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_iam_binding.py

@@ -350,6 +350,27 @@ class TunnelIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy Tunnel
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
+
+        * `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.
+        * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.
+        * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
+
+        > **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelIamPolicy
 
         ```python
@@ -610,6 +631,27 @@ class TunnelIamBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy Tunnel
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
+
+        * `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.
+        * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.
+        * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
+
+        > **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_iam_member.py

@@ -350,6 +350,27 @@ class TunnelIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy Tunnel
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
+
+        * `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.
+        * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.
+        * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
+
+        > **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelIamPolicy
 
         ```python
@@ -610,6 +631,27 @@ class TunnelIamMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy Tunnel
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
+
+        * `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.
+        * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.
+        * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
+
+        > **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_iam_policy.py

@@ -235,6 +235,27 @@ class TunnelIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy Tunnel
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
+
+        * `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.
+        * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.
+        * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
+
+        > **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelIamPolicy
 
         ```python
@@ -481,6 +502,27 @@ class TunnelIamPolicy(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy Tunnel
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:
+
+        * `iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.
+        * `iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.
+        * `iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel
+
+        > **Note:** `iap.TunnelIamPolicy` **cannot** be used in conjunction with `iap.TunnelIamBinding` and `iap.TunnelIamMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelIamBinding` resources **can be** used in conjunction with `iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelIamPolicy
 
         ```python

pulumi_gcp/iap/tunnel_instance_iam_binding.py

@@ -419,6 +419,27 @@ class TunnelInstanceIAMBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelInstance
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
+
+        * `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
+        * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
+        * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
+
+        > **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelInstanceIAMPolicy
 
         ```python
@@ -710,6 +731,27 @@ class TunnelInstanceIAMBinding(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelInstance
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
+
+        * `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
+        * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
+        * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
+
+        > **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelInstanceIAMPolicy
 
         ```python

pulumi_gcp/iap/tunnel_instance_iam_member.py

@@ -419,6 +419,27 @@ class TunnelInstanceIAMMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelInstance
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
+
+        * `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
+        * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
+        * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
+
+        > **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelInstanceIAMPolicy
 
         ```python
@@ -710,6 +731,27 @@ class TunnelInstanceIAMMember(pulumi.CustomResource):
             })
         ```
 
+        ## This resource supports User Project Overrides.
+
+        - 
+
+        # IAM policy for Identity-Aware Proxy TunnelInstance
+        Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:
+
+        * `iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.
+        * `iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.
+        * `iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.
+
+        A data source can be used to retrieve policy data in advent you do not need creation
+
+        * `iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance
+
+        > **Note:** `iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `iap.TunnelInstanceIAMBinding` and `iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.
+
+        > **Note:** `iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.
+
+        > **Note:**  This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.
+
         ## iap.TunnelInstanceIAMPolicy
 
         ```python