PyPI - pulumi-gcp - Versions diffs - 8.11.0a1734348982__py3-none-any.whl → 8.12.0__py3-none-any.whl - Mend

pulumi-gcp 8.11.0a1734348982py3-none-any.whl → 8.12.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (168) hide show

pulumi_gcp/__init__.py +123 -0
pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_egress_policy.py +6 -0
pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_ingress_policy.py +6 -0
pulumi_gcp/accesscontextmanager/service_perimeter_egress_policy.py +6 -0
pulumi_gcp/accesscontextmanager/service_perimeter_ingress_policy.py +6 -0
pulumi_gcp/apigee/app_group.py +7 -7
pulumi_gcp/applicationintegration/client.py +8 -6
pulumi_gcp/artifactregistry/_inputs.py +24 -15
pulumi_gcp/artifactregistry/get_repository_iam_policy.py +12 -4
pulumi_gcp/artifactregistry/outputs.py +32 -20
pulumi_gcp/artifactregistry/repository.py +214 -39
pulumi_gcp/artifactregistry/repository_iam_binding.py +42 -14
pulumi_gcp/artifactregistry/repository_iam_member.py +42 -14
pulumi_gcp/artifactregistry/repository_iam_policy.py +42 -14
pulumi_gcp/assuredworkloads/workload.py +7 -7
pulumi_gcp/backupdisasterrecovery/__init__.py +2 -0
pulumi_gcp/backupdisasterrecovery/backup_plan.py +2 -2
pulumi_gcp/backupdisasterrecovery/backup_vault.py +12 -8
pulumi_gcp/backupdisasterrecovery/get_backup.py +153 -0
pulumi_gcp/backupdisasterrecovery/get_backup_vault.py +415 -0
pulumi_gcp/backupdisasterrecovery/outputs.py +63 -0
pulumi_gcp/bigquery/app_profile.py +75 -0
pulumi_gcp/billing/_inputs.py +6 -6
pulumi_gcp/billing/outputs.py +4 -4
pulumi_gcp/certificateauthority/_inputs.py +9 -9
pulumi_gcp/certificateauthority/outputs.py +8 -8
pulumi_gcp/cloudbuild/_inputs.py +53 -0
pulumi_gcp/cloudbuild/outputs.py +50 -0
pulumi_gcp/cloudbuild/worker_pool.py +47 -0
pulumi_gcp/clouddeploy/_inputs.py +254 -0
pulumi_gcp/clouddeploy/outputs.py +211 -0
pulumi_gcp/clouddeploy/target.py +47 -0
pulumi_gcp/cloudfunctionsv2/_inputs.py +6 -6
pulumi_gcp/cloudfunctionsv2/outputs.py +8 -8
pulumi_gcp/cloudrunv2/job.py +4 -4
pulumi_gcp/cloudrunv2/service.py +4 -4
pulumi_gcp/composer/get_user_workloads_config_map.py +4 -0
pulumi_gcp/composer/get_user_workloads_secret.py +4 -0
pulumi_gcp/composer/user_workloads_config_map.py +14 -0
pulumi_gcp/composer/user_workloads_secret.py +6 -0
pulumi_gcp/compute/_inputs.py +566 -25
pulumi_gcp/compute/disk.py +21 -7
pulumi_gcp/compute/firewall_policy_rule.py +12 -0
pulumi_gcp/compute/get_forwarding_rules.py +2 -2
pulumi_gcp/compute/get_global_forwarding_rule.py +23 -1
pulumi_gcp/compute/get_instance_group_manager.py +12 -1
pulumi_gcp/compute/get_network.py +35 -1
pulumi_gcp/compute/get_region_instance_group_manager.py +12 -1
pulumi_gcp/compute/get_region_network_endpoint_group.py +12 -1
pulumi_gcp/compute/global_forwarding_rule.py +142 -2
pulumi_gcp/compute/instance_group_manager.py +28 -0
pulumi_gcp/compute/network.py +75 -0
pulumi_gcp/compute/outputs.py +655 -26
pulumi_gcp/compute/project_cloud_armor_tier.py +7 -7
pulumi_gcp/compute/region_health_check.py +28 -0
pulumi_gcp/compute/region_instance_group_manager.py +28 -0
pulumi_gcp/compute/region_network_endpoint.py +28 -0
pulumi_gcp/compute/region_network_endpoint_group.py +70 -2
pulumi_gcp/compute/subnetwork.py +30 -2
pulumi_gcp/compute/url_map.py +7 -7
pulumi_gcp/config/__init__.pyi +2 -0
pulumi_gcp/config/vars.py +4 -0
pulumi_gcp/container/_inputs.py +201 -3
pulumi_gcp/container/cluster.py +68 -14
pulumi_gcp/container/get_cluster.py +12 -1
pulumi_gcp/container/outputs.py +249 -3
pulumi_gcp/dataproc/_inputs.py +209 -1
pulumi_gcp/dataproc/batch.py +76 -0
pulumi_gcp/dataproc/outputs.py +169 -3
pulumi_gcp/diagflow/_inputs.py +3 -3
pulumi_gcp/diagflow/outputs.py +2 -2
pulumi_gcp/discoveryengine/search_engine.py +7 -7
pulumi_gcp/firebase/_inputs.py +99 -0
pulumi_gcp/firebase/database_instance.py +24 -6
pulumi_gcp/firebase/hosting_version.py +96 -0
pulumi_gcp/firebase/outputs.py +59 -0
pulumi_gcp/firebase/project.py +6 -6
pulumi_gcp/firebaserules/release.py +76 -0
pulumi_gcp/firestore/field.py +4 -4
pulumi_gcp/gemini/__init__.py +15 -0
pulumi_gcp/gemini/_inputs.py +183 -0
pulumi_gcp/gemini/code_repository_index.py +659 -0
pulumi_gcp/gemini/get_repository_group_iam_policy.py +171 -0
pulumi_gcp/gemini/outputs.py +130 -0
pulumi_gcp/gemini/repository_group.py +586 -0
pulumi_gcp/gemini/repository_group_iam_binding.py +604 -0
pulumi_gcp/gemini/repository_group_iam_member.py +604 -0
pulumi_gcp/gemini/repository_group_iam_policy.py +443 -0
pulumi_gcp/gkehub/_inputs.py +30 -10
pulumi_gcp/gkehub/membership_binding.py +6 -6
pulumi_gcp/gkehub/membership_rbac_role_binding.py +4 -4
pulumi_gcp/gkehub/namespace.py +4 -4
pulumi_gcp/gkehub/outputs.py +21 -7
pulumi_gcp/gkehub/scope_rbac_role_binding.py +4 -4
pulumi_gcp/iam/__init__.py +1 -0
pulumi_gcp/iam/_inputs.py +137 -0
pulumi_gcp/iam/folders_policy_binding.py +16 -0
pulumi_gcp/iam/organizations_policy_binding.py +16 -0
pulumi_gcp/iam/outputs.py +99 -0
pulumi_gcp/iam/principal_access_boundary_policy.py +16 -0
pulumi_gcp/iam/projects_policy_binding.py +917 -0
pulumi_gcp/iap/tunnel_dest_group.py +2 -2
pulumi_gcp/identityplatform/_inputs.py +6 -6
pulumi_gcp/identityplatform/config.py +2 -2
pulumi_gcp/identityplatform/outputs.py +4 -4
pulumi_gcp/integrationconnectors/_inputs.py +15 -15
pulumi_gcp/integrationconnectors/managed_zone.py +8 -8
pulumi_gcp/integrationconnectors/outputs.py +10 -10
pulumi_gcp/looker/instance.py +35 -14
pulumi_gcp/monitoring/_inputs.py +13 -6
pulumi_gcp/monitoring/outputs.py +10 -4
pulumi_gcp/netapp/_inputs.py +3 -3
pulumi_gcp/netapp/active_directory.py +7 -7
pulumi_gcp/netapp/outputs.py +2 -2
pulumi_gcp/netapp/volume.py +11 -11
pulumi_gcp/networkconnectivity/_inputs.py +10 -12
pulumi_gcp/networkconnectivity/outputs.py +6 -8
pulumi_gcp/networkconnectivity/spoke.py +10 -10
pulumi_gcp/networksecurity/__init__.py +7 -0
pulumi_gcp/networksecurity/_inputs.py +2018 -0
pulumi_gcp/networksecurity/authz_policy.py +1008 -0
pulumi_gcp/networksecurity/intercept_deployment.py +846 -0
pulumi_gcp/networksecurity/intercept_deployment_group.py +752 -0
pulumi_gcp/networksecurity/mirroring_deployment.py +848 -0
pulumi_gcp/networksecurity/mirroring_deployment_group.py +752 -0
pulumi_gcp/networksecurity/mirroring_endpoint_group.py +737 -0
pulumi_gcp/networksecurity/mirroring_endpoint_group_association.py +840 -0
pulumi_gcp/networksecurity/outputs.py +1463 -0
pulumi_gcp/networkservices/__init__.py +1 -0
pulumi_gcp/networkservices/authz_extension.py +1080 -0
pulumi_gcp/oracledatabase/autonomous_database.py +46 -8
pulumi_gcp/oracledatabase/cloud_exadata_infrastructure.py +42 -4
pulumi_gcp/oracledatabase/cloud_vm_cluster.py +50 -8
pulumi_gcp/oracledatabase/get_autonomous_database.py +12 -1
pulumi_gcp/oracledatabase/get_cloud_exadata_infrastructure.py +12 -1
pulumi_gcp/oracledatabase/get_cloud_vm_cluster.py +12 -1
pulumi_gcp/oracledatabase/outputs.py +21 -0
pulumi_gcp/orgpolicy/_inputs.py +40 -0
pulumi_gcp/orgpolicy/outputs.py +24 -0
pulumi_gcp/orgpolicy/policy.py +66 -10
pulumi_gcp/parallelstore/instance.py +4 -0
pulumi_gcp/provider.py +20 -0
pulumi_gcp/pubsub/subscription.py +6 -6
pulumi_gcp/pulumi-plugin.json +1 -1
pulumi_gcp/redis/_inputs.py +435 -3
pulumi_gcp/redis/cluster.py +287 -16
pulumi_gcp/redis/outputs.py +304 -2
pulumi_gcp/serviceaccount/get_account_id_token.py +2 -2
pulumi_gcp/serviceaccount/get_account_key.py +2 -2
pulumi_gcp/sql/_inputs.py +3 -3
pulumi_gcp/sql/database_instance.py +14 -14
pulumi_gcp/sql/outputs.py +2 -2
pulumi_gcp/storage/_inputs.py +53 -6
pulumi_gcp/storage/get_bucket.py +2 -2
pulumi_gcp/storage/get_bucket_object_content.py +2 -2
pulumi_gcp/storage/outputs.py +33 -4
pulumi_gcp/tpu/__init__.py +1 -0
pulumi_gcp/tpu/_inputs.py +214 -24
pulumi_gcp/tpu/outputs.py +182 -16
pulumi_gcp/tpu/v2_queued_resource.py +434 -0
pulumi_gcp/tpu/v2_vm.py +63 -0
pulumi_gcp/vertex/ai_endpoint.py +4 -4
pulumi_gcp/vertex/ai_feature_online_store_featureview.py +4 -4
pulumi_gcp/vertex/ai_index_endpoint.py +2 -2
{pulumi_gcp-8.11.0a1734348982.dist-info → pulumi_gcp-8.12.0.dist-info}/METADATA +1 -1
{pulumi_gcp-8.11.0a1734348982.dist-info → pulumi_gcp-8.12.0.dist-info}/RECORD +168 -147
{pulumi_gcp-8.11.0a1734348982.dist-info → pulumi_gcp-8.12.0.dist-info}/WHEEL +0 -0
{pulumi_gcp-8.11.0a1734348982.dist-info → pulumi_gcp-8.12.0.dist-info}/top_level.txt +0 -0

pulumi_gcp/networksecurity/_inputs.py CHANGED Viewed

@@ -27,6 +27,52 @@ __all__ = [
     'AuthorizationPolicyRuleDestinationHttpHeaderMatchArgsDict',
     'AuthorizationPolicyRuleSourceArgs',
     'AuthorizationPolicyRuleSourceArgsDict',
+    'AuthzPolicyCustomProviderArgs',
+    'AuthzPolicyCustomProviderArgsDict',
+    'AuthzPolicyCustomProviderAuthzExtensionArgs',
+    'AuthzPolicyCustomProviderAuthzExtensionArgsDict',
+    'AuthzPolicyCustomProviderCloudIapArgs',
+    'AuthzPolicyCustomProviderCloudIapArgsDict',
+    'AuthzPolicyHttpRuleArgs',
+    'AuthzPolicyHttpRuleArgsDict',
+    'AuthzPolicyHttpRuleFromArgs',
+    'AuthzPolicyHttpRuleFromArgsDict',
+    'AuthzPolicyHttpRuleFromNotSourceArgs',
+    'AuthzPolicyHttpRuleFromNotSourceArgsDict',
+    'AuthzPolicyHttpRuleFromNotSourcePrincipalArgs',
+    'AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict',
+    'AuthzPolicyHttpRuleFromNotSourceResourceArgs',
+    'AuthzPolicyHttpRuleFromNotSourceResourceArgsDict',
+    'AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs',
+    'AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict',
+    'AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs',
+    'AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict',
+    'AuthzPolicyHttpRuleFromSourceArgs',
+    'AuthzPolicyHttpRuleFromSourceArgsDict',
+    'AuthzPolicyHttpRuleFromSourcePrincipalArgs',
+    'AuthzPolicyHttpRuleFromSourcePrincipalArgsDict',
+    'AuthzPolicyHttpRuleFromSourceResourceArgs',
+    'AuthzPolicyHttpRuleFromSourceResourceArgsDict',
+    'AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs',
+    'AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict',
+    'AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs',
+    'AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict',
+    'AuthzPolicyHttpRuleToArgs',
+    'AuthzPolicyHttpRuleToArgsDict',
+    'AuthzPolicyHttpRuleToOperationArgs',
+    'AuthzPolicyHttpRuleToOperationArgsDict',
+    'AuthzPolicyHttpRuleToOperationHeaderSetArgs',
+    'AuthzPolicyHttpRuleToOperationHeaderSetArgsDict',
+    'AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs',
+    'AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict',
+    'AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs',
+    'AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict',
+    'AuthzPolicyHttpRuleToOperationHostArgs',
+    'AuthzPolicyHttpRuleToOperationHostArgsDict',
+    'AuthzPolicyHttpRuleToOperationPathArgs',
+    'AuthzPolicyHttpRuleToOperationPathArgsDict',
+    'AuthzPolicyTargetArgs',
+    'AuthzPolicyTargetArgsDict',
     'ClientTlsPolicyClientCertificateArgs',
     'ClientTlsPolicyClientCertificateArgsDict',
     'ClientTlsPolicyClientCertificateCertificateProviderInstanceArgs',
@@ -39,6 +85,12 @@ __all__ = [
     'ClientTlsPolicyServerValidationCaCertificateProviderInstanceArgsDict',
     'ClientTlsPolicyServerValidationCaGrpcEndpointArgs',
     'ClientTlsPolicyServerValidationCaGrpcEndpointArgsDict',
+    'InterceptDeploymentGroupConnectedEndpointGroupArgs',
+    'InterceptDeploymentGroupConnectedEndpointGroupArgsDict',
+    'MirroringDeploymentGroupConnectedEndpointGroupArgs',
+    'MirroringDeploymentGroupConnectedEndpointGroupArgsDict',
+    'MirroringEndpointGroupAssociationLocationsDetailArgs',
+    'MirroringEndpointGroupAssociationLocationsDetailArgsDict',
     'SecurityProfileThreatPreventionProfileArgs',
     'SecurityProfileThreatPreventionProfileArgsDict',
     'SecurityProfileThreatPreventionProfileSeverityOverrideArgs',
@@ -424,6 +476,1826 @@ class AuthorizationPolicyRuleSourceArgs:
         pulumi.set(self, "principals", value)
+if not MYPY:
+    class AuthzPolicyCustomProviderArgsDict(TypedDict):
+        authz_extension: NotRequired[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgsDict']]
+        """
+        Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified.
+        Structure is documented below.
+        """
+        cloud_iap: NotRequired[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgsDict']]
+        """
+        Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyCustomProviderArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyCustomProviderArgs:
+    def __init__(__self__, *,
+                 authz_extension: Optional[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs']] = None,
+                 cloud_iap: Optional[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs']] = None):
+        """
+        :param pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs'] authz_extension: Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified.
+               Structure is documented below.
+        :param pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs'] cloud_iap: Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places.
+               Structure is documented below.
+        """
+        if authz_extension is not None:
+            pulumi.set(__self__, "authz_extension", authz_extension)
+        if cloud_iap is not None:
+            pulumi.set(__self__, "cloud_iap", cloud_iap)
+    @property
+    @pulumi.getter(name="authzExtension")
+    def authz_extension(self) -> Optional[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs']]:
+        """
+        Delegate authorization decision to user authored Service Extension. Only one of cloudIap or authzExtension can be specified.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "authz_extension")
+    @authz_extension.setter
+    def authz_extension(self, value: Optional[pulumi.Input['AuthzPolicyCustomProviderAuthzExtensionArgs']]):
+        pulumi.set(self, "authz_extension", value)
+    @property
+    @pulumi.getter(name="cloudIap")
+    def cloud_iap(self) -> Optional[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs']]:
+        """
+        Delegates authorization decisions to Cloud IAP. Applicable only for managed load balancers. Enabling Cloud IAP at the AuthzPolicy level is not compatible with Cloud IAP settings in the BackendService. Enabling IAP in both places will result in request failure. Ensure that IAP is enabled in either the AuthzPolicy or the BackendService but not in both places.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "cloud_iap")
+    @cloud_iap.setter
+    def cloud_iap(self, value: Optional[pulumi.Input['AuthzPolicyCustomProviderCloudIapArgs']]):
+        pulumi.set(self, "cloud_iap", value)
+if not MYPY:
+    class AuthzPolicyCustomProviderAuthzExtensionArgsDict(TypedDict):
+        resources: pulumi.Input[Sequence[pulumi.Input[str]]]
+        """
+        A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
+        """
+elif False:
+    AuthzPolicyCustomProviderAuthzExtensionArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyCustomProviderAuthzExtensionArgs:
+    def __init__(__self__, *,
+                 resources: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] resources: A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
+        """
+        pulumi.set(__self__, "resources", resources)
+    @property
+    @pulumi.getter
+    def resources(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
+        """
+        A list of references to authorization extensions that will be invoked for requests matching this policy. Limited to 1 custom provider.
+        """
+        return pulumi.get(self, "resources")
+    @resources.setter
+    def resources(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "resources", value)
+if not MYPY:
+    class AuthzPolicyCustomProviderCloudIapArgsDict(TypedDict):
+        enabled: pulumi.Input[bool]
+        """
+        Enable Cloud IAP at the AuthzPolicy level.
+        """
+elif False:
+    AuthzPolicyCustomProviderCloudIapArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyCustomProviderCloudIapArgs:
+    def __init__(__self__, *,
+                 enabled: pulumi.Input[bool]):
+        """
+        :param pulumi.Input[bool] enabled: Enable Cloud IAP at the AuthzPolicy level.
+        """
+        pulumi.set(__self__, "enabled", enabled)
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Input[bool]:
+        """
+        Enable Cloud IAP at the AuthzPolicy level.
+        """
+        return pulumi.get(self, "enabled")
+    @enabled.setter
+    def enabled(self, value: pulumi.Input[bool]):
+        pulumi.set(self, "enabled", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleArgsDict(TypedDict):
+        from_: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromArgsDict']]
+        """
+        Describes properties of one or more sources of a request.
+        Structure is documented below.
+        """
+        to: NotRequired[pulumi.Input['AuthzPolicyHttpRuleToArgsDict']]
+        """
+        Describes properties of one or more targets of a request
+        Structure is documented below.
+        """
+        when: NotRequired[pulumi.Input[str]]
+        """
+        CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
+        """
+elif False:
+    AuthzPolicyHttpRuleArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleArgs:
+    def __init__(__self__, *,
+                 from_: Optional[pulumi.Input['AuthzPolicyHttpRuleFromArgs']] = None,
+                 to: Optional[pulumi.Input['AuthzPolicyHttpRuleToArgs']] = None,
+                 when: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input['AuthzPolicyHttpRuleFromArgs'] from_: Describes properties of one or more sources of a request.
+               Structure is documented below.
+        :param pulumi.Input['AuthzPolicyHttpRuleToArgs'] to: Describes properties of one or more targets of a request
+               Structure is documented below.
+        :param pulumi.Input[str] when: CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
+        """
+        if from_ is not None:
+            pulumi.set(__self__, "from_", from_)
+        if to is not None:
+            pulumi.set(__self__, "to", to)
+        if when is not None:
+            pulumi.set(__self__, "when", when)
+    @property
+    @pulumi.getter(name="from")
+    def from_(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromArgs']]:
+        """
+        Describes properties of one or more sources of a request.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "from_")
+    @from_.setter
+    def from_(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromArgs']]):
+        pulumi.set(self, "from_", value)
+    @property
+    @pulumi.getter
+    def to(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleToArgs']]:
+        """
+        Describes properties of one or more targets of a request
+        Structure is documented below.
+        """
+        return pulumi.get(self, "to")
+    @to.setter
+    def to(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleToArgs']]):
+        pulumi.set(self, "to", value)
+    @property
+    @pulumi.getter
+    def when(self) -> Optional[pulumi.Input[str]]:
+        """
+        CEL expression that describes the conditions to be satisfied for the action. The result of the CEL expression is ANDed with the from and to. Refer to the CEL language reference for a list of available attributes.
+        """
+        return pulumi.get(self, "when")
+    @when.setter
+    def when(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "when", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromArgsDict(TypedDict):
+        not_sources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgsDict']]]]
+        """
+        Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.
+        Structure is documented below.
+        """
+        sources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgsDict']]]]
+        """
+        Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromArgs:
+    def __init__(__self__, *,
+                 not_sources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]]] = None,
+                 sources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]] not_sources: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.
+               Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]] sources: Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.
+               Structure is documented below.
+        """
+        if not_sources is not None:
+            pulumi.set(__self__, "not_sources", not_sources)
+        if sources is not None:
+            pulumi.set(__self__, "sources", sources)
+    @property
+    @pulumi.getter(name="notSources")
+    def not_sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]]]:
+        """
+        Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "not_sources")
+    @not_sources.setter
+    def not_sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceArgs']]]]):
+        pulumi.set(self, "not_sources", value)
+    @property
+    @pulumi.getter
+    def sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]]]:
+        """
+        Describes the properties of a request's sources. At least one of sources or notSources must be specified. Limited to 5 sources. A match occurs when ANY source (in sources or notSources) matches the request. Within a single source, the match follows AND semantics across fields and OR semantics within a single field, i.e. a match occurs when ANY principal matches AND ANY ipBlocks match.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "sources")
+    @sources.setter
+    def sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceArgs']]]]):
+        pulumi.set(self, "sources", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromNotSourceArgsDict(TypedDict):
+        principals: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict']]]]
+        """
+        A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.
+        Limited to 5 principals.
+        Structure is documented below.
+        """
+        resources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgsDict']]]]
+        """
+        A list of resources to match against the resource of the source VM of a request.
+        Limited to 5 resources.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromNotSourceArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromNotSourceArgs:
+    def __init__(__self__, *,
+                 principals: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]]] = None,
+                 resources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]] principals: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.
+               Limited to 5 principals.
+               Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]] resources: A list of resources to match against the resource of the source VM of a request.
+               Limited to 5 resources.
+               Structure is documented below.
+        """
+        if principals is not None:
+            pulumi.set(__self__, "principals", principals)
+        if resources is not None:
+            pulumi.set(__self__, "resources", resources)
+    @property
+    @pulumi.getter
+    def principals(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]]]:
+        """
+        A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.
+        Limited to 5 principals.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "principals")
+    @principals.setter
+    def principals(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourcePrincipalArgs']]]]):
+        pulumi.set(self, "principals", value)
+    @property
+    @pulumi.getter
+    def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]]]:
+        """
+        A list of resources to match against the resource of the source VM of a request.
+        Limited to 5 resources.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "resources")
+    @resources.setter
+    def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceArgs']]]]):
+        pulumi.set(self, "resources", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleFromNotSourcePrincipalArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromNotSourcePrincipalArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromNotSourceResourceArgsDict(TypedDict):
+        iam_service_account: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict']]
+        """
+        An IAM service account to match against the source service account of the VM sending the request.
+        Structure is documented below.
+        """
+        tag_value_id_set: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict']]
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromNotSourceResourceArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromNotSourceResourceArgs:
+    def __init__(__self__, *,
+                 iam_service_account: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs']] = None,
+                 tag_value_id_set: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs']] = None):
+        """
+        :param pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs'] iam_service_account: An IAM service account to match against the source service account of the VM sending the request.
+               Structure is documented below.
+        :param pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs'] tag_value_id_set: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.
+               Structure is documented below.
+        """
+        if iam_service_account is not None:
+            pulumi.set(__self__, "iam_service_account", iam_service_account)
+        if tag_value_id_set is not None:
+            pulumi.set(__self__, "tag_value_id_set", tag_value_id_set)
+    @property
+    @pulumi.getter(name="iamServiceAccount")
+    def iam_service_account(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs']]:
+        """
+        An IAM service account to match against the source service account of the VM sending the request.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "iam_service_account")
+    @iam_service_account.setter
+    def iam_service_account(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs']]):
+        pulumi.set(self, "iam_service_account", value)
+    @property
+    @pulumi.getter(name="tagValueIdSet")
+    def tag_value_id_set(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs']]:
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "tag_value_id_set")
+    @tag_value_id_set.setter
+    def tag_value_id_set(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs']]):
+        pulumi.set(self, "tag_value_id_set", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromNotSourceResourceIamServiceAccountArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict(TypedDict):
+        ids: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.
+        Limited to 5 matches.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromNotSourceResourceTagValueIdSetArgs:
+    def __init__(__self__, *,
+                 ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] ids: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.
+               Limited to 5 matches.
+        """
+        if ids is not None:
+            pulumi.set(__self__, "ids", ids)
+    @property
+    @pulumi.getter
+    def ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.
+        Limited to 5 matches.
+        """
+        return pulumi.get(self, "ids")
+    @ids.setter
+    def ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "ids", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromSourceArgsDict(TypedDict):
+        principals: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgsDict']]]]
+        """
+        A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.
+        Limited to 5 principals.
+        Structure is documented below.
+        """
+        resources: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgsDict']]]]
+        """
+        A list of resources to match against the resource of the source VM of a request.
+        Limited to 5 resources.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromSourceArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromSourceArgs:
+    def __init__(__self__, *,
+                 principals: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]]] = None,
+                 resources: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]] principals: A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.
+               Limited to 5 principals.
+               Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]] resources: A list of resources to match against the resource of the source VM of a request.
+               Limited to 5 resources.
+               Structure is documented below.
+        """
+        if principals is not None:
+            pulumi.set(__self__, "principals", principals)
+        if resources is not None:
+            pulumi.set(__self__, "resources", resources)
+    @property
+    @pulumi.getter
+    def principals(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]]]:
+        """
+        A list of identities derived from the client's certificate. This field will not match on a request unless mutual TLS is enabled for the Forwarding rule or Gateway. Each identity is a string whose value is matched against the URI SAN, or DNS SAN or the subject field in the client's certificate. The match can be exact, prefix, suffix or a substring match. One of exact, prefix, suffix or contains must be specified.
+        Limited to 5 principals.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "principals")
+    @principals.setter
+    def principals(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourcePrincipalArgs']]]]):
+        pulumi.set(self, "principals", value)
+    @property
+    @pulumi.getter
+    def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]]]:
+        """
+        A list of resources to match against the resource of the source VM of a request.
+        Limited to 5 resources.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "resources")
+    @resources.setter
+    def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceArgs']]]]):
+        pulumi.set(self, "resources", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromSourcePrincipalArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleFromSourcePrincipalArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromSourcePrincipalArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromSourceResourceArgsDict(TypedDict):
+        iam_service_account: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict']]
+        """
+        An IAM service account to match against the source service account of the VM sending the request.
+        Structure is documented below.
+        """
+        tag_value_id_set: NotRequired[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict']]
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromSourceResourceArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromSourceResourceArgs:
+    def __init__(__self__, *,
+                 iam_service_account: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs']] = None,
+                 tag_value_id_set: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs']] = None):
+        """
+        :param pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs'] iam_service_account: An IAM service account to match against the source service account of the VM sending the request.
+               Structure is documented below.
+        :param pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs'] tag_value_id_set: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.
+               Structure is documented below.
+        """
+        if iam_service_account is not None:
+            pulumi.set(__self__, "iam_service_account", iam_service_account)
+        if tag_value_id_set is not None:
+            pulumi.set(__self__, "tag_value_id_set", tag_value_id_set)
+    @property
+    @pulumi.getter(name="iamServiceAccount")
+    def iam_service_account(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs']]:
+        """
+        An IAM service account to match against the source service account of the VM sending the request.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "iam_service_account")
+    @iam_service_account.setter
+    def iam_service_account(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs']]):
+        pulumi.set(self, "iam_service_account", value)
+    @property
+    @pulumi.getter(name="tagValueIdSet")
+    def tag_value_id_set(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs']]:
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "tag_value_id_set")
+    @tag_value_id_set.setter
+    def tag_value_id_set(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs']]):
+        pulumi.set(self, "tag_value_id_set", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromSourceResourceIamServiceAccountArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict(TypedDict):
+        ids: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.
+        Limited to 5 matches.
+        """
+elif False:
+    AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleFromSourceResourceTagValueIdSetArgs:
+    def __init__(__self__, *,
+                 ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] ids: A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.
+               Limited to 5 matches.
+        """
+        if ids is not None:
+            pulumi.set(__self__, "ids", ids)
+    @property
+    @pulumi.getter
+    def ids(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of resource tag value permanent IDs to match against the resource manager tags value associated with the source VM of a request. The match follows AND semantics which means all the ids must match.
+        Limited to 5 matches.
+        """
+        return pulumi.get(self, "ids")
+    @ids.setter
+    def ids(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "ids", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToArgsDict(TypedDict):
+        operations: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgsDict']]]]
+        """
+        Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleToArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToArgs:
+    def __init__(__self__, *,
+                 operations: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]] operations: Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.
+               Structure is documented below.
+        """
+        if operations is not None:
+            pulumi.set(__self__, "operations", operations)
+    @property
+    @pulumi.getter
+    def operations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]]]:
+        """
+        Describes properties of one or more targets of a request. At least one of operations or notOperations must be specified. Limited to 5 operations. A match occurs when ANY operation (in operations or notOperations) matches. Within an operation, the match follows AND semantics across fields and OR semantics within a field, i.e. a match occurs when ANY path matches AND ANY header matches and ANY method matches.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "operations")
+    @operations.setter
+    def operations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationArgs']]]]):
+        pulumi.set(self, "operations", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToOperationArgsDict(TypedDict):
+        header_set: NotRequired[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgsDict']]
+        """
+        A list of headers to match against in http header.
+        Structure is documented below.
+        """
+        hosts: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgsDict']]]]
+        """
+        A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.
+        Limited to 5 matches.
+        Structure is documented below.
+        """
+        methods: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
+        """
+        paths: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgsDict']]]]
+        """
+        A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.
+        Limited to 5 matches.
+        Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleToOperationArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToOperationArgs:
+    def __init__(__self__, *,
+                 header_set: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs']] = None,
+                 hosts: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]]] = None,
+                 methods: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 paths: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]]] = None):
+        """
+        :param pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs'] header_set: A list of headers to match against in http header.
+               Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]] hosts: A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.
+               Limited to 5 matches.
+               Structure is documented below.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] methods: A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]] paths: A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.
+               Limited to 5 matches.
+               Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.
+               Structure is documented below.
+        """
+        if header_set is not None:
+            pulumi.set(__self__, "header_set", header_set)
+        if hosts is not None:
+            pulumi.set(__self__, "hosts", hosts)
+        if methods is not None:
+            pulumi.set(__self__, "methods", methods)
+        if paths is not None:
+            pulumi.set(__self__, "paths", paths)
+    @property
+    @pulumi.getter(name="headerSet")
+    def header_set(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs']]:
+        """
+        A list of headers to match against in http header.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "header_set")
+    @header_set.setter
+    def header_set(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetArgs']]):
+        pulumi.set(self, "header_set", value)
+    @property
+    @pulumi.getter
+    def hosts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]]]:
+        """
+        A list of HTTP Hosts to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.
+        Limited to 5 matches.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "hosts")
+    @hosts.setter
+    def hosts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHostArgs']]]]):
+        pulumi.set(self, "hosts", value)
+    @property
+    @pulumi.getter
+    def methods(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of HTTP methods to match against. Each entry must be a valid HTTP method name (GET, PUT, POST, HEAD, PATCH, DELETE, OPTIONS). It only allows exact match and is always case sensitive.
+        """
+        return pulumi.get(self, "methods")
+    @methods.setter
+    def methods(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "methods", value)
+    @property
+    @pulumi.getter
+    def paths(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]]]:
+        """
+        A list of paths to match against. The match can be one of exact, prefix, suffix, or contains (substring match). Matches are always case sensitive unless the ignoreCase is set.
+        Limited to 5 matches.
+        Note that this path match includes the query parameters. For gRPC services, this should be a fully-qualified name of the form /package.service/method.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "paths")
+    @paths.setter
+    def paths(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationPathArgs']]]]):
+        pulumi.set(self, "paths", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToOperationHeaderSetArgsDict(TypedDict):
+        headers: NotRequired[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict']]]]
+        """
+        A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleToOperationHeaderSetArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToOperationHeaderSetArgs:
+    def __init__(__self__, *,
+                 headers: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]]] = None):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]] headers: A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.
+               Structure is documented below.
+        """
+        if headers is not None:
+            pulumi.set(__self__, "headers", headers)
+    @property
+    @pulumi.getter
+    def headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]]]:
+        """
+        A list of headers to match against in http header. The match can be one of exact, prefix, suffix, or contains (substring match). The match follows AND semantics which means all the headers must match. Matches are always case sensitive unless the ignoreCase is set. Limited to 5 matches.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "headers")
+    @headers.setter
+    def headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs']]]]):
+        pulumi.set(self, "headers", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[str]]
+        """
+        Specifies the name of the header in the request.
+        """
+        value: NotRequired[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict']]
+        """
+        Specifies how the header match will be performed.
+        Structure is documented below.
+        """
+elif False:
+    AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToOperationHeaderSetHeaderArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[str]] = None,
+                 value: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs']] = None):
+        """
+        :param pulumi.Input[str] name: Specifies the name of the header in the request.
+        :param pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs'] value: Specifies how the header match will be performed.
+               Structure is documented below.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if value is not None:
+            pulumi.set(__self__, "value", value)
+    @property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[str]]:
+        """
+        Specifies the name of the header in the request.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "name", value)
+    @property
+    @pulumi.getter
+    def value(self) -> Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs']]:
+        """
+        Specifies how the header match will be performed.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "value")
+    @value.setter
+    def value(self, value: Optional[pulumi.Input['AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs']]):
+        pulumi.set(self, "value", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToOperationHeaderSetHeaderValueArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToOperationHostArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleToOperationHostArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToOperationHostArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyHttpRuleToOperationPathArgsDict(TypedDict):
+        contains: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        exact: NotRequired[pulumi.Input[str]]
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        ignore_case: NotRequired[pulumi.Input[bool]]
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        prefix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        suffix: NotRequired[pulumi.Input[str]]
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+elif False:
+    AuthzPolicyHttpRuleToOperationPathArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyHttpRuleToOperationPathArgs:
+    def __init__(__self__, *,
+                 contains: Optional[pulumi.Input[str]] = None,
+                 exact: Optional[pulumi.Input[str]] = None,
+                 ignore_case: Optional[pulumi.Input[bool]] = None,
+                 prefix: Optional[pulumi.Input[str]] = None,
+                 suffix: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] contains: The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc.def
+        :param pulumi.Input[str] exact: The input string must match exactly the string specified here.
+               Examples:
+               * abc only matches the value abc.
+        :param pulumi.Input[bool] ignore_case: If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        :param pulumi.Input[str] prefix: The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value abc.xyz
+        :param pulumi.Input[str] suffix: The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+               Examples:
+               * abc matches the value xyz.abc
+        """
+        if contains is not None:
+            pulumi.set(__self__, "contains", contains)
+        if exact is not None:
+            pulumi.set(__self__, "exact", exact)
+        if ignore_case is not None:
+            pulumi.set(__self__, "ignore_case", ignore_case)
+        if prefix is not None:
+            pulumi.set(__self__, "prefix", prefix)
+        if suffix is not None:
+            pulumi.set(__self__, "suffix", suffix)
+    @property
+    @pulumi.getter
+    def contains(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the substring specified here. Note: empty contains match is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc.def
+        """
+        return pulumi.get(self, "contains")
+    @contains.setter
+    def contains(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "contains", value)
+    @property
+    @pulumi.getter
+    def exact(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must match exactly the string specified here.
+        Examples:
+        * abc only matches the value abc.
+        """
+        return pulumi.get(self, "exact")
+    @exact.setter
+    def exact(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "exact", value)
+    @property
+    @pulumi.getter(name="ignoreCase")
+    def ignore_case(self) -> Optional[pulumi.Input[bool]]:
+        """
+        If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. For example, the matcher data will match both input string Data and data if set to true.
+        """
+        return pulumi.get(self, "ignore_case")
+    @ignore_case.setter
+    def ignore_case(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "ignore_case", value)
+    @property
+    @pulumi.getter
+    def prefix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the prefix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value abc.xyz
+        """
+        return pulumi.get(self, "prefix")
+    @prefix.setter
+    def prefix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "prefix", value)
+    @property
+    @pulumi.getter
+    def suffix(self) -> Optional[pulumi.Input[str]]:
+        """
+        The input string must have the suffix specified here. Note: empty prefix is not allowed, please use regex instead.
+        Examples:
+        * abc matches the value xyz.abc
+        """
+        return pulumi.get(self, "suffix")
+    @suffix.setter
+    def suffix(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "suffix", value)
+if not MYPY:
+    class AuthzPolicyTargetArgsDict(TypedDict):
+        load_balancing_scheme: pulumi.Input[str]
+        """
+        All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme.
+        For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
+        Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`.
+        """
+        resources: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        A list of references to the Forwarding Rules on which this policy will be applied.
+        - - -
+        """
+elif False:
+    AuthzPolicyTargetArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class AuthzPolicyTargetArgs:
+    def __init__(__self__, *,
+                 load_balancing_scheme: pulumi.Input[str],
+                 resources: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
+        """
+        :param pulumi.Input[str] load_balancing_scheme: All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme.
+               For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
+               Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] resources: A list of references to the Forwarding Rules on which this policy will be applied.
+               - - -
+        """
+        pulumi.set(__self__, "load_balancing_scheme", load_balancing_scheme)
+        if resources is not None:
+            pulumi.set(__self__, "resources", resources)
+    @property
+    @pulumi.getter(name="loadBalancingScheme")
+    def load_balancing_scheme(self) -> pulumi.Input[str]:
+        """
+        All gateways and forwarding rules referenced by this policy and extensions must share the same load balancing scheme.
+        For more information, refer to [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service).
+        Possible values are: `INTERNAL_MANAGED`, `EXTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`.
+        """
+        return pulumi.get(self, "load_balancing_scheme")
+    @load_balancing_scheme.setter
+    def load_balancing_scheme(self, value: pulumi.Input[str]):
+        pulumi.set(self, "load_balancing_scheme", value)
+    @property
+    @pulumi.getter
+    def resources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        A list of references to the Forwarding Rules on which this policy will be applied.
+        - - -
+        """
+        return pulumi.get(self, "resources")
+    @resources.setter
+    def resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "resources", value)
 if not MYPY:
     class ClientTlsPolicyClientCertificateArgsDict(TypedDict):
         certificate_provider_instance: NotRequired[pulumi.Input['ClientTlsPolicyClientCertificateCertificateProviderInstanceArgsDict']]
@@ -664,6 +2536,152 @@ class ClientTlsPolicyServerValidationCaGrpcEndpointArgs:
         pulumi.set(self, "target_uri", value)
+if not MYPY:
+    class InterceptDeploymentGroupConnectedEndpointGroupArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[str]]
+        """
+        (Output)
+        Output only. A connected intercept endpoint group.
+        """
+elif False:
+    InterceptDeploymentGroupConnectedEndpointGroupArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class InterceptDeploymentGroupConnectedEndpointGroupArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] name: (Output)
+               Output only. A connected intercept endpoint group.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+    @property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[str]]:
+        """
+        (Output)
+        Output only. A connected intercept endpoint group.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "name", value)
+if not MYPY:
+    class MirroringDeploymentGroupConnectedEndpointGroupArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[str]]
+        """
+        (Output)
+        Output only. A connected mirroring endpoint group.
+        """
+elif False:
+    MirroringDeploymentGroupConnectedEndpointGroupArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class MirroringDeploymentGroupConnectedEndpointGroupArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] name: (Output)
+               Output only. A connected mirroring endpoint group.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+    @property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[str]]:
+        """
+        (Output)
+        Output only. A connected mirroring endpoint group.
+        """
+        return pulumi.get(self, "name")
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "name", value)
+if not MYPY:
+    class MirroringEndpointGroupAssociationLocationsDetailArgsDict(TypedDict):
+        location: NotRequired[pulumi.Input[str]]
+        """
+        Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringEndpointGroupAssociation`.
+        - - -
+        """
+        state: NotRequired[pulumi.Input[str]]
+        """
+        (Output)
+        Output only. The association state in this location.
+        Possible values:
+        STATE_UNSPECIFIED
+        ACTIVE
+        OUT_OF_SYNC
+        """
+elif False:
+    MirroringEndpointGroupAssociationLocationsDetailArgsDict: TypeAlias = Mapping[str, Any]
+@pulumi.input_type
+class MirroringEndpointGroupAssociationLocationsDetailArgs:
+    def __init__(__self__, *,
+                 location: Optional[pulumi.Input[str]] = None,
+                 state: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringEndpointGroupAssociation`.
+               - - -
+        :param pulumi.Input[str] state: (Output)
+               Output only. The association state in this location.
+               Possible values:
+               STATE_UNSPECIFIED
+               ACTIVE
+               OUT_OF_SYNC
+        """
+        if location is not None:
+            pulumi.set(__self__, "location", location)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+    @property
+    @pulumi.getter
+    def location(self) -> Optional[pulumi.Input[str]]:
+        """
+        Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/MirroringEndpointGroupAssociation`.
+        - - -
+        """
+        return pulumi.get(self, "location")
+    @location.setter
+    def location(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "location", value)
+    @property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[str]]:
+        """
+        (Output)
+        Output only. The association state in this location.
+        Possible values:
+        STATE_UNSPECIFIED
+        ACTIVE
+        OUT_OF_SYNC
+        """
+        return pulumi.get(self, "state")
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "state", value)
 if not MYPY:
     class SecurityProfileThreatPreventionProfileArgsDict(TypedDict):
         severity_overrides: NotRequired[pulumi.Input[Sequence[pulumi.Input['SecurityProfileThreatPreventionProfileSeverityOverrideArgsDict']]]]

pulumi-gcp 8.11.0a1734348982__py3-none-any.whl → 8.12.0__py3-none-any.whl

pulumi-gcp 8.11.0a1734348982py3-none-any.whl → 8.12.0py3-none-any.whl