pulumi-gcp 8.18.0a1738650987__py3-none-any.whl → 8.19.0a1738736844__py3-none-any.whl

pulumi_gcp/__init__.py

@@ -1162,6 +1162,30 @@ _utilities.register(
    "gcp:beyondcorp/securityGateway:SecurityGateway": "SecurityGateway"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "beyondcorp/securityGatewayIamBinding",
+  "fqn": "pulumi_gcp.beyondcorp",
+  "classes": {
+   "gcp:beyondcorp/securityGatewayIamBinding:SecurityGatewayIamBinding": "SecurityGatewayIamBinding"
+  }
+ },
+ {
+  "pkg": "gcp",
+  "mod": "beyondcorp/securityGatewayIamMember",
+  "fqn": "pulumi_gcp.beyondcorp",
+  "classes": {
+   "gcp:beyondcorp/securityGatewayIamMember:SecurityGatewayIamMember": "SecurityGatewayIamMember"
+  }
+ },
+ {
+  "pkg": "gcp",
+  "mod": "beyondcorp/securityGatewayIamPolicy",
+  "fqn": "pulumi_gcp.beyondcorp",
+  "classes": {
+   "gcp:beyondcorp/securityGatewayIamPolicy:SecurityGatewayIamPolicy": "SecurityGatewayIamPolicy"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "biglake/catalog",

pulumi_gcp/accesscontextmanager/service_perimeter_dry_run_resource.py

@@ -68,11 +68,13 @@ class ServicePerimeterDryRunResourceArgs:
 class _ServicePerimeterDryRunResourceState:
     def __init__(__self__, *,
                  access_policy_id: Optional[pulumi.Input[str]] = None,
+                 etag: Optional[pulumi.Input[str]] = None,
                  perimeter_name: Optional[pulumi.Input[str]] = None,
                  resource: Optional[pulumi.Input[str]] = None):
         """
         Input properties used for looking up and filtering ServicePerimeterDryRunResource resources.
         :param pulumi.Input[str] access_policy_id: The name of the Access Policy this resource belongs to.
+        :param pulumi.Input[str] etag: The perimeter etag is internally used to prevent overwriting the list of perimeter resources on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of resources. The resource to add or remove is merged into that list and then this etag is sent with the PATCH call along with the updated resource list.
         :param pulumi.Input[str] perimeter_name: The name of the Service Perimeter to add this resource to.
                
                
@@ -83,6 +85,8 @@ class _ServicePerimeterDryRunResourceState:
         """
         if access_policy_id is not None:
             pulumi.set(__self__, "access_policy_id", access_policy_id)
+        if etag is not None:
+            pulumi.set(__self__, "etag", etag)
         if perimeter_name is not None:
             pulumi.set(__self__, "perimeter_name", perimeter_name)
         if resource is not None:
@@ -100,6 +104,18 @@ class _ServicePerimeterDryRunResourceState:
     def access_policy_id(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "access_policy_id", value)
 
+    @property
+    @pulumi.getter
+    def etag(self) -> Optional[pulumi.Input[str]]:
+        """
+        The perimeter etag is internally used to prevent overwriting the list of perimeter resources on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of resources. The resource to add or remove is merged into that list and then this etag is sent with the PATCH call along with the updated resource list.
+        """
+        return pulumi.get(self, "etag")
+
+    @etag.setter
+    def etag(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "etag", value)
+
     @property
     @pulumi.getter(name="perimeterName")
     def perimeter_name(self) -> Optional[pulumi.Input[str]]:
@@ -305,6 +321,7 @@ class ServicePerimeterDryRunResource(pulumi.CustomResource):
                 raise TypeError("Missing required property 'resource'")
             __props__.__dict__["resource"] = resource
             __props__.__dict__["access_policy_id"] = None
+            __props__.__dict__["etag"] = None
         super(ServicePerimeterDryRunResource, __self__).__init__(
             'gcp:accesscontextmanager/servicePerimeterDryRunResource:ServicePerimeterDryRunResource',
             resource_name,
@@ -316,6 +333,7 @@ class ServicePerimeterDryRunResource(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             access_policy_id: Optional[pulumi.Input[str]] = None,
+            etag: Optional[pulumi.Input[str]] = None,
             perimeter_name: Optional[pulumi.Input[str]] = None,
             resource: Optional[pulumi.Input[str]] = None) -> 'ServicePerimeterDryRunResource':
         """
@@ -326,6 +344,7 @@ class ServicePerimeterDryRunResource(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] access_policy_id: The name of the Access Policy this resource belongs to.
+        :param pulumi.Input[str] etag: The perimeter etag is internally used to prevent overwriting the list of perimeter resources on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of resources. The resource to add or remove is merged into that list and then this etag is sent with the PATCH call along with the updated resource list.
         :param pulumi.Input[str] perimeter_name: The name of the Service Perimeter to add this resource to.
                
                
@@ -339,6 +358,7 @@ class ServicePerimeterDryRunResource(pulumi.CustomResource):
         __props__ = _ServicePerimeterDryRunResourceState.__new__(_ServicePerimeterDryRunResourceState)
 
         __props__.__dict__["access_policy_id"] = access_policy_id
+        __props__.__dict__["etag"] = etag
         __props__.__dict__["perimeter_name"] = perimeter_name
         __props__.__dict__["resource"] = resource
         return ServicePerimeterDryRunResource(resource_name, opts=opts, __props__=__props__)
@@ -351,6 +371,14 @@ class ServicePerimeterDryRunResource(pulumi.CustomResource):
         """
         return pulumi.get(self, "access_policy_id")
 
+    @property
+    @pulumi.getter
+    def etag(self) -> pulumi.Output[str]:
+        """
+        The perimeter etag is internally used to prevent overwriting the list of perimeter resources on PATCH calls. It is retrieved from the same GET perimeter API call that's used to get the current list of resources. The resource to add or remove is merged into that list and then this etag is sent with the PATCH call along with the updated resource list.
+        """
+        return pulumi.get(self, "etag")
+
     @property
     @pulumi.getter(name="perimeterName")
     def perimeter_name(self) -> pulumi.Output[str]:

pulumi_gcp/alloydb/user.py

@@ -36,6 +36,7 @@ class UserArgs:
                - - -
         :param pulumi.Input[Sequence[pulumi.Input[str]]] database_roles: List of database roles this database user has.
         :param pulumi.Input[str] password: Password for this database user.
+               **Note**: This property is sensitive and will not be displayed in the plan.
         """
         pulumi.set(__self__, "cluster", cluster)
         pulumi.set(__self__, "user_id", user_id)
@@ -103,6 +104,7 @@ class UserArgs:
     def password(self) -> Optional[pulumi.Input[str]]:
         """
         Password for this database user.
+        **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "password")
 
@@ -127,6 +129,7 @@ class _UserState:
         :param pulumi.Input[Sequence[pulumi.Input[str]]] database_roles: List of database roles this database user has.
         :param pulumi.Input[str] name: Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.
         :param pulumi.Input[str] password: Password for this database user.
+               **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[str] user_id: The database role name of the user.
         :param pulumi.Input[str] user_type: The type of this user.
                Possible values are: `ALLOYDB_BUILT_IN`, `ALLOYDB_IAM_USER`.
@@ -189,6 +192,7 @@ class _UserState:
     def password(self) -> Optional[pulumi.Input[str]]:
         """
         Password for this database user.
+        **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "password")
 
@@ -357,6 +361,7 @@ class User(pulumi.CustomResource):
                'projects/{project}/locations/{location}/clusters/{cluster_id}'
         :param pulumi.Input[Sequence[pulumi.Input[str]]] database_roles: List of database roles this database user has.
         :param pulumi.Input[str] password: Password for this database user.
+               **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[str] user_id: The database role name of the user.
         :param pulumi.Input[str] user_type: The type of this user.
                Possible values are: `ALLOYDB_BUILT_IN`, `ALLOYDB_IAM_USER`.
@@ -518,7 +523,7 @@ class User(pulumi.CustomResource):
                 raise TypeError("Missing required property 'cluster'")
             __props__.__dict__["cluster"] = cluster
             __props__.__dict__["database_roles"] = database_roles
-            __props__.__dict__["password"] = password
+            __props__.__dict__["password"] = None if password is None else pulumi.Output.secret(password)
             if user_id is None and not opts.urn:
                 raise TypeError("Missing required property 'user_id'")
             __props__.__dict__["user_id"] = user_id
@@ -526,6 +531,8 @@ class User(pulumi.CustomResource):
                 raise TypeError("Missing required property 'user_type'")
             __props__.__dict__["user_type"] = user_type
             __props__.__dict__["name"] = None
+        secret_opts = pulumi.ResourceOptions(additional_secret_outputs=["password"])
+        opts = pulumi.ResourceOptions.merge(opts, secret_opts)
         super(User, __self__).__init__(
             'gcp:alloydb/user:User',
             resource_name,
@@ -554,6 +561,7 @@ class User(pulumi.CustomResource):
         :param pulumi.Input[Sequence[pulumi.Input[str]]] database_roles: List of database roles this database user has.
         :param pulumi.Input[str] name: Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.
         :param pulumi.Input[str] password: Password for this database user.
+               **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[str] user_id: The database role name of the user.
         :param pulumi.Input[str] user_type: The type of this user.
                Possible values are: `ALLOYDB_BUILT_IN`, `ALLOYDB_IAM_USER`.
@@ -603,6 +611,7 @@ class User(pulumi.CustomResource):
     def password(self) -> pulumi.Output[Optional[str]]:
         """
         Password for this database user.
+        **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "password")
 

pulumi_gcp/assuredworkloads/workload.py

@@ -38,7 +38,7 @@ class WorkloadArgs:
                  workload_options: Optional[pulumi.Input['WorkloadWorkloadOptionsArgs']] = None):
         """
         The set of arguments for constructing a Workload resource.
-        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         :param pulumi.Input[str] display_name: Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
         :param pulumi.Input[str] location: The location for the resource
         :param pulumi.Input[str] organization: The organization for the resource
@@ -92,7 +92,7 @@ class WorkloadArgs:
     @pulumi.getter(name="complianceRegime")
     def compliance_regime(self) -> pulumi.Input[str]:
         """
-        Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         """
         return pulumi.get(self, "compliance_regime")
 
@@ -307,7 +307,7 @@ class _WorkloadState:
         """
         Input properties used for looking up and filtering Workload resources.
         :param pulumi.Input[str] billing_account: Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.
-        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         :param pulumi.Input[Sequence[pulumi.Input['WorkloadComplianceStatusArgs']]] compliance_statuses: Output only. Count of active Violations in the Workload.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] compliant_but_disallowed_services: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
         :param pulumi.Input[str] create_time: Output only. Immutable. The Workload creation timestamp.
@@ -406,7 +406,7 @@ class _WorkloadState:
     @pulumi.getter(name="complianceRegime")
     def compliance_regime(self) -> Optional[pulumi.Input[str]]:
         """
-        Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         """
         return pulumi.get(self, "compliance_regime")
 
@@ -853,7 +853,7 @@ class Workload(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] billing_account: Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.
-        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         :param pulumi.Input[str] display_name: Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
         :param pulumi.Input[bool] enable_sovereign_controls: Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.
         :param pulumi.Input[Union['WorkloadKmsSettingsArgs', 'WorkloadKmsSettingsArgsDict']] kms_settings: **DEPRECATED** Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.
@@ -1129,7 +1129,7 @@ class Workload(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] billing_account: Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.
-        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        :param pulumi.Input[str] compliance_regime: Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         :param pulumi.Input[Sequence[pulumi.Input[Union['WorkloadComplianceStatusArgs', 'WorkloadComplianceStatusArgsDict']]]] compliance_statuses: Output only. Count of active Violations in the Workload.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] compliant_but_disallowed_services: Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.
         :param pulumi.Input[str] create_time: Output only. Immutable. The Workload creation timestamp.
@@ -1204,7 +1204,7 @@ class Workload(pulumi.CustomResource):
     @pulumi.getter(name="complianceRegime")
     def compliance_regime(self) -> pulumi.Output[str]:
         """
-        Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_WITH_US_SUPPORT, IRS_1075
+        Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT, KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS, REGIONAL_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS, HEALTHCARE_AND_LIFE_SCIENCES_CONTROLS_US_SUPPORT, IRS_1075
         """
         return pulumi.get(self, "compliance_regime")
 

pulumi_gcp/beyondcorp/__init__.py

@@ -11,6 +11,10 @@ from .app_gateway import *
 from .get_app_connection import *
 from .get_app_connector import *
 from .get_app_gateway import *
+from .get_security_gateway_iam_policy import *
 from .security_gateway import *
+from .security_gateway_iam_binding import *
+from .security_gateway_iam_member import *
+from .security_gateway_iam_policy import *
 from ._inputs import *
 from . import outputs

pulumi_gcp/beyondcorp/_inputs.py

@@ -29,6 +29,10 @@ __all__ = [
     'SecurityGatewayHubArgsDict',
     'SecurityGatewayHubInternetGatewayArgs',
     'SecurityGatewayHubInternetGatewayArgsDict',
+    'SecurityGatewayIamBindingConditionArgs',
+    'SecurityGatewayIamBindingConditionArgsDict',
+    'SecurityGatewayIamMemberConditionArgs',
+    'SecurityGatewayIamMemberConditionArgsDict',
 ]
 
 MYPY = False
@@ -404,3 +408,129 @@ class SecurityGatewayHubInternetGatewayArgs:
         pulumi.set(self, "assigned_ips", value)
 
 
+if not MYPY:
+    class SecurityGatewayIamBindingConditionArgsDict(TypedDict):
+        expression: pulumi.Input[str]
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        title: pulumi.Input[str]
+        """
+        A title for the expression, i.e. a short string describing its purpose.
+        """
+        description: NotRequired[pulumi.Input[str]]
+elif False:
+    SecurityGatewayIamBindingConditionArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class SecurityGatewayIamBindingConditionArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 title: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] expression: Textual representation of an expression in Common Expression Language syntax.
+        :param pulumi.Input[str] title: A title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        pulumi.set(__self__, "title", title)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter
+    def title(self) -> pulumi.Input[str]:
+        """
+        A title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+    @title.setter
+    def title(self, value: pulumi.Input[str]):
+        pulumi.set(self, "title", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+
+if not MYPY:
+    class SecurityGatewayIamMemberConditionArgsDict(TypedDict):
+        expression: pulumi.Input[str]
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        title: pulumi.Input[str]
+        """
+        A title for the expression, i.e. a short string describing its purpose.
+        """
+        description: NotRequired[pulumi.Input[str]]
+elif False:
+    SecurityGatewayIamMemberConditionArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class SecurityGatewayIamMemberConditionArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 title: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] expression: Textual representation of an expression in Common Expression Language syntax.
+        :param pulumi.Input[str] title: A title for the expression, i.e. a short string describing its purpose.
+        """
+        pulumi.set(__self__, "expression", expression)
+        pulumi.set(__self__, "title", title)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Textual representation of an expression in Common Expression Language syntax.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter
+    def title(self) -> pulumi.Input[str]:
+        """
+        A title for the expression, i.e. a short string describing its purpose.
+        """
+        return pulumi.get(self, "title")
+
+    @title.setter
+    def title(self, value: pulumi.Input[str]):
+        pulumi.set(self, "title", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+

pulumi_gcp/beyondcorp/get_security_gateway_iam_policy.py

@@ -0,0 +1,180 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from .. import _utilities
+
+__all__ = [
+    'GetSecurityGatewayIamPolicyResult',
+    'AwaitableGetSecurityGatewayIamPolicyResult',
+    'get_security_gateway_iam_policy',
+    'get_security_gateway_iam_policy_output',
+]
+
+@pulumi.output_type
+class GetSecurityGatewayIamPolicyResult:
+    """
+    A collection of values returned by getSecurityGatewayIamPolicy.
+    """
+    def __init__(__self__, etag=None, id=None, location=None, policy_data=None, project=None, security_gateway_id=None):
+        if etag and not isinstance(etag, str):
+            raise TypeError("Expected argument 'etag' to be a str")
+        pulumi.set(__self__, "etag", etag)
+        if id and not isinstance(id, str):
+            raise TypeError("Expected argument 'id' to be a str")
+        pulumi.set(__self__, "id", id)
+        if location and not isinstance(location, str):
+            raise TypeError("Expected argument 'location' to be a str")
+        pulumi.set(__self__, "location", location)
+        if policy_data and not isinstance(policy_data, str):
+            raise TypeError("Expected argument 'policy_data' to be a str")
+        pulumi.set(__self__, "policy_data", policy_data)
+        if project and not isinstance(project, str):
+            raise TypeError("Expected argument 'project' to be a str")
+        pulumi.set(__self__, "project", project)
+        if security_gateway_id and not isinstance(security_gateway_id, str):
+            raise TypeError("Expected argument 'security_gateway_id' to be a str")
+        pulumi.set(__self__, "security_gateway_id", security_gateway_id)
+
+    @property
+    @pulumi.getter
+    def etag(self) -> str:
+        """
+        (Computed) The etag of the IAM policy.
+        """
+        return pulumi.get(self, "etag")
+
+    @property
+    @pulumi.getter
+    def id(self) -> str:
+        """
+        The provider-assigned unique ID for this managed resource.
+        """
+        return pulumi.get(self, "id")
+
+    @property
+    @pulumi.getter
+    def location(self) -> str:
+        return pulumi.get(self, "location")
+
+    @property
+    @pulumi.getter(name="policyData")
+    def policy_data(self) -> str:
+        """
+        (Required only by `beyondcorp.SecurityGatewayIamPolicy`) The policy data generated by
+        a `organizations_get_iam_policy` data source.
+        """
+        return pulumi.get(self, "policy_data")
+
+    @property
+    @pulumi.getter
+    def project(self) -> str:
+        return pulumi.get(self, "project")
+
+    @property
+    @pulumi.getter(name="securityGatewayId")
+    def security_gateway_id(self) -> str:
+        return pulumi.get(self, "security_gateway_id")
+
+
+class AwaitableGetSecurityGatewayIamPolicyResult(GetSecurityGatewayIamPolicyResult):
+    # pylint: disable=using-constant-test
+    def __await__(self):
+        if False:
+            yield self
+        return GetSecurityGatewayIamPolicyResult(
+            etag=self.etag,
+            id=self.id,
+            location=self.location,
+            policy_data=self.policy_data,
+            project=self.project,
+            security_gateway_id=self.security_gateway_id)
+
+
+def get_security_gateway_iam_policy(location: Optional[str] = None,
+                                    project: Optional[str] = None,
+                                    security_gateway_id: Optional[str] = None,
+                                    opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetSecurityGatewayIamPolicyResult:
+    """
+    Retrieves the current IAM policy data for securitygateway
+
+    ## example
+
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+
+    policy = gcp.beyondcorp.get_security_gateway_iam_policy(project=example["project"],
+        location=example["location"],
+        security_gateway_id=example["securityGatewayId"])
+    ```
+
+
+    :param str location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Must be omitted or set to `global`. Used to find the parent resource to bind the IAM policy to. If not specified,
+           the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
+           location is specified, it is taken from the provider configuration.
+    :param str project: The ID of the project in which the resource belongs.
+           If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
+    """
+    __args__ = dict()
+    __args__['location'] = location
+    __args__['project'] = project
+    __args__['securityGatewayId'] = security_gateway_id
+    opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke('gcp:beyondcorp/getSecurityGatewayIamPolicy:getSecurityGatewayIamPolicy', __args__, opts=opts, typ=GetSecurityGatewayIamPolicyResult).value
+
+    return AwaitableGetSecurityGatewayIamPolicyResult(
+        etag=pulumi.get(__ret__, 'etag'),
+        id=pulumi.get(__ret__, 'id'),
+        location=pulumi.get(__ret__, 'location'),
+        policy_data=pulumi.get(__ret__, 'policy_data'),
+        project=pulumi.get(__ret__, 'project'),
+        security_gateway_id=pulumi.get(__ret__, 'security_gateway_id'))
+def get_security_gateway_iam_policy_output(location: Optional[pulumi.Input[Optional[str]]] = None,
+                                           project: Optional[pulumi.Input[Optional[str]]] = None,
+                                           security_gateway_id: Optional[pulumi.Input[str]] = None,
+                                           opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetSecurityGatewayIamPolicyResult]:
+    """
+    Retrieves the current IAM policy data for securitygateway
+
+    ## example
+
+    ```python
+    import pulumi
+    import pulumi_gcp as gcp
+
+    policy = gcp.beyondcorp.get_security_gateway_iam_policy(project=example["project"],
+        location=example["location"],
+        security_gateway_id=example["securityGatewayId"])
+    ```
+
+
+    :param str location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. Must be omitted or set to `global`. Used to find the parent resource to bind the IAM policy to. If not specified,
+           the value will be parsed from the identifier of the parent resource. If no location is provided in the parent identifier and no
+           location is specified, it is taken from the provider configuration.
+    :param str project: The ID of the project in which the resource belongs.
+           If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
+    """
+    __args__ = dict()
+    __args__['location'] = location
+    __args__['project'] = project
+    __args__['securityGatewayId'] = security_gateway_id
+    opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
+    __ret__ = pulumi.runtime.invoke_output('gcp:beyondcorp/getSecurityGatewayIamPolicy:getSecurityGatewayIamPolicy', __args__, opts=opts, typ=GetSecurityGatewayIamPolicyResult)
+    return __ret__.apply(lambda __response__: GetSecurityGatewayIamPolicyResult(
+        etag=pulumi.get(__response__, 'etag'),
+        id=pulumi.get(__response__, 'id'),
+        location=pulumi.get(__response__, 'location'),
+        policy_data=pulumi.get(__response__, 'policy_data'),
+        project=pulumi.get(__response__, 'project'),
+        security_gateway_id=pulumi.get(__response__, 'security_gateway_id')))