pulumi-gcp 8.2.0__py3-none-any.whl → 8.2.0a1726589141__py3-none-any.whl

pulumi_gcp/compute/_inputs.py

@@ -399,26 +399,6 @@ __all__ = [
     'NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict',
     'NetworkFirewallPolicyRuleTargetSecureTagArgs',
     'NetworkFirewallPolicyRuleTargetSecureTagArgsDict',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleArgs',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleArgsDict',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgs',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgsDict',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgsDict',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs',
-    'NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict',
-    'NetworkFirewallPolicyWithRulesRuleArgs',
-    'NetworkFirewallPolicyWithRulesRuleArgsDict',
-    'NetworkFirewallPolicyWithRulesRuleMatchArgs',
-    'NetworkFirewallPolicyWithRulesRuleMatchArgsDict',
-    'NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs',
-    'NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgsDict',
-    'NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs',
-    'NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict',
-    'NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs',
-    'NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgsDict',
     'NodeGroupAutoscalingPolicyArgs',
     'NodeGroupAutoscalingPolicyArgsDict',
     'NodeGroupMaintenanceWindowArgs',
@@ -8843,10 +8823,6 @@ if not MYPY:
         """
         A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.
         """
-        resource_policies: NotRequired[pulumi.Input[str]]
-        """
-        A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
-        """
         size: NotRequired[pulumi.Input[int]]
         """
         The size of the image in gigabytes. If not specified, it
@@ -8875,7 +8851,6 @@ class InstanceBootDiskInitializeParamsArgs:
                  provisioned_iops: Optional[pulumi.Input[int]] = None,
                  provisioned_throughput: Optional[pulumi.Input[int]] = None,
                  resource_manager_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 resource_policies: Optional[pulumi.Input[str]] = None,
                  size: Optional[pulumi.Input[int]] = None,
                  storage_pool: Optional[pulumi.Input[str]] = None,
                  type: Optional[pulumi.Input[str]] = None):
@@ -8908,7 +8883,6 @@ class InstanceBootDiskInitializeParamsArgs:
                for an update of throughput every 4 hours. To update your hyperdisk more
                frequently, you'll need to manually delete and recreate it.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] resource_manager_tags: A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.
-        :param pulumi.Input[str] resource_policies: A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
         :param pulumi.Input[int] size: The size of the image in gigabytes. If not specified, it
                will inherit the size of its base image.
         :param pulumi.Input[str] storage_pool: The URL of the storage pool in which the new disk is created.
@@ -8929,8 +8903,6 @@ class InstanceBootDiskInitializeParamsArgs:
             pulumi.set(__self__, "provisioned_throughput", provisioned_throughput)
         if resource_manager_tags is not None:
             pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
-        if resource_policies is not None:
-            pulumi.set(__self__, "resource_policies", resource_policies)
         if size is not None:
             pulumi.set(__self__, "size", size)
         if storage_pool is not None:
@@ -9032,18 +9004,6 @@ class InstanceBootDiskInitializeParamsArgs:
     def resource_manager_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "resource_manager_tags", value)
 
-    @property
-    @pulumi.getter(name="resourcePolicies")
-    def resource_policies(self) -> Optional[pulumi.Input[str]]:
-        """
-        A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
-        """
-        return pulumi.get(self, "resource_policies")
-
-    @resource_policies.setter
-    def resource_policies(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "resource_policies", value)
-
     @property
     @pulumi.getter
     def size(self) -> Optional[pulumi.Input[int]]:
@@ -9558,10 +9518,6 @@ if not MYPY:
         """
         A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.
         """
-        resource_policies: NotRequired[pulumi.Input[str]]
-        """
-        A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
-        """
         size: NotRequired[pulumi.Input[int]]
         """
         The size of the image in gigabytes.
@@ -9586,7 +9542,6 @@ class InstanceFromMachineImageBootDiskInitializeParamsArgs:
                  provisioned_iops: Optional[pulumi.Input[int]] = None,
                  provisioned_throughput: Optional[pulumi.Input[int]] = None,
                  resource_manager_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 resource_policies: Optional[pulumi.Input[str]] = None,
                  size: Optional[pulumi.Input[int]] = None,
                  storage_pool: Optional[pulumi.Input[str]] = None,
                  type: Optional[pulumi.Input[str]] = None):
@@ -9597,7 +9552,6 @@ class InstanceFromMachineImageBootDiskInitializeParamsArgs:
         :param pulumi.Input[int] provisioned_iops: Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.
         :param pulumi.Input[int] provisioned_throughput: Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] resource_manager_tags: A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.
-        :param pulumi.Input[str] resource_policies: A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
         :param pulumi.Input[int] size: The size of the image in gigabytes.
         :param pulumi.Input[str] storage_pool: The URL of the storage pool in which the new disk is created
         :param pulumi.Input[str] type: The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.
@@ -9614,8 +9568,6 @@ class InstanceFromMachineImageBootDiskInitializeParamsArgs:
             pulumi.set(__self__, "provisioned_throughput", provisioned_throughput)
         if resource_manager_tags is not None:
             pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
-        if resource_policies is not None:
-            pulumi.set(__self__, "resource_policies", resource_policies)
         if size is not None:
             pulumi.set(__self__, "size", size)
         if storage_pool is not None:
@@ -9695,18 +9647,6 @@ class InstanceFromMachineImageBootDiskInitializeParamsArgs:
     def resource_manager_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "resource_manager_tags", value)
 
-    @property
-    @pulumi.getter(name="resourcePolicies")
-    def resource_policies(self) -> Optional[pulumi.Input[str]]:
-        """
-        A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
-        """
-        return pulumi.get(self, "resource_policies")
-
-    @resource_policies.setter
-    def resource_policies(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "resource_policies", value)
-
     @property
     @pulumi.getter
     def size(self) -> Optional[pulumi.Input[int]]:
@@ -11684,10 +11624,6 @@ if not MYPY:
         """
         A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.
         """
-        resource_policies: NotRequired[pulumi.Input[str]]
-        """
-        A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
-        """
         size: NotRequired[pulumi.Input[int]]
         """
         The size of the image in gigabytes.
@@ -11712,7 +11648,6 @@ class InstanceFromTemplateBootDiskInitializeParamsArgs:
                  provisioned_iops: Optional[pulumi.Input[int]] = None,
                  provisioned_throughput: Optional[pulumi.Input[int]] = None,
                  resource_manager_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
-                 resource_policies: Optional[pulumi.Input[str]] = None,
                  size: Optional[pulumi.Input[int]] = None,
                  storage_pool: Optional[pulumi.Input[str]] = None,
                  type: Optional[pulumi.Input[str]] = None):
@@ -11723,7 +11658,6 @@ class InstanceFromTemplateBootDiskInitializeParamsArgs:
         :param pulumi.Input[int] provisioned_iops: Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.
         :param pulumi.Input[int] provisioned_throughput: Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] resource_manager_tags: A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.
-        :param pulumi.Input[str] resource_policies: A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
         :param pulumi.Input[int] size: The size of the image in gigabytes.
         :param pulumi.Input[str] storage_pool: The URL of the storage pool in which the new disk is created
         :param pulumi.Input[str] type: The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.
@@ -11740,8 +11674,6 @@ class InstanceFromTemplateBootDiskInitializeParamsArgs:
             pulumi.set(__self__, "provisioned_throughput", provisioned_throughput)
         if resource_manager_tags is not None:
             pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
-        if resource_policies is not None:
-            pulumi.set(__self__, "resource_policies", resource_policies)
         if size is not None:
             pulumi.set(__self__, "size", size)
         if storage_pool is not None:
@@ -11821,18 +11753,6 @@ class InstanceFromTemplateBootDiskInitializeParamsArgs:
     def resource_manager_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]):
         pulumi.set(self, "resource_manager_tags", value)
 
-    @property
-    @pulumi.getter(name="resourcePolicies")
-    def resource_policies(self) -> Optional[pulumi.Input[str]]:
-        """
-        A list of self_links of resource policies to attach to the instance's boot disk. Modifying this list will cause the instance to recreate. Currently a max of 1 resource policy is supported.
-        """
-        return pulumi.get(self, "resource_policies")
-
-    @resource_policies.setter
-    def resource_policies(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "resource_policies", value)
-
     @property
     @pulumi.getter
     def size(self) -> Optional[pulumi.Input[int]]:
@@ -19339,2033 +19259,366 @@ class MachineImageMachineImageEncryptionKeyArgs:
 
     @raw_key.setter
     def raw_key(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "raw_key", value)
-
-    @property
-    @pulumi.getter
-    def sha256(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The RFC 4648 base64 encoded SHA-256 hash of the
-        customer-supplied encryption key that protects this resource.
-        """
-        return pulumi.get(self, "sha256")
-
-    @sha256.setter
-    def sha256(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "sha256", value)
-
-
-if not MYPY:
-    class ManagedSslCertificateManagedArgsDict(TypedDict):
-        domains: pulumi.Input[Sequence[pulumi.Input[str]]]
-        """
-        Domains for which a managed SSL certificate will be valid.  Currently,
-        there can be up to 100 domains in this list.
-        """
-elif False:
-    ManagedSslCertificateManagedArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class ManagedSslCertificateManagedArgs:
-    def __init__(__self__, *,
-                 domains: pulumi.Input[Sequence[pulumi.Input[str]]]):
-        """
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] domains: Domains for which a managed SSL certificate will be valid.  Currently,
-               there can be up to 100 domains in this list.
-        """
-        pulumi.set(__self__, "domains", domains)
-
-    @property
-    @pulumi.getter
-    def domains(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
-        """
-        Domains for which a managed SSL certificate will be valid.  Currently,
-        there can be up to 100 domains in this list.
-        """
-        return pulumi.get(self, "domains")
-
-    @domains.setter
-    def domains(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
-        pulumi.set(self, "domains", value)
-
-
-if not MYPY:
-    class MangedSslCertificateManagedArgsDict(TypedDict):
-        domains: pulumi.Input[Sequence[pulumi.Input[str]]]
-        """
-        Domains for which a managed SSL certificate will be valid.  Currently,
-        there can be up to 100 domains in this list.
-        """
-elif False:
-    MangedSslCertificateManagedArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class MangedSslCertificateManagedArgs:
-    def __init__(__self__, *,
-                 domains: pulumi.Input[Sequence[pulumi.Input[str]]]):
-        """
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] domains: Domains for which a managed SSL certificate will be valid.  Currently,
-               there can be up to 100 domains in this list.
-        """
-        pulumi.set(__self__, "domains", domains)
-
-    @property
-    @pulumi.getter
-    def domains(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
-        """
-        Domains for which a managed SSL certificate will be valid.  Currently,
-        there can be up to 100 domains in this list.
-        """
-        return pulumi.get(self, "domains")
-
-    @domains.setter
-    def domains(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
-        pulumi.set(self, "domains", value)
-
-
-if not MYPY:
-    class NetworkAttachmentConnectionEndpointArgsDict(TypedDict):
-        ip_address: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.
-        """
-        project_id_or_num: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The project id or number of the interface to which the IP was assigned.
-        """
-        secondary_ip_cidr_ranges: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        Alias IP ranges from the same subnetwork.
-        """
-        status: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The status of a connected endpoint to this network attachment.
-        """
-        subnetwork: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The subnetwork used to assign the IP to the producer instance network interface.
-        """
-elif False:
-    NetworkAttachmentConnectionEndpointArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkAttachmentConnectionEndpointArgs:
-    def __init__(__self__, *,
-                 ip_address: Optional[pulumi.Input[str]] = None,
-                 project_id_or_num: Optional[pulumi.Input[str]] = None,
-                 secondary_ip_cidr_ranges: Optional[pulumi.Input[str]] = None,
-                 status: Optional[pulumi.Input[str]] = None,
-                 subnetwork: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] ip_address: (Output)
-               The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.
-        :param pulumi.Input[str] project_id_or_num: (Output)
-               The project id or number of the interface to which the IP was assigned.
-        :param pulumi.Input[str] secondary_ip_cidr_ranges: (Output)
-               Alias IP ranges from the same subnetwork.
-        :param pulumi.Input[str] status: (Output)
-               The status of a connected endpoint to this network attachment.
-        :param pulumi.Input[str] subnetwork: (Output)
-               The subnetwork used to assign the IP to the producer instance network interface.
-        """
-        if ip_address is not None:
-            pulumi.set(__self__, "ip_address", ip_address)
-        if project_id_or_num is not None:
-            pulumi.set(__self__, "project_id_or_num", project_id_or_num)
-        if secondary_ip_cidr_ranges is not None:
-            pulumi.set(__self__, "secondary_ip_cidr_ranges", secondary_ip_cidr_ranges)
-        if status is not None:
-            pulumi.set(__self__, "status", status)
-        if subnetwork is not None:
-            pulumi.set(__self__, "subnetwork", subnetwork)
-
-    @property
-    @pulumi.getter(name="ipAddress")
-    def ip_address(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.
-        """
-        return pulumi.get(self, "ip_address")
-
-    @ip_address.setter
-    def ip_address(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "ip_address", value)
-
-    @property
-    @pulumi.getter(name="projectIdOrNum")
-    def project_id_or_num(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The project id or number of the interface to which the IP was assigned.
-        """
-        return pulumi.get(self, "project_id_or_num")
-
-    @project_id_or_num.setter
-    def project_id_or_num(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "project_id_or_num", value)
-
-    @property
-    @pulumi.getter(name="secondaryIpCidrRanges")
-    def secondary_ip_cidr_ranges(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        Alias IP ranges from the same subnetwork.
-        """
-        return pulumi.get(self, "secondary_ip_cidr_ranges")
-
-    @secondary_ip_cidr_ranges.setter
-    def secondary_ip_cidr_ranges(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "secondary_ip_cidr_ranges", value)
-
-    @property
-    @pulumi.getter
-    def status(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The status of a connected endpoint to this network attachment.
-        """
-        return pulumi.get(self, "status")
-
-    @status.setter
-    def status(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "status", value)
-
-    @property
-    @pulumi.getter
-    def subnetwork(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The subnetwork used to assign the IP to the producer instance network interface.
-        """
-        return pulumi.get(self, "subnetwork")
-
-    @subnetwork.setter
-    def subnetwork(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "subnetwork", value)
-
-
-if not MYPY:
-    class NetworkEndpointListNetworkEndpointArgsDict(TypedDict):
-        ip_address: pulumi.Input[str]
-        """
-        IPv4 address of network endpoint. The IP address must belong
-        to a VM in GCE (either the primary IP or as part of an aliased IP
-        range).
-        """
-        instance: NotRequired[pulumi.Input[str]]
-        """
-        The name for a specific VM instance that the IP address belongs to.
-        This is required for network endpoints of type GCE_VM_IP_PORT.
-        The instance must be in the same zone as the network endpoint group.
-        """
-        port: NotRequired[pulumi.Input[int]]
-        """
-        Port number of network endpoint.
-        **Note** `port` is required unless the Network Endpoint Group is created
-        with the type of `GCE_VM_IP`
-        """
-elif False:
-    NetworkEndpointListNetworkEndpointArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkEndpointListNetworkEndpointArgs:
-    def __init__(__self__, *,
-                 ip_address: pulumi.Input[str],
-                 instance: Optional[pulumi.Input[str]] = None,
-                 port: Optional[pulumi.Input[int]] = None):
-        """
-        :param pulumi.Input[str] ip_address: IPv4 address of network endpoint. The IP address must belong
-               to a VM in GCE (either the primary IP or as part of an aliased IP
-               range).
-        :param pulumi.Input[str] instance: The name for a specific VM instance that the IP address belongs to.
-               This is required for network endpoints of type GCE_VM_IP_PORT.
-               The instance must be in the same zone as the network endpoint group.
-        :param pulumi.Input[int] port: Port number of network endpoint.
-               **Note** `port` is required unless the Network Endpoint Group is created
-               with the type of `GCE_VM_IP`
-        """
-        pulumi.set(__self__, "ip_address", ip_address)
-        if instance is not None:
-            pulumi.set(__self__, "instance", instance)
-        if port is not None:
-            pulumi.set(__self__, "port", port)
-
-    @property
-    @pulumi.getter(name="ipAddress")
-    def ip_address(self) -> pulumi.Input[str]:
-        """
-        IPv4 address of network endpoint. The IP address must belong
-        to a VM in GCE (either the primary IP or as part of an aliased IP
-        range).
-        """
-        return pulumi.get(self, "ip_address")
-
-    @ip_address.setter
-    def ip_address(self, value: pulumi.Input[str]):
-        pulumi.set(self, "ip_address", value)
-
-    @property
-    @pulumi.getter
-    def instance(self) -> Optional[pulumi.Input[str]]:
-        """
-        The name for a specific VM instance that the IP address belongs to.
-        This is required for network endpoints of type GCE_VM_IP_PORT.
-        The instance must be in the same zone as the network endpoint group.
-        """
-        return pulumi.get(self, "instance")
-
-    @instance.setter
-    def instance(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "instance", value)
-
-    @property
-    @pulumi.getter
-    def port(self) -> Optional[pulumi.Input[int]]:
-        """
-        Port number of network endpoint.
-        **Note** `port` is required unless the Network Endpoint Group is created
-        with the type of `GCE_VM_IP`
-        """
-        return pulumi.get(self, "port")
-
-    @port.setter
-    def port(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "port", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyRuleMatchArgsDict(TypedDict):
-        layer4_configs: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgsDict']]]
-        """
-        Pairs of IP protocols and ports that the rule should match.
-        """
-        dest_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.
-        """
-        dest_fqdns: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.
-        """
-        dest_ip_ranges: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
-        """
-        dest_region_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.
-        """
-        dest_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Name of the Google Cloud Threat Intelligence list.
-        """
-        src_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.
-        """
-        src_fqdns: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.
-        """
-        src_ip_ranges: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
-        """
-        src_region_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.
-        """
-        src_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict']]]]
-        """
-        List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE, and there is no <code>srcIpRange</code>, this rule will be ignored. Maximum number of source tag values allowed is 256.
-        """
-        src_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Name of the Google Cloud Threat Intelligence list.
-
-        The `layer4_configs` block supports:
-        """
-elif False:
-    NetworkFirewallPolicyRuleMatchArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyRuleMatchArgs:
-    def __init__(__self__, *,
-                 layer4_configs: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]],
-                 dest_address_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_address_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]]] = None,
-                 src_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
-        """
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]] layer4_configs: Pairs of IP protocols and ports that the rule should match.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_address_groups: Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_fqdns: Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_ip_ranges: CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_region_codes: The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_threat_intelligences: Name of the Google Cloud Threat Intelligence list.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_address_groups: Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_fqdns: Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_ip_ranges: CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_region_codes: The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]] src_secure_tags: List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE, and there is no <code>srcIpRange</code>, this rule will be ignored. Maximum number of source tag values allowed is 256.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_threat_intelligences: Name of the Google Cloud Threat Intelligence list.
-               
-               The `layer4_configs` block supports:
-        """
-        pulumi.set(__self__, "layer4_configs", layer4_configs)
-        if dest_address_groups is not None:
-            pulumi.set(__self__, "dest_address_groups", dest_address_groups)
-        if dest_fqdns is not None:
-            pulumi.set(__self__, "dest_fqdns", dest_fqdns)
-        if dest_ip_ranges is not None:
-            pulumi.set(__self__, "dest_ip_ranges", dest_ip_ranges)
-        if dest_region_codes is not None:
-            pulumi.set(__self__, "dest_region_codes", dest_region_codes)
-        if dest_threat_intelligences is not None:
-            pulumi.set(__self__, "dest_threat_intelligences", dest_threat_intelligences)
-        if src_address_groups is not None:
-            pulumi.set(__self__, "src_address_groups", src_address_groups)
-        if src_fqdns is not None:
-            pulumi.set(__self__, "src_fqdns", src_fqdns)
-        if src_ip_ranges is not None:
-            pulumi.set(__self__, "src_ip_ranges", src_ip_ranges)
-        if src_region_codes is not None:
-            pulumi.set(__self__, "src_region_codes", src_region_codes)
-        if src_secure_tags is not None:
-            pulumi.set(__self__, "src_secure_tags", src_secure_tags)
-        if src_threat_intelligences is not None:
-            pulumi.set(__self__, "src_threat_intelligences", src_threat_intelligences)
-
-    @property
-    @pulumi.getter(name="layer4Configs")
-    def layer4_configs(self) -> pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]]:
-        """
-        Pairs of IP protocols and ports that the rule should match.
-        """
-        return pulumi.get(self, "layer4_configs")
-
-    @layer4_configs.setter
-    def layer4_configs(self, value: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]]):
-        pulumi.set(self, "layer4_configs", value)
-
-    @property
-    @pulumi.getter(name="destAddressGroups")
-    def dest_address_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.
-        """
-        return pulumi.get(self, "dest_address_groups")
-
-    @dest_address_groups.setter
-    def dest_address_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_address_groups", value)
-
-    @property
-    @pulumi.getter(name="destFqdns")
-    def dest_fqdns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.
-        """
-        return pulumi.get(self, "dest_fqdns")
-
-    @dest_fqdns.setter
-    def dest_fqdns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_fqdns", value)
-
-    @property
-    @pulumi.getter(name="destIpRanges")
-    def dest_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
-        """
-        return pulumi.get(self, "dest_ip_ranges")
-
-    @dest_ip_ranges.setter
-    def dest_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_ip_ranges", value)
-
-    @property
-    @pulumi.getter(name="destRegionCodes")
-    def dest_region_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.
-        """
-        return pulumi.get(self, "dest_region_codes")
-
-    @dest_region_codes.setter
-    def dest_region_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_region_codes", value)
-
-    @property
-    @pulumi.getter(name="destThreatIntelligences")
-    def dest_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Name of the Google Cloud Threat Intelligence list.
-        """
-        return pulumi.get(self, "dest_threat_intelligences")
-
-    @dest_threat_intelligences.setter
-    def dest_threat_intelligences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_threat_intelligences", value)
-
-    @property
-    @pulumi.getter(name="srcAddressGroups")
-    def src_address_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.
-        """
-        return pulumi.get(self, "src_address_groups")
-
-    @src_address_groups.setter
-    def src_address_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_address_groups", value)
-
-    @property
-    @pulumi.getter(name="srcFqdns")
-    def src_fqdns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.
-        """
-        return pulumi.get(self, "src_fqdns")
-
-    @src_fqdns.setter
-    def src_fqdns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_fqdns", value)
-
-    @property
-    @pulumi.getter(name="srcIpRanges")
-    def src_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
-        """
-        return pulumi.get(self, "src_ip_ranges")
-
-    @src_ip_ranges.setter
-    def src_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_ip_ranges", value)
-
-    @property
-    @pulumi.getter(name="srcRegionCodes")
-    def src_region_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.
-        """
-        return pulumi.get(self, "src_region_codes")
-
-    @src_region_codes.setter
-    def src_region_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_region_codes", value)
-
-    @property
-    @pulumi.getter(name="srcSecureTags")
-    def src_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]]]:
-        """
-        List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE, and there is no <code>srcIpRange</code>, this rule will be ignored. Maximum number of source tag values allowed is 256.
-        """
-        return pulumi.get(self, "src_secure_tags")
-
-    @src_secure_tags.setter
-    def src_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]]]):
-        pulumi.set(self, "src_secure_tags", value)
-
-    @property
-    @pulumi.getter(name="srcThreatIntelligences")
-    def src_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Name of the Google Cloud Threat Intelligence list.
-
-        The `layer4_configs` block supports:
-        """
-        return pulumi.get(self, "src_threat_intelligences")
-
-    @src_threat_intelligences.setter
-    def src_threat_intelligences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_threat_intelligences", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyRuleMatchLayer4ConfigArgsDict(TypedDict):
-        ip_protocol: pulumi.Input[str]
-        """
-        The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.
-        """
-        ports: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.
-        """
-elif False:
-    NetworkFirewallPolicyRuleMatchLayer4ConfigArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyRuleMatchLayer4ConfigArgs:
-    def __init__(__self__, *,
-                 ip_protocol: pulumi.Input[str],
-                 ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
-        """
-        :param pulumi.Input[str] ip_protocol: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ports: An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.
-        """
-        pulumi.set(__self__, "ip_protocol", ip_protocol)
-        if ports is not None:
-            pulumi.set(__self__, "ports", ports)
-
-    @property
-    @pulumi.getter(name="ipProtocol")
-    def ip_protocol(self) -> pulumi.Input[str]:
-        """
-        The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.
-        """
-        return pulumi.get(self, "ip_protocol")
-
-    @ip_protocol.setter
-    def ip_protocol(self, value: pulumi.Input[str]):
-        pulumi.set(self, "ip_protocol", value)
-
-    @property
-    @pulumi.getter
-    def ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.
-        """
-        return pulumi.get(self, "ports")
-
-    @ports.setter
-    def ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "ports", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict(TypedDict):
-        name: pulumi.Input[str]
-        """
-        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
-        """
-        state: NotRequired[pulumi.Input[str]]
-        """
-        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
-        """
-elif False:
-    NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyRuleMatchSrcSecureTagArgs:
-    def __init__(__self__, *,
-                 name: pulumi.Input[str],
-                 state: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
-        :param pulumi.Input[str] state: [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
-        """
-        pulumi.set(__self__, "name", name)
-        if state is not None:
-            pulumi.set(__self__, "state", state)
-
-    @property
-    @pulumi.getter
-    def name(self) -> pulumi.Input[str]:
-        """
-        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
-        """
-        return pulumi.get(self, "name")
-
-    @name.setter
-    def name(self, value: pulumi.Input[str]):
-        pulumi.set(self, "name", value)
-
-    @property
-    @pulumi.getter
-    def state(self) -> Optional[pulumi.Input[str]]:
-        """
-        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
-        """
-        return pulumi.get(self, "state")
-
-    @state.setter
-    def state(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "state", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyRuleTargetSecureTagArgsDict(TypedDict):
-        name: pulumi.Input[str]
-        """
-        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
-        """
-        state: NotRequired[pulumi.Input[str]]
-        """
-        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
-        """
-elif False:
-    NetworkFirewallPolicyRuleTargetSecureTagArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyRuleTargetSecureTagArgs:
-    def __init__(__self__, *,
-                 name: pulumi.Input[str],
-                 state: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
-        :param pulumi.Input[str] state: [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
-        """
-        pulumi.set(__self__, "name", name)
-        if state is not None:
-            pulumi.set(__self__, "state", state)
-
-    @property
-    @pulumi.getter
-    def name(self) -> pulumi.Input[str]:
-        """
-        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
-        """
-        return pulumi.get(self, "name")
-
-    @name.setter
-    def name(self, value: pulumi.Input[str]):
-        pulumi.set(self, "name", value)
-
-    @property
-    @pulumi.getter
-    def state(self) -> Optional[pulumi.Input[str]]:
-        """
-        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
-        """
-        return pulumi.get(self, "state")
-
-    @state.setter
-    def state(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "state", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyWithRulesPredefinedRuleArgsDict(TypedDict):
-        action: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The Action to perform when the client connection triggers the rule. Can currently be either
-        "allow", "deny", "apply_security_profile_group" or "goto_next".
-        """
-        description: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        A description of the rule.
-        """
-        direction: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The direction in which this rule applies. If unspecified an INGRESS rule is created.
-        """
-        disabled: NotRequired[pulumi.Input[bool]]
-        """
-        (Output)
-        Denotes whether the firewall policy rule is disabled. When set to true,
-        the firewall policy rule is not enforced and traffic behaves as if it did
-        not exist. If this is unspecified, the firewall policy rule will be
-        enabled.
-        """
-        enable_logging: NotRequired[pulumi.Input[bool]]
-        """
-        (Output)
-        Denotes whether to enable logging for a particular rule.
-        If logging is enabled, logs will be exported to the
-        configured export destination in Stackdriver.
-        """
-        matches: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgsDict']]]]
-        """
-        (Output)
-        A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        Structure is documented below.
-        """
-        priority: NotRequired[pulumi.Input[int]]
-        """
-        (Output)
-        An integer indicating the priority of a rule in the list. The priority must be a value
-        between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
-        highest priority and 2147483647 is the lowest priority.
-        """
-        rule_name: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        An optional name for the rule. This field is not a unique identifier
-        and can be updated.
-        """
-        security_profile_group: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        A fully-qualified URL of a SecurityProfile resource instance.
-        Example:
-        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
-        Must be specified if action is 'apply_security_profile_group'.
-        """
-        target_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict']]]]
-        """
-        (Output)
-        A list of secure tags that controls which instances the firewall rule
-        applies to. If <code>targetSecureTag</code> are specified, then the
-        firewall rule applies only to instances in the VPC network that have one
-        of those EFFECTIVE secure tags, if all the target_secure_tag are in
-        INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as
-        <code>targetServiceAccounts</code>.
-        If neither <code>targetServiceAccounts</code> nor
-        <code>targetSecureTag</code> are specified, the firewall rule applies
-        to all instances on the specified network.
-        Maximum number of target label tags allowed is 256.
-        Structure is documented below.
-        """
-        target_service_accounts: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        (Output)
-        A list of service accounts indicating the sets of
-        instances that are applied with this rule.
-        """
-        tls_inspect: NotRequired[pulumi.Input[bool]]
-        """
-        (Output)
-        Boolean flag indicating if the traffic should be TLS decrypted.
-        It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
-        """
-elif False:
-    NetworkFirewallPolicyWithRulesPredefinedRuleArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyWithRulesPredefinedRuleArgs:
-    def __init__(__self__, *,
-                 action: Optional[pulumi.Input[str]] = None,
-                 description: Optional[pulumi.Input[str]] = None,
-                 direction: Optional[pulumi.Input[str]] = None,
-                 disabled: Optional[pulumi.Input[bool]] = None,
-                 enable_logging: Optional[pulumi.Input[bool]] = None,
-                 matches: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgs']]]] = None,
-                 priority: Optional[pulumi.Input[int]] = None,
-                 rule_name: Optional[pulumi.Input[str]] = None,
-                 security_profile_group: Optional[pulumi.Input[str]] = None,
-                 target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]]] = None,
-                 target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 tls_inspect: Optional[pulumi.Input[bool]] = None):
-        """
-        :param pulumi.Input[str] action: (Output)
-               The Action to perform when the client connection triggers the rule. Can currently be either
-               "allow", "deny", "apply_security_profile_group" or "goto_next".
-        :param pulumi.Input[str] description: (Output)
-               A description of the rule.
-        :param pulumi.Input[str] direction: (Output)
-               The direction in which this rule applies. If unspecified an INGRESS rule is created.
-        :param pulumi.Input[bool] disabled: (Output)
-               Denotes whether the firewall policy rule is disabled. When set to true,
-               the firewall policy rule is not enforced and traffic behaves as if it did
-               not exist. If this is unspecified, the firewall policy rule will be
-               enabled.
-        :param pulumi.Input[bool] enable_logging: (Output)
-               Denotes whether to enable logging for a particular rule.
-               If logging is enabled, logs will be exported to the
-               configured export destination in Stackdriver.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgs']]] matches: (Output)
-               A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-               Structure is documented below.
-        :param pulumi.Input[int] priority: (Output)
-               An integer indicating the priority of a rule in the list. The priority must be a value
-               between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
-               highest priority and 2147483647 is the lowest priority.
-        :param pulumi.Input[str] rule_name: (Output)
-               An optional name for the rule. This field is not a unique identifier
-               and can be updated.
-        :param pulumi.Input[str] security_profile_group: (Output)
-               A fully-qualified URL of a SecurityProfile resource instance.
-               Example:
-               https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
-               Must be specified if action is 'apply_security_profile_group'.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]] target_secure_tags: (Output)
-               A list of secure tags that controls which instances the firewall rule
-               applies to. If <code>targetSecureTag</code> are specified, then the
-               firewall rule applies only to instances in the VPC network that have one
-               of those EFFECTIVE secure tags, if all the target_secure_tag are in
-               INEFFECTIVE state, then this rule will be ignored.
-               <code>targetSecureTag</code> may not be set at the same time as
-               <code>targetServiceAccounts</code>.
-               If neither <code>targetServiceAccounts</code> nor
-               <code>targetSecureTag</code> are specified, the firewall rule applies
-               to all instances on the specified network.
-               Maximum number of target label tags allowed is 256.
-               Structure is documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: (Output)
-               A list of service accounts indicating the sets of
-               instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: (Output)
-               Boolean flag indicating if the traffic should be TLS decrypted.
-               It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
-        """
-        if action is not None:
-            pulumi.set(__self__, "action", action)
-        if description is not None:
-            pulumi.set(__self__, "description", description)
-        if direction is not None:
-            pulumi.set(__self__, "direction", direction)
-        if disabled is not None:
-            pulumi.set(__self__, "disabled", disabled)
-        if enable_logging is not None:
-            pulumi.set(__self__, "enable_logging", enable_logging)
-        if matches is not None:
-            pulumi.set(__self__, "matches", matches)
-        if priority is not None:
-            pulumi.set(__self__, "priority", priority)
-        if rule_name is not None:
-            pulumi.set(__self__, "rule_name", rule_name)
-        if security_profile_group is not None:
-            pulumi.set(__self__, "security_profile_group", security_profile_group)
-        if target_secure_tags is not None:
-            pulumi.set(__self__, "target_secure_tags", target_secure_tags)
-        if target_service_accounts is not None:
-            pulumi.set(__self__, "target_service_accounts", target_service_accounts)
-        if tls_inspect is not None:
-            pulumi.set(__self__, "tls_inspect", tls_inspect)
-
-    @property
-    @pulumi.getter
-    def action(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The Action to perform when the client connection triggers the rule. Can currently be either
-        "allow", "deny", "apply_security_profile_group" or "goto_next".
-        """
-        return pulumi.get(self, "action")
-
-    @action.setter
-    def action(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "action", value)
-
-    @property
-    @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        A description of the rule.
-        """
-        return pulumi.get(self, "description")
-
-    @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "description", value)
-
-    @property
-    @pulumi.getter
-    def direction(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The direction in which this rule applies. If unspecified an INGRESS rule is created.
-        """
-        return pulumi.get(self, "direction")
-
-    @direction.setter
-    def direction(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "direction", value)
-
-    @property
-    @pulumi.getter
-    def disabled(self) -> Optional[pulumi.Input[bool]]:
-        """
-        (Output)
-        Denotes whether the firewall policy rule is disabled. When set to true,
-        the firewall policy rule is not enforced and traffic behaves as if it did
-        not exist. If this is unspecified, the firewall policy rule will be
-        enabled.
-        """
-        return pulumi.get(self, "disabled")
-
-    @disabled.setter
-    def disabled(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "disabled", value)
-
-    @property
-    @pulumi.getter(name="enableLogging")
-    def enable_logging(self) -> Optional[pulumi.Input[bool]]:
-        """
-        (Output)
-        Denotes whether to enable logging for a particular rule.
-        If logging is enabled, logs will be exported to the
-        configured export destination in Stackdriver.
-        """
-        return pulumi.get(self, "enable_logging")
-
-    @enable_logging.setter
-    def enable_logging(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "enable_logging", value)
-
-    @property
-    @pulumi.getter
-    def matches(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgs']]]]:
-        """
-        (Output)
-        A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "matches")
-
-    @matches.setter
-    def matches(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgs']]]]):
-        pulumi.set(self, "matches", value)
-
-    @property
-    @pulumi.getter
-    def priority(self) -> Optional[pulumi.Input[int]]:
-        """
-        (Output)
-        An integer indicating the priority of a rule in the list. The priority must be a value
-        between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
-        highest priority and 2147483647 is the lowest priority.
-        """
-        return pulumi.get(self, "priority")
-
-    @priority.setter
-    def priority(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "priority", value)
-
-    @property
-    @pulumi.getter(name="ruleName")
-    def rule_name(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        An optional name for the rule. This field is not a unique identifier
-        and can be updated.
-        """
-        return pulumi.get(self, "rule_name")
-
-    @rule_name.setter
-    def rule_name(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "rule_name", value)
-
-    @property
-    @pulumi.getter(name="securityProfileGroup")
-    def security_profile_group(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        A fully-qualified URL of a SecurityProfile resource instance.
-        Example:
-        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
-        Must be specified if action is 'apply_security_profile_group'.
-        """
-        return pulumi.get(self, "security_profile_group")
-
-    @security_profile_group.setter
-    def security_profile_group(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "security_profile_group", value)
-
-    @property
-    @pulumi.getter(name="targetSecureTags")
-    def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]]]:
-        """
-        (Output)
-        A list of secure tags that controls which instances the firewall rule
-        applies to. If <code>targetSecureTag</code> are specified, then the
-        firewall rule applies only to instances in the VPC network that have one
-        of those EFFECTIVE secure tags, if all the target_secure_tag are in
-        INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as
-        <code>targetServiceAccounts</code>.
-        If neither <code>targetServiceAccounts</code> nor
-        <code>targetSecureTag</code> are specified, the firewall rule applies
-        to all instances on the specified network.
-        Maximum number of target label tags allowed is 256.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "target_secure_tags")
-
-    @target_secure_tags.setter
-    def target_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]]]):
-        pulumi.set(self, "target_secure_tags", value)
-
-    @property
-    @pulumi.getter(name="targetServiceAccounts")
-    def target_service_accounts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        (Output)
-        A list of service accounts indicating the sets of
-        instances that are applied with this rule.
-        """
-        return pulumi.get(self, "target_service_accounts")
-
-    @target_service_accounts.setter
-    def target_service_accounts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "target_service_accounts", value)
-
-    @property
-    @pulumi.getter(name="tlsInspect")
-    def tls_inspect(self) -> Optional[pulumi.Input[bool]]:
-        """
-        (Output)
-        Boolean flag indicating if the traffic should be TLS decrypted.
-        It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
-        """
-        return pulumi.get(self, "tls_inspect")
-
-    @tls_inspect.setter
-    def tls_inspect(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "tls_inspect", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgsDict(TypedDict):
-        dest_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Address groups which should be matched against the traffic destination.
-        Maximum number of destination address groups is 10.
-        """
-        dest_fqdns: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic destination. Maximum number of destination fqdn allowed is 100.
-        """
-        dest_ip_ranges: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Destination IP address range in CIDR format. Required for
-        EGRESS rules.
-        """
-        dest_region_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Region codes whose IP addresses will be used to match for destination
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of destination region codes allowed is 5000.
-        """
-        dest_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic destination.
-        """
-        layer4_configs: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgsDict']]]]
-        """
-        Pairs of IP protocols and ports that the rule should match.
-        Structure is documented below.
-        """
-        src_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Address groups which should be matched against the traffic source.
-        Maximum number of source address groups is 10.
-        """
-        src_fqdns: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic source. Maximum number of source fqdn allowed is 100.
-        """
-        src_ip_ranges: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Source IP address range in CIDR format. Required for
-        INGRESS rules.
-        """
-        src_region_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Region codes whose IP addresses will be used to match for source
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of source region codes allowed is 5000.
-        """
-        src_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict']]]]
-        """
-        List of secure tag values, which should be matched at the source
-        of the traffic.
-        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
-        and there is no <code>srcIpRange</code>, this rule will be ignored.
-        Maximum number of source tag values allowed is 256.
-        Structure is documented below.
-
-
-        <a name="nested_layer4_config"></a>The `layer4_config` block supports:
-        """
-        src_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic source.
-        """
-elif False:
-    NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyWithRulesPredefinedRuleMatchArgs:
-    def __init__(__self__, *,
-                 dest_address_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 dest_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 layer4_configs: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs']]]] = None,
-                 src_address_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]]] = None,
-                 src_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
-        """
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_address_groups: Address groups which should be matched against the traffic destination.
-               Maximum number of destination address groups is 10.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
-               traffic destination. Maximum number of destination fqdn allowed is 100.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_ip_ranges: Destination IP address range in CIDR format. Required for
-               EGRESS rules.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_region_codes: Region codes whose IP addresses will be used to match for destination
-               of traffic. Should be specified as 2 letter country code defined as per
-               ISO 3166 alpha-2 country codes. ex."US"
-               Maximum number of destination region codes allowed is 5000.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_threat_intelligences: Names of Network Threat Intelligence lists.
-               The IPs in these lists will be matched against traffic destination.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs']]] layer4_configs: Pairs of IP protocols and ports that the rule should match.
-               Structure is documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_address_groups: Address groups which should be matched against the traffic source.
-               Maximum number of source address groups is 10.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
-               traffic source. Maximum number of source fqdn allowed is 100.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_ip_ranges: Source IP address range in CIDR format. Required for
-               INGRESS rules.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_region_codes: Region codes whose IP addresses will be used to match for source
-               of traffic. Should be specified as 2 letter country code defined as per
-               ISO 3166 alpha-2 country codes. ex."US"
-               Maximum number of source region codes allowed is 5000.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]] src_secure_tags: List of secure tag values, which should be matched at the source
-               of the traffic.
-               For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
-               and there is no <code>srcIpRange</code>, this rule will be ignored.
-               Maximum number of source tag values allowed is 256.
-               Structure is documented below.
-               
-               
-               <a name="nested_layer4_config"></a>The `layer4_config` block supports:
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_threat_intelligences: Names of Network Threat Intelligence lists.
-               The IPs in these lists will be matched against traffic source.
-        """
-        if dest_address_groups is not None:
-            pulumi.set(__self__, "dest_address_groups", dest_address_groups)
-        if dest_fqdns is not None:
-            pulumi.set(__self__, "dest_fqdns", dest_fqdns)
-        if dest_ip_ranges is not None:
-            pulumi.set(__self__, "dest_ip_ranges", dest_ip_ranges)
-        if dest_region_codes is not None:
-            pulumi.set(__self__, "dest_region_codes", dest_region_codes)
-        if dest_threat_intelligences is not None:
-            pulumi.set(__self__, "dest_threat_intelligences", dest_threat_intelligences)
-        if layer4_configs is not None:
-            pulumi.set(__self__, "layer4_configs", layer4_configs)
-        if src_address_groups is not None:
-            pulumi.set(__self__, "src_address_groups", src_address_groups)
-        if src_fqdns is not None:
-            pulumi.set(__self__, "src_fqdns", src_fqdns)
-        if src_ip_ranges is not None:
-            pulumi.set(__self__, "src_ip_ranges", src_ip_ranges)
-        if src_region_codes is not None:
-            pulumi.set(__self__, "src_region_codes", src_region_codes)
-        if src_secure_tags is not None:
-            pulumi.set(__self__, "src_secure_tags", src_secure_tags)
-        if src_threat_intelligences is not None:
-            pulumi.set(__self__, "src_threat_intelligences", src_threat_intelligences)
-
-    @property
-    @pulumi.getter(name="destAddressGroups")
-    def dest_address_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Address groups which should be matched against the traffic destination.
-        Maximum number of destination address groups is 10.
-        """
-        return pulumi.get(self, "dest_address_groups")
-
-    @dest_address_groups.setter
-    def dest_address_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_address_groups", value)
-
-    @property
-    @pulumi.getter(name="destFqdns")
-    def dest_fqdns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic destination. Maximum number of destination fqdn allowed is 100.
-        """
-        return pulumi.get(self, "dest_fqdns")
-
-    @dest_fqdns.setter
-    def dest_fqdns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_fqdns", value)
-
-    @property
-    @pulumi.getter(name="destIpRanges")
-    def dest_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Destination IP address range in CIDR format. Required for
-        EGRESS rules.
-        """
-        return pulumi.get(self, "dest_ip_ranges")
-
-    @dest_ip_ranges.setter
-    def dest_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_ip_ranges", value)
-
-    @property
-    @pulumi.getter(name="destRegionCodes")
-    def dest_region_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Region codes whose IP addresses will be used to match for destination
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of destination region codes allowed is 5000.
-        """
-        return pulumi.get(self, "dest_region_codes")
-
-    @dest_region_codes.setter
-    def dest_region_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_region_codes", value)
-
-    @property
-    @pulumi.getter(name="destThreatIntelligences")
-    def dest_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic destination.
-        """
-        return pulumi.get(self, "dest_threat_intelligences")
-
-    @dest_threat_intelligences.setter
-    def dest_threat_intelligences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "dest_threat_intelligences", value)
-
-    @property
-    @pulumi.getter(name="layer4Configs")
-    def layer4_configs(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs']]]]:
-        """
-        Pairs of IP protocols and ports that the rule should match.
-        Structure is documented below.
-        """
-        return pulumi.get(self, "layer4_configs")
-
-    @layer4_configs.setter
-    def layer4_configs(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs']]]]):
-        pulumi.set(self, "layer4_configs", value)
-
-    @property
-    @pulumi.getter(name="srcAddressGroups")
-    def src_address_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Address groups which should be matched against the traffic source.
-        Maximum number of source address groups is 10.
-        """
-        return pulumi.get(self, "src_address_groups")
-
-    @src_address_groups.setter
-    def src_address_groups(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_address_groups", value)
-
-    @property
-    @pulumi.getter(name="srcFqdns")
-    def src_fqdns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic source. Maximum number of source fqdn allowed is 100.
-        """
-        return pulumi.get(self, "src_fqdns")
-
-    @src_fqdns.setter
-    def src_fqdns(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_fqdns", value)
-
-    @property
-    @pulumi.getter(name="srcIpRanges")
-    def src_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Source IP address range in CIDR format. Required for
-        INGRESS rules.
-        """
-        return pulumi.get(self, "src_ip_ranges")
-
-    @src_ip_ranges.setter
-    def src_ip_ranges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_ip_ranges", value)
-
-    @property
-    @pulumi.getter(name="srcRegionCodes")
-    def src_region_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Region codes whose IP addresses will be used to match for source
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of source region codes allowed is 5000.
-        """
-        return pulumi.get(self, "src_region_codes")
-
-    @src_region_codes.setter
-    def src_region_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_region_codes", value)
-
-    @property
-    @pulumi.getter(name="srcSecureTags")
-    def src_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]]]:
-        """
-        List of secure tag values, which should be matched at the source
-        of the traffic.
-        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
-        and there is no <code>srcIpRange</code>, this rule will be ignored.
-        Maximum number of source tag values allowed is 256.
-        Structure is documented below.
-
-
-        <a name="nested_layer4_config"></a>The `layer4_config` block supports:
-        """
-        return pulumi.get(self, "src_secure_tags")
-
-    @src_secure_tags.setter
-    def src_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]]]):
-        pulumi.set(self, "src_secure_tags", value)
-
-    @property
-    @pulumi.getter(name="srcThreatIntelligences")
-    def src_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic source.
-        """
-        return pulumi.get(self, "src_threat_intelligences")
-
-    @src_threat_intelligences.setter
-    def src_threat_intelligences(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "src_threat_intelligences", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgsDict(TypedDict):
-        ip_protocol: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The IP protocol to which this rule applies. The protocol
-        type is required when creating a firewall rule.
-        This value can either be one of the following well
-        known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
-        or the IP protocol number.
-        """
-        ports: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
-        """
-        (Output)
-        An optional list of ports to which this rule applies. This field
-        is only applicable for UDP or TCP protocol. Each entry must be
-        either an integer or a range. If not specified, this rule
-        applies to connections through any port.
-        Example inputs include: ["22"], ["80","443"], and
-        ["12345-12349"].
-        """
-elif False:
-    NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs:
-    def __init__(__self__, *,
-                 ip_protocol: Optional[pulumi.Input[str]] = None,
-                 ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
-        """
-        :param pulumi.Input[str] ip_protocol: (Output)
-               The IP protocol to which this rule applies. The protocol
-               type is required when creating a firewall rule.
-               This value can either be one of the following well
-               known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
-               or the IP protocol number.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ports: (Output)
-               An optional list of ports to which this rule applies. This field
-               is only applicable for UDP or TCP protocol. Each entry must be
-               either an integer or a range. If not specified, this rule
-               applies to connections through any port.
-               Example inputs include: ["22"], ["80","443"], and
-               ["12345-12349"].
-        """
-        if ip_protocol is not None:
-            pulumi.set(__self__, "ip_protocol", ip_protocol)
-        if ports is not None:
-            pulumi.set(__self__, "ports", ports)
-
-    @property
-    @pulumi.getter(name="ipProtocol")
-    def ip_protocol(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The IP protocol to which this rule applies. The protocol
-        type is required when creating a firewall rule.
-        This value can either be one of the following well
-        known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
-        or the IP protocol number.
-        """
-        return pulumi.get(self, "ip_protocol")
-
-    @ip_protocol.setter
-    def ip_protocol(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "ip_protocol", value)
-
-    @property
-    @pulumi.getter
-    def ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
-        """
-        (Output)
-        An optional list of ports to which this rule applies. This field
-        is only applicable for UDP or TCP protocol. Each entry must be
-        either an integer or a range. If not specified, this rule
-        applies to connections through any port.
-        Example inputs include: ["22"], ["80","443"], and
-        ["12345-12349"].
-        """
-        return pulumi.get(self, "ports")
-
-    @ports.setter
-    def ports(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "ports", value)
-
-
-if not MYPY:
-    class NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict(TypedDict):
-        name: NotRequired[pulumi.Input[str]]
-        """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
-        """
-        state: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
-        """
-elif False:
-    NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict: TypeAlias = Mapping[str, Any]
-
-@pulumi.input_type
-class NetworkFirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs:
-    def __init__(__self__, *,
-                 name: Optional[pulumi.Input[str]] = None,
-                 state: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API.
-               @pattern tagValues/[0-9]+
-        :param pulumi.Input[str] state: (Output)
-               [Output Only] State of the secure tag, either `EFFECTIVE` or
-               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-               or its network is deleted.
-        """
-        if name is not None:
-            pulumi.set(__self__, "name", name)
-        if state is not None:
-            pulumi.set(__self__, "state", state)
-
-    @property
-    @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
-        """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
-        """
-        return pulumi.get(self, "name")
-
-    @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "name", value)
+        pulumi.set(self, "raw_key", value)
 
     @property
     @pulumi.getter
-    def state(self) -> Optional[pulumi.Input[str]]:
+    def sha256(self) -> Optional[pulumi.Input[str]]:
         """
         (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
+        The RFC 4648 base64 encoded SHA-256 hash of the
+        customer-supplied encryption key that protects this resource.
         """
-        return pulumi.get(self, "state")
+        return pulumi.get(self, "sha256")
 
-    @state.setter
-    def state(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "state", value)
+    @sha256.setter
+    def sha256(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "sha256", value)
 
 
 if not MYPY:
-    class NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict(TypedDict):
-        name: NotRequired[pulumi.Input[str]]
-        """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
-        """
-        state: NotRequired[pulumi.Input[str]]
+    class ManagedSslCertificateManagedArgsDict(TypedDict):
+        domains: pulumi.Input[Sequence[pulumi.Input[str]]]
         """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
-
-        - - -
+        Domains for which a managed SSL certificate will be valid.  Currently,
+        there can be up to 100 domains in this list.
         """
 elif False:
-    NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+    ManagedSslCertificateManagedArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
-class NetworkFirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs:
+class ManagedSslCertificateManagedArgs:
     def __init__(__self__, *,
-                 name: Optional[pulumi.Input[str]] = None,
-                 state: Optional[pulumi.Input[str]] = None):
-        """
-        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API.
-               @pattern tagValues/[0-9]+
-        :param pulumi.Input[str] state: (Output)
-               [Output Only] State of the secure tag, either `EFFECTIVE` or
-               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-               or its network is deleted.
-               
-               - - -
-        """
-        if name is not None:
-            pulumi.set(__self__, "name", name)
-        if state is not None:
-            pulumi.set(__self__, "state", state)
-
-    @property
-    @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+                 domains: pulumi.Input[Sequence[pulumi.Input[str]]]):
         """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] domains: Domains for which a managed SSL certificate will be valid.  Currently,
+               there can be up to 100 domains in this list.
         """
-        return pulumi.get(self, "name")
-
-    @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "name", value)
+        pulumi.set(__self__, "domains", domains)
 
     @property
     @pulumi.getter
-    def state(self) -> Optional[pulumi.Input[str]]:
+    def domains(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
         """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
-
-        - - -
+        Domains for which a managed SSL certificate will be valid.  Currently,
+        there can be up to 100 domains in this list.
         """
-        return pulumi.get(self, "state")
+        return pulumi.get(self, "domains")
 
-    @state.setter
-    def state(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "state", value)
+    @domains.setter
+    def domains(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "domains", value)
 
 
 if not MYPY:
-    class NetworkFirewallPolicyWithRulesRuleArgsDict(TypedDict):
-        action: pulumi.Input[str]
-        """
-        The Action to perform when the client connection triggers the rule. Can currently be either
-        "allow", "deny", "apply_security_profile_group" or "goto_next".
-        """
-        match: pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchArgsDict']
-        """
-        A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        Structure is documented below.
-        """
-        priority: pulumi.Input[int]
-        """
-        An integer indicating the priority of a rule in the list. The priority must be a value
-        between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
-        highest priority and 2147483647 is the lowest priority.
-        """
-        description: NotRequired[pulumi.Input[str]]
-        """
-        A description of the rule.
-        """
-        direction: NotRequired[pulumi.Input[str]]
+    class MangedSslCertificateManagedArgsDict(TypedDict):
+        domains: pulumi.Input[Sequence[pulumi.Input[str]]]
         """
-        The direction in which this rule applies. If unspecified an INGRESS rule is created.
-        Possible values are: `INGRESS`, `EGRESS`.
+        Domains for which a managed SSL certificate will be valid.  Currently,
+        there can be up to 100 domains in this list.
         """
-        disabled: NotRequired[pulumi.Input[bool]]
+elif False:
+    MangedSslCertificateManagedArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class MangedSslCertificateManagedArgs:
+    def __init__(__self__, *,
+                 domains: pulumi.Input[Sequence[pulumi.Input[str]]]):
         """
-        Denotes whether the firewall policy rule is disabled. When set to true,
-        the firewall policy rule is not enforced and traffic behaves as if it did
-        not exist. If this is unspecified, the firewall policy rule will be
-        enabled.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] domains: Domains for which a managed SSL certificate will be valid.  Currently,
+               there can be up to 100 domains in this list.
         """
-        enable_logging: NotRequired[pulumi.Input[bool]]
+        pulumi.set(__self__, "domains", domains)
+
+    @property
+    @pulumi.getter
+    def domains(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
         """
-        Denotes whether to enable logging for a particular rule.
-        If logging is enabled, logs will be exported to the
-        configured export destination in Stackdriver.
+        Domains for which a managed SSL certificate will be valid.  Currently,
+        there can be up to 100 domains in this list.
         """
-        rule_name: NotRequired[pulumi.Input[str]]
+        return pulumi.get(self, "domains")
+
+    @domains.setter
+    def domains(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
+        pulumi.set(self, "domains", value)
+
+
+if not MYPY:
+    class NetworkAttachmentConnectionEndpointArgsDict(TypedDict):
+        ip_address: NotRequired[pulumi.Input[str]]
         """
-        An optional name for the rule. This field is not a unique identifier
-        and can be updated.
+        (Output)
+        The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.
         """
-        security_profile_group: NotRequired[pulumi.Input[str]]
+        project_id_or_num: NotRequired[pulumi.Input[str]]
         """
-        A fully-qualified URL of a SecurityProfile resource instance.
-        Example:
-        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
-        Must be specified if action is 'apply_security_profile_group'.
+        (Output)
+        The project id or number of the interface to which the IP was assigned.
         """
-        target_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgsDict']]]]
+        secondary_ip_cidr_ranges: NotRequired[pulumi.Input[str]]
         """
-        A list of secure tags that controls which instances the firewall rule
-        applies to. If <code>targetSecureTag</code> are specified, then the
-        firewall rule applies only to instances in the VPC network that have one
-        of those EFFECTIVE secure tags, if all the target_secure_tag are in
-        INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as
-        <code>targetServiceAccounts</code>.
-        If neither <code>targetServiceAccounts</code> nor
-        <code>targetSecureTag</code> are specified, the firewall rule applies
-        to all instances on the specified network.
-        Maximum number of target label tags allowed is 256.
-        Structure is documented below.
+        (Output)
+        Alias IP ranges from the same subnetwork.
         """
-        target_service_accounts: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        status: NotRequired[pulumi.Input[str]]
         """
-        A list of service accounts indicating the sets of
-        instances that are applied with this rule.
+        (Output)
+        The status of a connected endpoint to this network attachment.
         """
-        tls_inspect: NotRequired[pulumi.Input[bool]]
+        subnetwork: NotRequired[pulumi.Input[str]]
         """
-        Boolean flag indicating if the traffic should be TLS decrypted.
-        It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
+        (Output)
+        The subnetwork used to assign the IP to the producer instance network interface.
         """
 elif False:
-    NetworkFirewallPolicyWithRulesRuleArgsDict: TypeAlias = Mapping[str, Any]
+    NetworkAttachmentConnectionEndpointArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
-class NetworkFirewallPolicyWithRulesRuleArgs:
+class NetworkAttachmentConnectionEndpointArgs:
     def __init__(__self__, *,
-                 action: pulumi.Input[str],
-                 match: pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchArgs'],
-                 priority: pulumi.Input[int],
-                 description: Optional[pulumi.Input[str]] = None,
-                 direction: Optional[pulumi.Input[str]] = None,
-                 disabled: Optional[pulumi.Input[bool]] = None,
-                 enable_logging: Optional[pulumi.Input[bool]] = None,
-                 rule_name: Optional[pulumi.Input[str]] = None,
-                 security_profile_group: Optional[pulumi.Input[str]] = None,
-                 target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs']]]] = None,
-                 target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 tls_inspect: Optional[pulumi.Input[bool]] = None):
-        """
-        :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Can currently be either
-               "allow", "deny", "apply_security_profile_group" or "goto_next".
-        :param pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchArgs'] match: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-               Structure is documented below.
-        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list. The priority must be a value
-               between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
-               highest priority and 2147483647 is the lowest priority.
-        :param pulumi.Input[str] description: A description of the rule.
-        :param pulumi.Input[str] direction: The direction in which this rule applies. If unspecified an INGRESS rule is created.
-               Possible values are: `INGRESS`, `EGRESS`.
-        :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true,
-               the firewall policy rule is not enforced and traffic behaves as if it did
-               not exist. If this is unspecified, the firewall policy rule will be
-               enabled.
-        :param pulumi.Input[bool] enable_logging: Denotes whether to enable logging for a particular rule.
-               If logging is enabled, logs will be exported to the
-               configured export destination in Stackdriver.
-        :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier
-               and can be updated.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfile resource instance.
-               Example:
-               https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
-               Must be specified if action is 'apply_security_profile_group'.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule
-               applies to. If <code>targetSecureTag</code> are specified, then the
-               firewall rule applies only to instances in the VPC network that have one
-               of those EFFECTIVE secure tags, if all the target_secure_tag are in
-               INEFFECTIVE state, then this rule will be ignored.
-               <code>targetSecureTag</code> may not be set at the same time as
-               <code>targetServiceAccounts</code>.
-               If neither <code>targetServiceAccounts</code> nor
-               <code>targetSecureTag</code> are specified, the firewall rule applies
-               to all instances on the specified network.
-               Maximum number of target label tags allowed is 256.
-               Structure is documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of
-               instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted.
-               It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
+                 ip_address: Optional[pulumi.Input[str]] = None,
+                 project_id_or_num: Optional[pulumi.Input[str]] = None,
+                 secondary_ip_cidr_ranges: Optional[pulumi.Input[str]] = None,
+                 status: Optional[pulumi.Input[str]] = None,
+                 subnetwork: Optional[pulumi.Input[str]] = None):
         """
-        pulumi.set(__self__, "action", action)
-        pulumi.set(__self__, "match", match)
-        pulumi.set(__self__, "priority", priority)
-        if description is not None:
-            pulumi.set(__self__, "description", description)
-        if direction is not None:
-            pulumi.set(__self__, "direction", direction)
-        if disabled is not None:
-            pulumi.set(__self__, "disabled", disabled)
-        if enable_logging is not None:
-            pulumi.set(__self__, "enable_logging", enable_logging)
-        if rule_name is not None:
-            pulumi.set(__self__, "rule_name", rule_name)
-        if security_profile_group is not None:
-            pulumi.set(__self__, "security_profile_group", security_profile_group)
-        if target_secure_tags is not None:
-            pulumi.set(__self__, "target_secure_tags", target_secure_tags)
-        if target_service_accounts is not None:
-            pulumi.set(__self__, "target_service_accounts", target_service_accounts)
-        if tls_inspect is not None:
-            pulumi.set(__self__, "tls_inspect", tls_inspect)
+        :param pulumi.Input[str] ip_address: (Output)
+               The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.
+        :param pulumi.Input[str] project_id_or_num: (Output)
+               The project id or number of the interface to which the IP was assigned.
+        :param pulumi.Input[str] secondary_ip_cidr_ranges: (Output)
+               Alias IP ranges from the same subnetwork.
+        :param pulumi.Input[str] status: (Output)
+               The status of a connected endpoint to this network attachment.
+        :param pulumi.Input[str] subnetwork: (Output)
+               The subnetwork used to assign the IP to the producer instance network interface.
+        """
+        if ip_address is not None:
+            pulumi.set(__self__, "ip_address", ip_address)
+        if project_id_or_num is not None:
+            pulumi.set(__self__, "project_id_or_num", project_id_or_num)
+        if secondary_ip_cidr_ranges is not None:
+            pulumi.set(__self__, "secondary_ip_cidr_ranges", secondary_ip_cidr_ranges)
+        if status is not None:
+            pulumi.set(__self__, "status", status)
+        if subnetwork is not None:
+            pulumi.set(__self__, "subnetwork", subnetwork)
 
     @property
-    @pulumi.getter
-    def action(self) -> pulumi.Input[str]:
+    @pulumi.getter(name="ipAddress")
+    def ip_address(self) -> Optional[pulumi.Input[str]]:
         """
-        The Action to perform when the client connection triggers the rule. Can currently be either
-        "allow", "deny", "apply_security_profile_group" or "goto_next".
+        (Output)
+        The IPv4 address assigned to the producer instance network interface. This value will be a range in case of Serverless.
         """
-        return pulumi.get(self, "action")
+        return pulumi.get(self, "ip_address")
 
-    @action.setter
-    def action(self, value: pulumi.Input[str]):
-        pulumi.set(self, "action", value)
+    @ip_address.setter
+    def ip_address(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "ip_address", value)
 
     @property
-    @pulumi.getter
-    def match(self) -> pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchArgs']:
+    @pulumi.getter(name="projectIdOrNum")
+    def project_id_or_num(self) -> Optional[pulumi.Input[str]]:
         """
-        A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        Structure is documented below.
+        (Output)
+        The project id or number of the interface to which the IP was assigned.
         """
-        return pulumi.get(self, "match")
+        return pulumi.get(self, "project_id_or_num")
 
-    @match.setter
-    def match(self, value: pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchArgs']):
-        pulumi.set(self, "match", value)
+    @project_id_or_num.setter
+    def project_id_or_num(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "project_id_or_num", value)
 
     @property
-    @pulumi.getter
-    def priority(self) -> pulumi.Input[int]:
+    @pulumi.getter(name="secondaryIpCidrRanges")
+    def secondary_ip_cidr_ranges(self) -> Optional[pulumi.Input[str]]:
         """
-        An integer indicating the priority of a rule in the list. The priority must be a value
-        between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
-        highest priority and 2147483647 is the lowest priority.
+        (Output)
+        Alias IP ranges from the same subnetwork.
         """
-        return pulumi.get(self, "priority")
+        return pulumi.get(self, "secondary_ip_cidr_ranges")
 
-    @priority.setter
-    def priority(self, value: pulumi.Input[int]):
-        pulumi.set(self, "priority", value)
+    @secondary_ip_cidr_ranges.setter
+    def secondary_ip_cidr_ranges(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "secondary_ip_cidr_ranges", value)
 
     @property
     @pulumi.getter
-    def description(self) -> Optional[pulumi.Input[str]]:
+    def status(self) -> Optional[pulumi.Input[str]]:
         """
-        A description of the rule.
+        (Output)
+        The status of a connected endpoint to this network attachment.
         """
-        return pulumi.get(self, "description")
+        return pulumi.get(self, "status")
 
-    @description.setter
-    def description(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "description", value)
+    @status.setter
+    def status(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "status", value)
 
     @property
     @pulumi.getter
-    def direction(self) -> Optional[pulumi.Input[str]]:
+    def subnetwork(self) -> Optional[pulumi.Input[str]]:
         """
-        The direction in which this rule applies. If unspecified an INGRESS rule is created.
-        Possible values are: `INGRESS`, `EGRESS`.
+        (Output)
+        The subnetwork used to assign the IP to the producer instance network interface.
         """
-        return pulumi.get(self, "direction")
+        return pulumi.get(self, "subnetwork")
 
-    @direction.setter
-    def direction(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "direction", value)
+    @subnetwork.setter
+    def subnetwork(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "subnetwork", value)
 
-    @property
-    @pulumi.getter
-    def disabled(self) -> Optional[pulumi.Input[bool]]:
+
+if not MYPY:
+    class NetworkEndpointListNetworkEndpointArgsDict(TypedDict):
+        ip_address: pulumi.Input[str]
         """
-        Denotes whether the firewall policy rule is disabled. When set to true,
-        the firewall policy rule is not enforced and traffic behaves as if it did
-        not exist. If this is unspecified, the firewall policy rule will be
-        enabled.
+        IPv4 address of network endpoint. The IP address must belong
+        to a VM in GCE (either the primary IP or as part of an aliased IP
+        range).
         """
-        return pulumi.get(self, "disabled")
-
-    @disabled.setter
-    def disabled(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "disabled", value)
-
-    @property
-    @pulumi.getter(name="enableLogging")
-    def enable_logging(self) -> Optional[pulumi.Input[bool]]:
+        instance: NotRequired[pulumi.Input[str]]
         """
-        Denotes whether to enable logging for a particular rule.
-        If logging is enabled, logs will be exported to the
-        configured export destination in Stackdriver.
+        The name for a specific VM instance that the IP address belongs to.
+        This is required for network endpoints of type GCE_VM_IP_PORT.
+        The instance must be in the same zone as the network endpoint group.
         """
-        return pulumi.get(self, "enable_logging")
-
-    @enable_logging.setter
-    def enable_logging(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "enable_logging", value)
-
-    @property
-    @pulumi.getter(name="ruleName")
-    def rule_name(self) -> Optional[pulumi.Input[str]]:
+        port: NotRequired[pulumi.Input[int]]
         """
-        An optional name for the rule. This field is not a unique identifier
-        and can be updated.
+        Port number of network endpoint.
+        **Note** `port` is required unless the Network Endpoint Group is created
+        with the type of `GCE_VM_IP`
         """
-        return pulumi.get(self, "rule_name")
-
-    @rule_name.setter
-    def rule_name(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "rule_name", value)
+elif False:
+    NetworkEndpointListNetworkEndpointArgsDict: TypeAlias = Mapping[str, Any]
 
-    @property
-    @pulumi.getter(name="securityProfileGroup")
-    def security_profile_group(self) -> Optional[pulumi.Input[str]]:
+@pulumi.input_type
+class NetworkEndpointListNetworkEndpointArgs:
+    def __init__(__self__, *,
+                 ip_address: pulumi.Input[str],
+                 instance: Optional[pulumi.Input[str]] = None,
+                 port: Optional[pulumi.Input[int]] = None):
         """
-        A fully-qualified URL of a SecurityProfile resource instance.
-        Example:
-        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
-        Must be specified if action is 'apply_security_profile_group'.
+        :param pulumi.Input[str] ip_address: IPv4 address of network endpoint. The IP address must belong
+               to a VM in GCE (either the primary IP or as part of an aliased IP
+               range).
+        :param pulumi.Input[str] instance: The name for a specific VM instance that the IP address belongs to.
+               This is required for network endpoints of type GCE_VM_IP_PORT.
+               The instance must be in the same zone as the network endpoint group.
+        :param pulumi.Input[int] port: Port number of network endpoint.
+               **Note** `port` is required unless the Network Endpoint Group is created
+               with the type of `GCE_VM_IP`
         """
-        return pulumi.get(self, "security_profile_group")
-
-    @security_profile_group.setter
-    def security_profile_group(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "security_profile_group", value)
+        pulumi.set(__self__, "ip_address", ip_address)
+        if instance is not None:
+            pulumi.set(__self__, "instance", instance)
+        if port is not None:
+            pulumi.set(__self__, "port", port)
 
     @property
-    @pulumi.getter(name="targetSecureTags")
-    def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs']]]]:
+    @pulumi.getter(name="ipAddress")
+    def ip_address(self) -> pulumi.Input[str]:
         """
-        A list of secure tags that controls which instances the firewall rule
-        applies to. If <code>targetSecureTag</code> are specified, then the
-        firewall rule applies only to instances in the VPC network that have one
-        of those EFFECTIVE secure tags, if all the target_secure_tag are in
-        INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as
-        <code>targetServiceAccounts</code>.
-        If neither <code>targetServiceAccounts</code> nor
-        <code>targetSecureTag</code> are specified, the firewall rule applies
-        to all instances on the specified network.
-        Maximum number of target label tags allowed is 256.
-        Structure is documented below.
+        IPv4 address of network endpoint. The IP address must belong
+        to a VM in GCE (either the primary IP or as part of an aliased IP
+        range).
         """
-        return pulumi.get(self, "target_secure_tags")
+        return pulumi.get(self, "ip_address")
 
-    @target_secure_tags.setter
-    def target_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs']]]]):
-        pulumi.set(self, "target_secure_tags", value)
+    @ip_address.setter
+    def ip_address(self, value: pulumi.Input[str]):
+        pulumi.set(self, "ip_address", value)
 
     @property
-    @pulumi.getter(name="targetServiceAccounts")
-    def target_service_accounts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+    @pulumi.getter
+    def instance(self) -> Optional[pulumi.Input[str]]:
         """
-        A list of service accounts indicating the sets of
-        instances that are applied with this rule.
+        The name for a specific VM instance that the IP address belongs to.
+        This is required for network endpoints of type GCE_VM_IP_PORT.
+        The instance must be in the same zone as the network endpoint group.
         """
-        return pulumi.get(self, "target_service_accounts")
+        return pulumi.get(self, "instance")
 
-    @target_service_accounts.setter
-    def target_service_accounts(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
-        pulumi.set(self, "target_service_accounts", value)
+    @instance.setter
+    def instance(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "instance", value)
 
     @property
-    @pulumi.getter(name="tlsInspect")
-    def tls_inspect(self) -> Optional[pulumi.Input[bool]]:
+    @pulumi.getter
+    def port(self) -> Optional[pulumi.Input[int]]:
         """
-        Boolean flag indicating if the traffic should be TLS decrypted.
-        It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
+        Port number of network endpoint.
+        **Note** `port` is required unless the Network Endpoint Group is created
+        with the type of `GCE_VM_IP`
         """
-        return pulumi.get(self, "tls_inspect")
+        return pulumi.get(self, "port")
 
-    @tls_inspect.setter
-    def tls_inspect(self, value: Optional[pulumi.Input[bool]]):
-        pulumi.set(self, "tls_inspect", value)
+    @port.setter
+    def port(self, value: Optional[pulumi.Input[int]]):
+        pulumi.set(self, "port", value)
 
 
 if not MYPY:
-    class NetworkFirewallPolicyWithRulesRuleMatchArgsDict(TypedDict):
-        layer4_configs: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgsDict']]]
+    class NetworkFirewallPolicyRuleMatchArgsDict(TypedDict):
+        layer4_configs: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgsDict']]]
         """
         Pairs of IP protocols and ports that the rule should match.
-        Structure is documented below.
         """
         dest_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Address groups which should be matched against the traffic destination.
-        Maximum number of destination address groups is 10.
+        Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.
         """
         dest_fqdns: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic destination. Maximum number of destination fqdn allowed is 100.
+        Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.
         """
         dest_ip_ranges: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Destination IP address range in CIDR format. Required for
-        EGRESS rules.
+        CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
         """
         dest_region_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Region codes whose IP addresses will be used to match for destination
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of destination region codes allowed is 5000.
+        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.
         """
         dest_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic destination.
+        Name of the Google Cloud Threat Intelligence list.
         """
         src_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Address groups which should be matched against the traffic source.
-        Maximum number of source address groups is 10.
+        Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.
         """
         src_fqdns: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic source. Maximum number of source fqdn allowed is 100.
+        Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.
         """
         src_ip_ranges: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Source IP address range in CIDR format. Required for
-        INGRESS rules.
+        CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
         """
         src_region_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Region codes whose IP addresses will be used to match for source
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of source region codes allowed is 5000.
+        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.
         """
-        src_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict']]]]
+        src_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict']]]]
         """
-        List of secure tag values, which should be matched at the source
-        of the traffic.
-        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
-        and there is no <code>srcIpRange</code>, this rule will be ignored.
-        Maximum number of source tag values allowed is 256.
-        Structure is documented below.
-
-
-        <a name="nested_layer4_config"></a>The `layer4_config` block supports:
+        List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE, and there is no <code>srcIpRange</code>, this rule will be ignored. Maximum number of source tag values allowed is 256.
         """
         src_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic source.
+        Name of the Google Cloud Threat Intelligence list.
+
+        The `layer4_configs` block supports:
         """
 elif False:
-    NetworkFirewallPolicyWithRulesRuleMatchArgsDict: TypeAlias = Mapping[str, Any]
+    NetworkFirewallPolicyRuleMatchArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
-class NetworkFirewallPolicyWithRulesRuleMatchArgs:
+class NetworkFirewallPolicyRuleMatchArgs:
     def __init__(__self__, *,
-                 layer4_configs: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs']]],
+                 layer4_configs: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]],
                  dest_address_groups: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  dest_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  dest_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
@@ -21375,44 +19628,23 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
                  src_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  src_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                  src_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
-                 src_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]]] = None,
+                 src_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]]] = None,
                  src_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs']]] layer4_configs: Pairs of IP protocols and ports that the rule should match.
-               Structure is documented below.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_address_groups: Address groups which should be matched against the traffic destination.
-               Maximum number of destination address groups is 10.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
-               traffic destination. Maximum number of destination fqdn allowed is 100.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_ip_ranges: Destination IP address range in CIDR format. Required for
-               EGRESS rules.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_region_codes: Region codes whose IP addresses will be used to match for destination
-               of traffic. Should be specified as 2 letter country code defined as per
-               ISO 3166 alpha-2 country codes. ex."US"
-               Maximum number of destination region codes allowed is 5000.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_threat_intelligences: Names of Network Threat Intelligence lists.
-               The IPs in these lists will be matched against traffic destination.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_address_groups: Address groups which should be matched against the traffic source.
-               Maximum number of source address groups is 10.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
-               traffic source. Maximum number of source fqdn allowed is 100.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_ip_ranges: Source IP address range in CIDR format. Required for
-               INGRESS rules.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_region_codes: Region codes whose IP addresses will be used to match for source
-               of traffic. Should be specified as 2 letter country code defined as per
-               ISO 3166 alpha-2 country codes. ex."US"
-               Maximum number of source region codes allowed is 5000.
-        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]] src_secure_tags: List of secure tag values, which should be matched at the source
-               of the traffic.
-               For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
-               and there is no <code>srcIpRange</code>, this rule will be ignored.
-               Maximum number of source tag values allowed is 256.
-               Structure is documented below.
-               
+        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]] layer4_configs: Pairs of IP protocols and ports that the rule should match.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_address_groups: Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_fqdns: Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_ip_ranges: CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_region_codes: The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] dest_threat_intelligences: Name of the Google Cloud Threat Intelligence list.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_address_groups: Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_fqdns: Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_ip_ranges: CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_region_codes: The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.
+        :param pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]] src_secure_tags: List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE, and there is no <code>srcIpRange</code>, this rule will be ignored. Maximum number of source tag values allowed is 256.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_threat_intelligences: Name of the Google Cloud Threat Intelligence list.
                
-               <a name="nested_layer4_config"></a>The `layer4_config` block supports:
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] src_threat_intelligences: Names of Network Threat Intelligence lists.
-               The IPs in these lists will be matched against traffic source.
+               The `layer4_configs` block supports:
         """
         pulumi.set(__self__, "layer4_configs", layer4_configs)
         if dest_address_groups is not None:
@@ -21440,23 +19672,21 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
 
     @property
     @pulumi.getter(name="layer4Configs")
-    def layer4_configs(self) -> pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs']]]:
+    def layer4_configs(self) -> pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]]:
         """
         Pairs of IP protocols and ports that the rule should match.
-        Structure is documented below.
         """
         return pulumi.get(self, "layer4_configs")
 
     @layer4_configs.setter
-    def layer4_configs(self, value: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs']]]):
+    def layer4_configs(self, value: pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchLayer4ConfigArgs']]]):
         pulumi.set(self, "layer4_configs", value)
 
     @property
     @pulumi.getter(name="destAddressGroups")
     def dest_address_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Address groups which should be matched against the traffic destination.
-        Maximum number of destination address groups is 10.
+        Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.
         """
         return pulumi.get(self, "dest_address_groups")
 
@@ -21468,8 +19698,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="destFqdns")
     def dest_fqdns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic destination. Maximum number of destination fqdn allowed is 100.
+        Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.
         """
         return pulumi.get(self, "dest_fqdns")
 
@@ -21481,8 +19710,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="destIpRanges")
     def dest_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Destination IP address range in CIDR format. Required for
-        EGRESS rules.
+        CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
         """
         return pulumi.get(self, "dest_ip_ranges")
 
@@ -21494,10 +19722,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="destRegionCodes")
     def dest_region_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Region codes whose IP addresses will be used to match for destination
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of destination region codes allowed is 5000.
+        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.
         """
         return pulumi.get(self, "dest_region_codes")
 
@@ -21509,8 +19734,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="destThreatIntelligences")
     def dest_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic destination.
+        Name of the Google Cloud Threat Intelligence list.
         """
         return pulumi.get(self, "dest_threat_intelligences")
 
@@ -21522,8 +19746,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="srcAddressGroups")
     def src_address_groups(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Address groups which should be matched against the traffic source.
-        Maximum number of source address groups is 10.
+        Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.
         """
         return pulumi.get(self, "src_address_groups")
 
@@ -21535,8 +19758,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="srcFqdns")
     def src_fqdns(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Fully Qualified Domain Name (FQDN) which should be matched against
-        traffic source. Maximum number of source fqdn allowed is 100.
+        Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.
         """
         return pulumi.get(self, "src_fqdns")
 
@@ -21548,8 +19770,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="srcIpRanges")
     def src_ip_ranges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Source IP address range in CIDR format. Required for
-        INGRESS rules.
+        CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
         """
         return pulumi.get(self, "src_ip_ranges")
 
@@ -21561,10 +19782,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
     @pulumi.getter(name="srcRegionCodes")
     def src_region_codes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Region codes whose IP addresses will be used to match for source
-        of traffic. Should be specified as 2 letter country code defined as per
-        ISO 3166 alpha-2 country codes. ex."US"
-        Maximum number of source region codes allowed is 5000.
+        The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.
         """
         return pulumi.get(self, "src_region_codes")
 
@@ -21574,30 +19792,23 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
 
     @property
     @pulumi.getter(name="srcSecureTags")
-    def src_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]]]:
+    def src_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]]]:
         """
-        List of secure tag values, which should be matched at the source
-        of the traffic.
-        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
-        and there is no <code>srcIpRange</code>, this rule will be ignored.
-        Maximum number of source tag values allowed is 256.
-        Structure is documented below.
-
-
-        <a name="nested_layer4_config"></a>The `layer4_config` block supports:
+        List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE, and there is no <code>srcIpRange</code>, this rule will be ignored. Maximum number of source tag values allowed is 256.
         """
         return pulumi.get(self, "src_secure_tags")
 
     @src_secure_tags.setter
-    def src_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]]]):
+    def src_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['NetworkFirewallPolicyRuleMatchSrcSecureTagArgs']]]]):
         pulumi.set(self, "src_secure_tags", value)
 
     @property
     @pulumi.getter(name="srcThreatIntelligences")
     def src_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Names of Network Threat Intelligence lists.
-        The IPs in these lists will be matched against traffic source.
+        Name of the Google Cloud Threat Intelligence list.
+
+        The `layer4_configs` block supports:
         """
         return pulumi.get(self, "src_threat_intelligences")
 
@@ -21607,48 +19818,26 @@ class NetworkFirewallPolicyWithRulesRuleMatchArgs:
 
 
 if not MYPY:
-    class NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgsDict(TypedDict):
+    class NetworkFirewallPolicyRuleMatchLayer4ConfigArgsDict(TypedDict):
         ip_protocol: pulumi.Input[str]
         """
-        (Output)
-        The IP protocol to which this rule applies. The protocol
-        type is required when creating a firewall rule.
-        This value can either be one of the following well
-        known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
-        or the IP protocol number.
+        The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.
         """
         ports: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        (Output)
-        An optional list of ports to which this rule applies. This field
-        is only applicable for UDP or TCP protocol. Each entry must be
-        either an integer or a range. If not specified, this rule
-        applies to connections through any port.
-        Example inputs include: ["22"], ["80","443"], and
-        ["12345-12349"].
+        An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.
         """
 elif False:
-    NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgsDict: TypeAlias = Mapping[str, Any]
+    NetworkFirewallPolicyRuleMatchLayer4ConfigArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
-class NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs:
+class NetworkFirewallPolicyRuleMatchLayer4ConfigArgs:
     def __init__(__self__, *,
                  ip_protocol: pulumi.Input[str],
                  ports: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
-        :param pulumi.Input[str] ip_protocol: (Output)
-               The IP protocol to which this rule applies. The protocol
-               type is required when creating a firewall rule.
-               This value can either be one of the following well
-               known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
-               or the IP protocol number.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] ports: (Output)
-               An optional list of ports to which this rule applies. This field
-               is only applicable for UDP or TCP protocol. Each entry must be
-               either an integer or a range. If not specified, this rule
-               applies to connections through any port.
-               Example inputs include: ["22"], ["80","443"], and
-               ["12345-12349"].
+        :param pulumi.Input[str] ip_protocol: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] ports: An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.
         """
         pulumi.set(__self__, "ip_protocol", ip_protocol)
         if ports is not None:
@@ -21658,12 +19847,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs:
     @pulumi.getter(name="ipProtocol")
     def ip_protocol(self) -> pulumi.Input[str]:
         """
-        (Output)
-        The IP protocol to which this rule applies. The protocol
-        type is required when creating a firewall rule.
-        This value can either be one of the following well
-        known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
-        or the IP protocol number.
+        The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.
         """
         return pulumi.get(self, "ip_protocol")
 
@@ -21675,13 +19859,7 @@ class NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs:
     @pulumi.getter
     def ports(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        (Output)
-        An optional list of ports to which this rule applies. This field
-        is only applicable for UDP or TCP protocol. Each entry must be
-        either an integer or a range. If not specified, this rule
-        applies to connections through any port.
-        Example inputs include: ["22"], ["80","443"], and
-        ["12345-12349"].
+        An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.
         """
         return pulumi.get(self, "ports")
 
@@ -21691,61 +19869,48 @@ class NetworkFirewallPolicyWithRulesRuleMatchLayer4ConfigArgs:
 
 
 if not MYPY:
-    class NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict(TypedDict):
-        name: NotRequired[pulumi.Input[str]]
+    class NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict(TypedDict):
+        name: pulumi.Input[str]
         """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
+        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
         """
         state: NotRequired[pulumi.Input[str]]
         """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
+        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
         """
 elif False:
-    NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+    NetworkFirewallPolicyRuleMatchSrcSecureTagArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
-class NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs:
+class NetworkFirewallPolicyRuleMatchSrcSecureTagArgs:
     def __init__(__self__, *,
-                 name: Optional[pulumi.Input[str]] = None,
+                 name: pulumi.Input[str],
                  state: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API.
-               @pattern tagValues/[0-9]+
-        :param pulumi.Input[str] state: (Output)
-               [Output Only] State of the secure tag, either `EFFECTIVE` or
-               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-               or its network is deleted.
+        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
+        :param pulumi.Input[str] state: [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
         """
-        if name is not None:
-            pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "name", name)
         if state is not None:
             pulumi.set(__self__, "state", state)
 
     @property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+    def name(self) -> pulumi.Input[str]:
         """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
+        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
+    def name(self, value: pulumi.Input[str]):
         pulumi.set(self, "name", value)
 
     @property
     @pulumi.getter
     def state(self) -> Optional[pulumi.Input[str]]:
         """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
+        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
         """
         return pulumi.get(self, "state")
 
@@ -21755,67 +19920,48 @@ class NetworkFirewallPolicyWithRulesRuleMatchSrcSecureTagArgs:
 
 
 if not MYPY:
-    class NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgsDict(TypedDict):
-        name: NotRequired[pulumi.Input[str]]
+    class NetworkFirewallPolicyRuleTargetSecureTagArgsDict(TypedDict):
+        name: pulumi.Input[str]
         """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
+        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
         """
         state: NotRequired[pulumi.Input[str]]
         """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
-
-        - - -
+        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
         """
 elif False:
-    NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+    NetworkFirewallPolicyRuleTargetSecureTagArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
-class NetworkFirewallPolicyWithRulesRuleTargetSecureTagArgs:
+class NetworkFirewallPolicyRuleTargetSecureTagArgs:
     def __init__(__self__, *,
-                 name: Optional[pulumi.Input[str]] = None,
+                 name: pulumi.Input[str],
                  state: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API.
-               @pattern tagValues/[0-9]+
-        :param pulumi.Input[str] state: (Output)
-               [Output Only] State of the secure tag, either `EFFECTIVE` or
-               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-               or its network is deleted.
-               
-               - - -
+        :param pulumi.Input[str] name: Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
+        :param pulumi.Input[str] state: [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
         """
-        if name is not None:
-            pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "name", name)
         if state is not None:
             pulumi.set(__self__, "state", state)
 
     @property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[str]]:
+    def name(self) -> pulumi.Input[str]:
         """
-        Name of the secure tag, created with TagManager's TagValue API.
-        @pattern tagValues/[0-9]+
+        Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+
         """
         return pulumi.get(self, "name")
 
     @name.setter
-    def name(self, value: Optional[pulumi.Input[str]]):
+    def name(self, value: pulumi.Input[str]):
         pulumi.set(self, "name", value)
 
     @property
     @pulumi.getter
     def state(self) -> Optional[pulumi.Input[str]]:
         """
-        (Output)
-        [Output Only] State of the secure tag, either `EFFECTIVE` or
-        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
-        or its network is deleted.
-
-        - - -
+        [Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.
         """
         return pulumi.get(self, "state")
 
@@ -47040,26 +45186,11 @@ class SecurityScanConfigScheduleArgs:
 
 if not MYPY:
     class ServiceAttachmentConnectedEndpointArgsDict(TypedDict):
-        consumer_network: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The url of the consumer network.
-        """
         endpoint: NotRequired[pulumi.Input[str]]
         """
         (Output)
         The URL of the consumer forwarding rule.
         """
-        propagated_connection_count: NotRequired[pulumi.Input[int]]
-        """
-        (Output, Beta)
-        The number of consumer Network Connectivity Center spokes that the connected Private Service Connect endpoint has propagated to.
-        """
-        psc_connection_id: NotRequired[pulumi.Input[str]]
-        """
-        (Output)
-        The PSC connection id of the connected endpoint.
-        """
         status: NotRequired[pulumi.Input[str]]
         """
         (Output)
@@ -47072,48 +45203,20 @@ elif False:
 @pulumi.input_type
 class ServiceAttachmentConnectedEndpointArgs:
     def __init__(__self__, *,
-                 consumer_network: Optional[pulumi.Input[str]] = None,
                  endpoint: Optional[pulumi.Input[str]] = None,
-                 propagated_connection_count: Optional[pulumi.Input[int]] = None,
-                 psc_connection_id: Optional[pulumi.Input[str]] = None,
                  status: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] consumer_network: (Output)
-               The url of the consumer network.
         :param pulumi.Input[str] endpoint: (Output)
                The URL of the consumer forwarding rule.
-        :param pulumi.Input[int] propagated_connection_count: (Output, Beta)
-               The number of consumer Network Connectivity Center spokes that the connected Private Service Connect endpoint has propagated to.
-        :param pulumi.Input[str] psc_connection_id: (Output)
-               The PSC connection id of the connected endpoint.
         :param pulumi.Input[str] status: (Output)
                The status of the connection from the consumer forwarding rule to
                this service attachment.
         """
-        if consumer_network is not None:
-            pulumi.set(__self__, "consumer_network", consumer_network)
         if endpoint is not None:
             pulumi.set(__self__, "endpoint", endpoint)
-        if propagated_connection_count is not None:
-            pulumi.set(__self__, "propagated_connection_count", propagated_connection_count)
-        if psc_connection_id is not None:
-            pulumi.set(__self__, "psc_connection_id", psc_connection_id)
         if status is not None:
             pulumi.set(__self__, "status", status)
 
-    @property
-    @pulumi.getter(name="consumerNetwork")
-    def consumer_network(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The url of the consumer network.
-        """
-        return pulumi.get(self, "consumer_network")
-
-    @consumer_network.setter
-    def consumer_network(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "consumer_network", value)
-
     @property
     @pulumi.getter
     def endpoint(self) -> Optional[pulumi.Input[str]]:
@@ -47127,32 +45230,6 @@ class ServiceAttachmentConnectedEndpointArgs:
     def endpoint(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "endpoint", value)
 
-    @property
-    @pulumi.getter(name="propagatedConnectionCount")
-    def propagated_connection_count(self) -> Optional[pulumi.Input[int]]:
-        """
-        (Output, Beta)
-        The number of consumer Network Connectivity Center spokes that the connected Private Service Connect endpoint has propagated to.
-        """
-        return pulumi.get(self, "propagated_connection_count")
-
-    @propagated_connection_count.setter
-    def propagated_connection_count(self, value: Optional[pulumi.Input[int]]):
-        pulumi.set(self, "propagated_connection_count", value)
-
-    @property
-    @pulumi.getter(name="pscConnectionId")
-    def psc_connection_id(self) -> Optional[pulumi.Input[str]]:
-        """
-        (Output)
-        The PSC connection id of the connected endpoint.
-        """
-        return pulumi.get(self, "psc_connection_id")
-
-    @psc_connection_id.setter
-    def psc_connection_id(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "psc_connection_id", value)
-
     @property
     @pulumi.getter
     def status(self) -> Optional[pulumi.Input[str]]: