pulumi-gcp 8.21.0a1741156431__py3-none-any.whl → 8.22.0__py3-none-any.whl

pulumi_gcp/gemini/logging_setting_binding.py

@@ -39,7 +39,7 @@ class LoggingSettingBindingArgs:
                Please refer to the field `effective_labels` for all of the labels present on the resource.
         :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
         :param pulumi.Input[str] product: Product type of the setting binding.
-               Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+               Possible values are: `GEMINI_CODE_ASSIST`.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         """
@@ -125,7 +125,7 @@ class LoggingSettingBindingArgs:
     def product(self) -> Optional[pulumi.Input[str]]:
         """
         Product type of the setting binding.
-        Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+        Possible values are: `GEMINI_CODE_ASSIST`.
         """
         return pulumi.get(self, "product")
 
@@ -174,7 +174,7 @@ class _LoggingSettingBindingState:
         :param pulumi.Input[str] name: Identifier. Name of the resource.
                Format:projects/{project}/locations/{location}/loggingSettings/{setting}/settingBindings/{setting_binding}
         :param pulumi.Input[str] product: Product type of the setting binding.
-               Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+               Possible values are: `GEMINI_CODE_ASSIST`.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource
@@ -291,7 +291,7 @@ class _LoggingSettingBindingState:
     def product(self) -> Optional[pulumi.Input[str]]:
         """
         Product type of the setting binding.
-        Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+        Possible values are: `GEMINI_CODE_ASSIST`.
         """
         return pulumi.get(self, "product")
 
@@ -439,7 +439,7 @@ class LoggingSettingBinding(pulumi.CustomResource):
         :param pulumi.Input[str] location: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
         :param pulumi.Input[str] logging_setting_id: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
         :param pulumi.Input[str] product: Product type of the setting binding.
-               Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+               Possible values are: `GEMINI_CODE_ASSIST`.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         :param pulumi.Input[str] setting_binding_id: Id of the setting binding.
@@ -597,7 +597,7 @@ class LoggingSettingBinding(pulumi.CustomResource):
         :param pulumi.Input[str] name: Identifier. Name of the resource.
                Format:projects/{project}/locations/{location}/loggingSettings/{setting}/settingBindings/{setting_binding}
         :param pulumi.Input[str] product: Product type of the setting binding.
-               Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+               Possible values are: `GEMINI_CODE_ASSIST`.
         :param pulumi.Input[str] project: The ID of the project in which the resource belongs.
                If it is not provided, the provider project is used.
         :param pulumi.Input[Mapping[str, pulumi.Input[str]]] pulumi_labels: The combination of labels configured directly on the resource
@@ -683,7 +683,7 @@ class LoggingSettingBinding(pulumi.CustomResource):
     def product(self) -> pulumi.Output[Optional[str]]:
         """
         Product type of the setting binding.
-        Possible values are: `GEMINI_CLOUD_ASSIST`, `GEMINI_CODE_ASSIST`.
+        Possible values are: `GEMINI_CODE_ASSIST`.
         """
         return pulumi.get(self, "product")
 

pulumi_gcp/iam/__init__.py

@@ -12,6 +12,8 @@ from .get_rule import *
 from .get_testable_permissions import *
 from .get_workload_identity_pool import *
 from .get_workload_identity_pool_provider import *
+from .oauth_client import *
+from .oauth_client_credential import *
 from .organizations_policy_binding import *
 from .principal_access_boundary_policy import *
 from .projects_policy_binding import *

pulumi_gcp/iam/_inputs.py

@@ -703,8 +703,10 @@ if not MYPY:
     class FoldersPolicyBindingTargetArgsDict(TypedDict):
         principal_set: NotRequired[pulumi.Input[str]]
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
+        It must be parent by the policy binding's parent (the folder).
 
         - - -
         """
@@ -716,8 +718,10 @@ class FoldersPolicyBindingTargetArgs:
     def __init__(__self__, *,
                  principal_set: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] principal_set: Required. Immutable. The resource name of the policy to be bound.
-               The binding parent and policy must belong to the same Organization (or Project).
+        :param pulumi.Input[str] principal_set: Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+               Examples for each one of the following supported principal set types:
+               * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
+               It must be parent by the policy binding's parent (the folder).
                
                - - -
         """
@@ -728,8 +732,10 @@ class FoldersPolicyBindingTargetArgs:
     @pulumi.getter(name="principalSet")
     def principal_set(self) -> Optional[pulumi.Input[str]]:
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
+        It must be parent by the policy binding's parent (the folder).
 
         - - -
         """
@@ -836,8 +842,12 @@ if not MYPY:
     class OrganizationsPolicyBindingTargetArgsDict(TypedDict):
         principal_set: NotRequired[pulumi.Input[str]]
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Organization `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
+        * Workforce Identity: `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
+        * Workspace Identity: `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
+        It must be parent by the policy binding's parent (the organization).
 
         - - -
         """
@@ -849,8 +859,12 @@ class OrganizationsPolicyBindingTargetArgs:
     def __init__(__self__, *,
                  principal_set: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] principal_set: Required. Immutable. The resource name of the policy to be bound.
-               The binding parent and policy must belong to the same Organization (or Project).
+        :param pulumi.Input[str] principal_set: Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+               Examples for each one of the following supported principal set types:
+               * Organization `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
+               * Workforce Identity: `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
+               * Workspace Identity: `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
+               It must be parent by the policy binding's parent (the organization).
                
                - - -
         """
@@ -861,8 +875,12 @@ class OrganizationsPolicyBindingTargetArgs:
     @pulumi.getter(name="principalSet")
     def principal_set(self) -> Optional[pulumi.Input[str]]:
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Organization `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
+        * Workforce Identity: `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
+        * Workspace Identity: `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
+        It must be parent by the policy binding's parent (the organization).
 
         - - -
         """
@@ -1126,8 +1144,13 @@ if not MYPY:
     class ProjectsPolicyBindingTargetArgsDict(TypedDict):
         principal_set: NotRequired[pulumi.Input[str]]
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Project:
+        * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
+        * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+        * Workload Identity Pool: `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+        It must be parent by the policy binding's parent (the project).
 
         - - -
         """
@@ -1139,8 +1162,13 @@ class ProjectsPolicyBindingTargetArgs:
     def __init__(__self__, *,
                  principal_set: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] principal_set: Required. Immutable. The resource name of the policy to be bound.
-               The binding parent and policy must belong to the same Organization (or Project).
+        :param pulumi.Input[str] principal_set: Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+               Examples for each one of the following supported principal set types:
+               * Project:
+               * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
+               * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+               * Workload Identity Pool: `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+               It must be parent by the policy binding's parent (the project).
                
                - - -
         """
@@ -1151,8 +1179,13 @@ class ProjectsPolicyBindingTargetArgs:
     @pulumi.getter(name="principalSet")
     def principal_set(self) -> Optional[pulumi.Input[str]]:
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Project:
+        * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
+        * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+        * Workload Identity Pool: `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+        It must be parent by the policy binding's parent (the project).
 
         - - -
         """
@@ -1267,7 +1300,15 @@ if not MYPY:
         * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
         in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
         See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'.
+        * AZURE_AD_GROUPS_ID:  Used to get the user's group claims from the Azure AD identity provider
+        using configuration provided in ExtraAttributesOAuth2Client and 'id'
+        property of the 'microsoft.graph.group' object is used for claim mapping. See
+        https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties
+        for more details on 'microsoft.graph.group' properties. The
+        group IDs obtained from Azure AD are present in 'assertion.groups' for
+        OIDC providers and 'assertion.attributes.groups' for SAML providers for
+        attribute mapping. Possible values: ["AZURE_AD_GROUPS_MAIL", "AZURE_AD_GROUPS_ID"]
         """
         client_id: pulumi.Input[str]
         """
@@ -1301,7 +1342,15 @@ class WorkforcePoolProviderExtraAttributesOauth2ClientArgs:
                * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
                in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
                See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-               'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+               'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'.
+               * AZURE_AD_GROUPS_ID:  Used to get the user's group claims from the Azure AD identity provider
+               using configuration provided in ExtraAttributesOAuth2Client and 'id'
+               property of the 'microsoft.graph.group' object is used for claim mapping. See
+               https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties
+               for more details on 'microsoft.graph.group' properties. The
+               group IDs obtained from Azure AD are present in 'assertion.groups' for
+               OIDC providers and 'assertion.attributes.groups' for SAML providers for
+               attribute mapping. Possible values: ["AZURE_AD_GROUPS_MAIL", "AZURE_AD_GROUPS_ID"]
         :param pulumi.Input[str] client_id: The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
         :param pulumi.Input['WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs'] client_secret: The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
         :param pulumi.Input[str] issuer_uri: The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
@@ -1322,7 +1371,15 @@ class WorkforcePoolProviderExtraAttributesOauth2ClientArgs:
         * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
         in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
         See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'.
+        * AZURE_AD_GROUPS_ID:  Used to get the user's group claims from the Azure AD identity provider
+        using configuration provided in ExtraAttributesOAuth2Client and 'id'
+        property of the 'microsoft.graph.group' object is used for claim mapping. See
+        https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties
+        for more details on 'microsoft.graph.group' properties. The
+        group IDs obtained from Azure AD are present in 'assertion.groups' for
+        OIDC providers and 'assertion.attributes.groups' for SAML providers for
+        attribute mapping. Possible values: ["AZURE_AD_GROUPS_MAIL", "AZURE_AD_GROUPS_ID"]
         """
         return pulumi.get(self, "attributes_type")
 
@@ -1472,9 +1529,9 @@ if not MYPY:
     class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgsDict(TypedDict):
         filter: NotRequired[pulumi.Input[str]]
         """
-        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL and AZURE_AD_GROUPS_ID, it represents the
         filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-        groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+        groups should be security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
         """
 elif False:
     WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgsDict: TypeAlias = Mapping[str, Any]
@@ -1484,9 +1541,9 @@ class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs:
     def __init__(__self__, *,
                  filter: Optional[pulumi.Input[str]] = None):
         """
-        :param pulumi.Input[str] filter: The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+        :param pulumi.Input[str] filter: The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL and AZURE_AD_GROUPS_ID, it represents the
                filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-               groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+               groups should be security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
         """
         if filter is not None:
             pulumi.set(__self__, "filter", filter)
@@ -1495,9 +1552,9 @@ class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParametersArgs:
     @pulumi.getter
     def filter(self) -> Optional[pulumi.Input[str]]:
         """
-        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL and AZURE_AD_GROUPS_ID, it represents the
         filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-        groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+        groups should be security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
         """
         return pulumi.get(self, "filter")
 

pulumi_gcp/iam/folders_policy_binding.py

@@ -497,14 +497,6 @@ class FoldersPolicyBinding(pulumi.CustomResource):
                  target: Optional[pulumi.Input[Union['FoldersPolicyBindingTargetArgs', 'FoldersPolicyBindingTargetArgsDict']]] = None,
                  __props__=None):
         """
-        A policy binding to a folder
-
-        To get more information about FoldersPolicyBinding, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/folders.locations.policyBindings)
-        * How-to Guides
-            * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
-
         ## Example Usage
 
         ### Iam Folders Policy Binding
@@ -517,20 +509,20 @@ class FoldersPolicyBinding(pulumi.CustomResource):
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
-            display_name="test folder binding",
+            display_name="binding for all principals in the folder",
             principal_access_boundary_policy_id="my-pab-policy")
         folder = gcp.organizations.Folder("folder",
-            display_name="test folder",
+            display_name="my folder",
             parent="organizations/123456789",
             deletion_protection=False)
         wait120s = time.index.Sleep("wait_120s", create_duration=120s,
         opts = pulumi.ResourceOptions(depends_on=[folder]))
-        my_folder_binding = gcp.iam.FoldersPolicyBinding("my-folder-binding",
+        binding_for_all_folder_principals = gcp.iam.FoldersPolicyBinding("binding-for-all-folder-principals",
             folder=folder.folder_id,
             location="global",
-            display_name="test folder binding",
+            display_name="binding for all principals in the folder",
             policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
-            policy_binding_id="test-folder-binding",
+            policy_binding_id="binding-for-all-folder-principals",
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": folder.folder_id.apply(lambda folder_id: f"//cloudresourcemanager.googleapis.com/folders/{folder_id}"),
@@ -589,14 +581,6 @@ class FoldersPolicyBinding(pulumi.CustomResource):
                  args: FoldersPolicyBindingArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        A policy binding to a folder
-
-        To get more information about FoldersPolicyBinding, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/folders.locations.policyBindings)
-        * How-to Guides
-            * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
-
         ## Example Usage
 
         ### Iam Folders Policy Binding
@@ -609,20 +593,20 @@ class FoldersPolicyBinding(pulumi.CustomResource):
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
-            display_name="test folder binding",
+            display_name="binding for all principals in the folder",
             principal_access_boundary_policy_id="my-pab-policy")
         folder = gcp.organizations.Folder("folder",
-            display_name="test folder",
+            display_name="my folder",
             parent="organizations/123456789",
             deletion_protection=False)
         wait120s = time.index.Sleep("wait_120s", create_duration=120s,
         opts = pulumi.ResourceOptions(depends_on=[folder]))
-        my_folder_binding = gcp.iam.FoldersPolicyBinding("my-folder-binding",
+        binding_for_all_folder_principals = gcp.iam.FoldersPolicyBinding("binding-for-all-folder-principals",
             folder=folder.folder_id,
             location="global",
-            display_name="test folder binding",
+            display_name="binding for all principals in the folder",
             policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
-            policy_binding_id="test-folder-binding",
+            policy_binding_id="binding-for-all-folder-principals",
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": folder.folder_id.apply(lambda folder_id: f"//cloudresourcemanager.googleapis.com/folders/{folder_id}"),