pulumi-gcp 8.21.0a1741156431__py3-none-any.whl → 8.22.0__py3-none-any.whl

pulumi_gcp/iam/organizations_policy_binding.py

@@ -497,14 +497,6 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
                  target: Optional[pulumi.Input[Union['OrganizationsPolicyBindingTargetArgs', 'OrganizationsPolicyBindingTargetArgsDict']]] = None,
                  __props__=None):
         """
-        A policy binding to an organizations
-
-        To get more information about OrganizationsPolicyBinding, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/organizations.locations.policyBindings)
-        * How-to Guides
-            * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
-
         ## Example Usage
 
         ### Iam Organizations Policy Binding
@@ -517,16 +509,16 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
-            display_name="test org binding",
+            display_name="binding for all principals in the Organization",
             principal_access_boundary_policy_id="my-pab-policy")
         wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
         opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
-        my_org_binding = gcp.iam.OrganizationsPolicyBinding("my-org-binding",
+        binding_for_all_org_principals = gcp.iam.OrganizationsPolicyBinding("binding-for-all-org-principals",
             organization="123456789",
             location="global",
-            display_name="test org binding",
+            display_name="binding for all principals in the Organization",
             policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
-            policy_binding_id="test-org-binding",
+            policy_binding_id="binding-for-all-org-principals",
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
@@ -585,14 +577,6 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
                  args: OrganizationsPolicyBindingArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        A policy binding to an organizations
-
-        To get more information about OrganizationsPolicyBinding, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/organizations.locations.policyBindings)
-        * How-to Guides
-            * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
-
         ## Example Usage
 
         ### Iam Organizations Policy Binding
@@ -605,16 +589,16 @@ class OrganizationsPolicyBinding(pulumi.CustomResource):
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
-            display_name="test org binding",
+            display_name="binding for all principals in the Organization",
             principal_access_boundary_policy_id="my-pab-policy")
         wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
         opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
-        my_org_binding = gcp.iam.OrganizationsPolicyBinding("my-org-binding",
+        binding_for_all_org_principals = gcp.iam.OrganizationsPolicyBinding("binding-for-all-org-principals",
             organization="123456789",
             location="global",
-            display_name="test org binding",
+            display_name="binding for all principals in the Organization",
             policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
-            policy_binding_id="test-org-binding",
+            policy_binding_id="binding-for-all-org-principals",
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",

pulumi_gcp/iam/outputs.py

@@ -531,8 +531,10 @@ class FoldersPolicyBindingTarget(dict):
     def __init__(__self__, *,
                  principal_set: Optional[str] = None):
         """
-        :param str principal_set: Required. Immutable. The resource name of the policy to be bound.
-               The binding parent and policy must belong to the same Organization (or Project).
+        :param str principal_set: Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+               Examples for each one of the following supported principal set types:
+               * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
+               It must be parent by the policy binding's parent (the folder).
                
                - - -
         """
@@ -543,8 +545,10 @@ class FoldersPolicyBindingTarget(dict):
     @pulumi.getter(name="principalSet")
     def principal_set(self) -> Optional[str]:
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
+        It must be parent by the policy binding's parent (the folder).
 
         - - -
         """
@@ -628,8 +632,12 @@ class OrganizationsPolicyBindingTarget(dict):
     def __init__(__self__, *,
                  principal_set: Optional[str] = None):
         """
-        :param str principal_set: Required. Immutable. The resource name of the policy to be bound.
-               The binding parent and policy must belong to the same Organization (or Project).
+        :param str principal_set: Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+               Examples for each one of the following supported principal set types:
+               * Organization `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
+               * Workforce Identity: `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
+               * Workspace Identity: `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
+               It must be parent by the policy binding's parent (the organization).
                
                - - -
         """
@@ -640,8 +648,12 @@ class OrganizationsPolicyBindingTarget(dict):
     @pulumi.getter(name="principalSet")
     def principal_set(self) -> Optional[str]:
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Organization `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
+        * Workforce Identity: `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
+        * Workspace Identity: `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
+        It must be parent by the policy binding's parent (the organization).
 
         - - -
         """
@@ -837,8 +849,13 @@ class ProjectsPolicyBindingTarget(dict):
     def __init__(__self__, *,
                  principal_set: Optional[str] = None):
         """
-        :param str principal_set: Required. Immutable. The resource name of the policy to be bound.
-               The binding parent and policy must belong to the same Organization (or Project).
+        :param str principal_set: Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+               Examples for each one of the following supported principal set types:
+               * Project:
+               * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
+               * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+               * Workload Identity Pool: `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+               It must be parent by the policy binding's parent (the project).
                
                - - -
         """
@@ -849,8 +866,13 @@ class ProjectsPolicyBindingTarget(dict):
     @pulumi.getter(name="principalSet")
     def principal_set(self) -> Optional[str]:
         """
-        Required. Immutable. The resource name of the policy to be bound.
-        The binding parent and policy must belong to the same Organization (or Project).
+        Required. Immutable. Full Resource Name of the principal set used for principal access boundary policy bindings.
+        Examples for each one of the following supported principal set types:
+        * Project:
+        * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
+        * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+        * Workload Identity Pool: `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+        It must be parent by the policy binding's parent (the project).
 
         - - -
         """
@@ -972,7 +994,15 @@ class WorkforcePoolProviderExtraAttributesOauth2Client(dict):
                * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
                in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
                See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-               'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+               'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'.
+               * AZURE_AD_GROUPS_ID:  Used to get the user's group claims from the Azure AD identity provider
+               using configuration provided in ExtraAttributesOAuth2Client and 'id'
+               property of the 'microsoft.graph.group' object is used for claim mapping. See
+               https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties
+               for more details on 'microsoft.graph.group' properties. The
+               group IDs obtained from Azure AD are present in 'assertion.groups' for
+               OIDC providers and 'assertion.attributes.groups' for SAML providers for
+               attribute mapping. Possible values: ["AZURE_AD_GROUPS_MAIL", "AZURE_AD_GROUPS_ID"]
         :param str client_id: The OAuth 2.0 client ID for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
         :param 'WorkforcePoolProviderExtraAttributesOauth2ClientClientSecretArgs' client_secret: The OAuth 2.0 client secret for retrieving extra attributes from the identity provider. Required to get the Access Token using client credentials grant flow.
         :param str issuer_uri: The OIDC identity provider's issuer URI. Must be a valid URI using the 'https' scheme. Required to get the OIDC discovery document.
@@ -993,7 +1023,15 @@ class WorkforcePoolProviderExtraAttributesOauth2Client(dict):
         * AZURE_AD_GROUPS_MAIL: Used to get the user's group claims from the Azure AD identity provider using configuration provided
         in ExtraAttributesOAuth2Client and 'mail' property of the 'microsoft.graph.group' object is used for claim mapping.
         See https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties for more details on
-        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'. Possible values: ["AZURE_AD_GROUPS_MAIL"]
+        'microsoft.graph.group' properties. The attributes obtained from idntity provider are mapped to 'assertion.groups'.
+        * AZURE_AD_GROUPS_ID:  Used to get the user's group claims from the Azure AD identity provider
+        using configuration provided in ExtraAttributesOAuth2Client and 'id'
+        property of the 'microsoft.graph.group' object is used for claim mapping. See
+        https://learn.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#properties
+        for more details on 'microsoft.graph.group' properties. The
+        group IDs obtained from Azure AD are present in 'assertion.groups' for
+        OIDC providers and 'assertion.attributes.groups' for SAML providers for
+        attribute mapping. Possible values: ["AZURE_AD_GROUPS_MAIL", "AZURE_AD_GROUPS_ID"]
         """
         return pulumi.get(self, "attributes_type")
 
@@ -1105,9 +1143,9 @@ class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters(dict):
     def __init__(__self__, *,
                  filter: Optional[str] = None):
         """
-        :param str filter: The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+        :param str filter: The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL and AZURE_AD_GROUPS_ID, it represents the
                filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-               groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+               groups should be security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
         """
         if filter is not None:
             pulumi.set(__self__, "filter", filter)
@@ -1116,9 +1154,9 @@ class WorkforcePoolProviderExtraAttributesOauth2ClientQueryParameters(dict):
     @pulumi.getter
     def filter(self) -> Optional[str]:
         """
-        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL, it represents the
+        The filter used to request specific records from IdP. In case of attributes type as AZURE_AD_GROUPS_MAIL and AZURE_AD_GROUPS_ID, it represents the
         filter used to request specific groups for users from IdP. By default, all of the groups associated with the user are fetched. The
-        groups should be mail enabled and security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
+        groups should be security enabled. See https://learn.microsoft.com/en-us/graph/search-query-parameter for more details.
         """
         return pulumi.get(self, "filter")
 

pulumi_gcp/iam/principal_access_boundary_policy.py

@@ -366,14 +366,6 @@ class PrincipalAccessBoundaryPolicy(pulumi.CustomResource):
                  principal_access_boundary_policy_id: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        An IAM Principal Access Boundary Policy resource
-
-        To get more information about PrincipalAccessBoundaryPolicy, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/organizations.locations.principalAccessBoundaryPolicies)
-        * How-to Guides
-            * [Create and apply Principal Access Boundaries](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create)
-
         ## Example Usage
 
         ### Iam Principal Access Boundary Policy
@@ -382,11 +374,37 @@ class PrincipalAccessBoundaryPolicy(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        my_pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("my-pab-policy",
+        pab_policy_for_org = gcp.iam.PrincipalAccessBoundaryPolicy("pab-policy-for-org",
+            organization="123456789",
+            location="global",
+            display_name="PAB policy for Organization",
+            principal_access_boundary_policy_id="pab-policy-for-org")
+        ```
+        ### Iam Organizations Policy Binding
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_time as time
+
+        pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
+            organization="123456789",
+            location="global",
+            display_name="Binding for all principals in the Organization",
+            principal_access_boundary_policy_id="my-pab-policy")
+        wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
+        opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
+        my_pab_policy = gcp.iam.OrganizationsPolicyBinding("my-pab-policy",
             organization="123456789",
             location="global",
-            display_name="test pab policy",
-            principal_access_boundary_policy_id="test-pab-policy")
+            display_name="Binding for all principals in the Organization",
+            policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
+            policy_binding_id="binding-for-all-org-principals",
+            policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
+            target={
+                "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
+            },
+            opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))
         ```
 
         ## Import
@@ -432,14 +450,6 @@ class PrincipalAccessBoundaryPolicy(pulumi.CustomResource):
                  args: PrincipalAccessBoundaryPolicyArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        An IAM Principal Access Boundary Policy resource
-
-        To get more information about PrincipalAccessBoundaryPolicy, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/organizations.locations.principalAccessBoundaryPolicies)
-        * How-to Guides
-            * [Create and apply Principal Access Boundaries](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create)
-
         ## Example Usage
 
         ### Iam Principal Access Boundary Policy
@@ -448,11 +458,37 @@ class PrincipalAccessBoundaryPolicy(pulumi.CustomResource):
         import pulumi
         import pulumi_gcp as gcp
 
-        my_pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("my-pab-policy",
+        pab_policy_for_org = gcp.iam.PrincipalAccessBoundaryPolicy("pab-policy-for-org",
+            organization="123456789",
+            location="global",
+            display_name="PAB policy for Organization",
+            principal_access_boundary_policy_id="pab-policy-for-org")
+        ```
+        ### Iam Organizations Policy Binding
+
+        ```python
+        import pulumi
+        import pulumi_gcp as gcp
+        import pulumi_time as time
+
+        pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
+            organization="123456789",
+            location="global",
+            display_name="Binding for all principals in the Organization",
+            principal_access_boundary_policy_id="my-pab-policy")
+        wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
+        opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
+        my_pab_policy = gcp.iam.OrganizationsPolicyBinding("my-pab-policy",
             organization="123456789",
             location="global",
-            display_name="test pab policy",
-            principal_access_boundary_policy_id="test-pab-policy")
+            display_name="Binding for all principals in the Organization",
+            policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
+            policy_binding_id="binding-for-all-org-principals",
+            policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
+            target={
+                "principal_set": "//cloudresourcemanager.googleapis.com/organizations/123456789",
+            },
+            opts = pulumi.ResourceOptions(depends_on=[wait60_seconds]))
         ```
 
         ## Import

pulumi_gcp/iam/projects_policy_binding.py

@@ -490,14 +490,6 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
                  target: Optional[pulumi.Input[Union['ProjectsPolicyBindingTargetArgs', 'ProjectsPolicyBindingTargetArgsDict']]] = None,
                  __props__=None):
         """
-        A policy binding to a Project
-
-        To get more information about ProjectsPolicyBinding, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/projects.locations.policyBindings)
-        * How-to Guides
-            * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
-
         ## Example Usage
 
         ### Iam Projects Policy Binding
@@ -511,16 +503,16 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
-            display_name="test project binding",
+            display_name="binding for all principals in the project",
             principal_access_boundary_policy_id="my-pab-policy")
         wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
         opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
-        my_project_binding = gcp.iam.ProjectsPolicyBinding("my-project-binding",
+        binding_for_all_project_principals = gcp.iam.ProjectsPolicyBinding("binding-for-all-project-principals",
             project=project.project_id,
             location="global",
-            display_name="test project binding",
+            display_name="binding for all principals in the project",
             policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
-            policy_binding_id="test-project-binding",
+            policy_binding_id="binding-for-all-project-principals",
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": f"//cloudresourcemanager.googleapis.com/projects/{project.project_id}",
@@ -584,14 +576,6 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
                  args: ProjectsPolicyBindingArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        A policy binding to a Project
-
-        To get more information about ProjectsPolicyBinding, see:
-
-        * [API documentation](https://cloud.google.com/iam/docs/reference/rest/v3/projects.locations.policyBindings)
-        * How-to Guides
-            * [Apply a policy binding](https://cloud.google.com/iam/docs/principal-access-boundary-policies-create#create_binding)
-
         ## Example Usage
 
         ### Iam Projects Policy Binding
@@ -605,16 +589,16 @@ class ProjectsPolicyBinding(pulumi.CustomResource):
         pab_policy = gcp.iam.PrincipalAccessBoundaryPolicy("pab_policy",
             organization="123456789",
             location="global",
-            display_name="test project binding",
+            display_name="binding for all principals in the project",
             principal_access_boundary_policy_id="my-pab-policy")
         wait60_seconds = time.index.Sleep("wait_60_seconds", create_duration=60s,
         opts = pulumi.ResourceOptions(depends_on=[pab_policy]))
-        my_project_binding = gcp.iam.ProjectsPolicyBinding("my-project-binding",
+        binding_for_all_project_principals = gcp.iam.ProjectsPolicyBinding("binding-for-all-project-principals",
             project=project.project_id,
             location="global",
-            display_name="test project binding",
+            display_name="binding for all principals in the project",
             policy_kind="PRINCIPAL_ACCESS_BOUNDARY",
-            policy_binding_id="test-project-binding",
+            policy_binding_id="binding-for-all-project-principals",
             policy=pab_policy.principal_access_boundary_policy_id.apply(lambda principal_access_boundary_policy_id: f"organizations/123456789/locations/global/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}"),
             target={
                 "principal_set": f"//cloudresourcemanager.googleapis.com/projects/{project.project_id}",

pulumi_gcp/iam/workforce_pool_provider.py

@@ -747,7 +747,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                         "plain_text": "client-secret",
                     },
                 },
-                "attributes_type": "AZURE_AD_GROUPS_MAIL",
+                "attributes_type": "AZURE_AD_GROUPS_ID",
                 "query_parameters": {
                     "filter": "mail:gcp",
                 },
@@ -1087,7 +1087,7 @@ class WorkforcePoolProvider(pulumi.CustomResource):
                         "plain_text": "client-secret",
                     },
                 },
-                "attributes_type": "AZURE_AD_GROUPS_MAIL",
+                "attributes_type": "AZURE_AD_GROUPS_ID",
                 "query_parameters": {
                     "filter": "mail:gcp",
                 },

pulumi_gcp/kms/crypto_key_version.py

@@ -33,7 +33,8 @@ class CryptoKeyVersionArgs:
                - - -
         :param pulumi.Input['CryptoKeyVersionExternalProtectionLevelOptionsArgs'] external_protection_level_options: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
                Structure is documented below.
-        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion.
+        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+               otherwise the value of this field is always retrieved automatically.
                Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         pulumi.set(__self__, "crypto_key", crypto_key)
@@ -75,7 +76,8 @@ class CryptoKeyVersionArgs:
     @pulumi.getter
     def state(self) -> Optional[pulumi.Input[str]]:
         """
-        The current state of the CryptoKeyVersion.
+        The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+        otherwise the value of this field is always retrieved automatically.
         Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         return pulumi.get(self, "state")
@@ -112,7 +114,8 @@ class _CryptoKeyVersionState:
         :param pulumi.Input[str] generate_time: The time this CryptoKeyVersion key material was generated
         :param pulumi.Input[str] name: The resource name for this CryptoKeyVersion.
         :param pulumi.Input[str] protection_level: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
-        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion.
+        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+               otherwise the value of this field is always retrieved automatically.
                Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         if algorithm is not None:
@@ -227,7 +230,8 @@ class _CryptoKeyVersionState:
     @pulumi.getter
     def state(self) -> Optional[pulumi.Input[str]]:
         """
-        The current state of the CryptoKeyVersion.
+        The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+        otherwise the value of this field is always retrieved automatically.
         Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         return pulumi.get(self, "state")
@@ -296,7 +300,8 @@ class CryptoKeyVersion(pulumi.CustomResource):
                - - -
         :param pulumi.Input[Union['CryptoKeyVersionExternalProtectionLevelOptionsArgs', 'CryptoKeyVersionExternalProtectionLevelOptionsArgsDict']] external_protection_level_options: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
                Structure is documented below.
-        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion.
+        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+               otherwise the value of this field is always retrieved automatically.
                Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         ...
@@ -422,7 +427,8 @@ class CryptoKeyVersion(pulumi.CustomResource):
         :param pulumi.Input[str] generate_time: The time this CryptoKeyVersion key material was generated
         :param pulumi.Input[str] name: The resource name for this CryptoKeyVersion.
         :param pulumi.Input[str] protection_level: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
-        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion.
+        :param pulumi.Input[str] state: The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+               otherwise the value of this field is always retrieved automatically.
                Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -506,7 +512,8 @@ class CryptoKeyVersion(pulumi.CustomResource):
     @pulumi.getter
     def state(self) -> pulumi.Output[str]:
         """
-        The current state of the CryptoKeyVersion.
+        The current state of the CryptoKeyVersion. Note: you can only specify this field to manually `ENABLE` or `DISABLE` the CryptoKeyVersion,
+        otherwise the value of this field is always retrieved automatically.
         Possible values are: `PENDING_GENERATION`, `ENABLED`, `DISABLED`, `DESTROYED`, `DESTROY_SCHEDULED`, `PENDING_IMPORT`, `IMPORT_FAILED`.
         """
         return pulumi.get(self, "state")

pulumi_gcp/memorystore/__init__.py

@@ -5,6 +5,7 @@
 from .. import _utilities
 import typing
 # Export this package's modules as members:
+from .get_instance import *
 from .instance import *
 from ._inputs import *
 from . import outputs