pulumi-gcp 8.26.0a1744267117__py3-none-any.whl → 8.27.0a1744386150__py3-none-any.whl

pulumi_gcp/__init__.py

@@ -734,6 +734,14 @@ _utilities.register(
    "gcp:apigee/appGroup:AppGroup": "AppGroup"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "apigee/controlPlaneAccess",
+  "fqn": "pulumi_gcp.apigee",
+  "classes": {
+   "gcp:apigee/controlPlaneAccess:ControlPlaneAccess": "ControlPlaneAccess"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "apigee/developer",
@@ -2054,6 +2062,14 @@ _utilities.register(
    "gcp:clouddeploy/deliveryPipelineIamPolicy:DeliveryPipelineIamPolicy": "DeliveryPipelineIamPolicy"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "clouddeploy/deployPolicy",
+  "fqn": "pulumi_gcp.clouddeploy",
+  "classes": {
+   "gcp:clouddeploy/deployPolicy:DeployPolicy": "DeployPolicy"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "clouddeploy/target",
@@ -5366,6 +5382,14 @@ _utilities.register(
    "gcp:folder/organizationPolicy:OrganizationPolicy": "OrganizationPolicy"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "folder/serviceIdentity",
+  "fqn": "pulumi_gcp.folder",
+  "classes": {
+   "gcp:folder/serviceIdentity:ServiceIdentity": "ServiceIdentity"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "gemini/codeRepositoryIndex",
@@ -5374,6 +5398,22 @@ _utilities.register(
    "gcp:gemini/codeRepositoryIndex:CodeRepositoryIndex": "CodeRepositoryIndex"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "gemini/codeToolsSetting",
+  "fqn": "pulumi_gcp.gemini",
+  "classes": {
+   "gcp:gemini/codeToolsSetting:CodeToolsSetting": "CodeToolsSetting"
+  }
+ },
+ {
+  "pkg": "gcp",
+  "mod": "gemini/codeToolsSettingBinding",
+  "fqn": "pulumi_gcp.gemini",
+  "classes": {
+   "gcp:gemini/codeToolsSettingBinding:CodeToolsSettingBinding": "CodeToolsSettingBinding"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "gemini/dataSharingWithGoogleSetting",
@@ -7534,6 +7574,14 @@ _utilities.register(
    "gcp:osconfig/v2PolicyOrchestrator:V2PolicyOrchestrator": "V2PolicyOrchestrator"
   }
  },
+ {
+  "pkg": "gcp",
+  "mod": "osconfig/v2PolicyOrchestratorForOrganization",
+  "fqn": "pulumi_gcp.osconfig",
+  "classes": {
+   "gcp:osconfig/v2PolicyOrchestratorForOrganization:V2PolicyOrchestratorForOrganization": "V2PolicyOrchestratorForOrganization"
+  }
+ },
  {
   "pkg": "gcp",
   "mod": "oslogin/sshPublicKey",

pulumi_gcp/accesscontextmanager/_inputs.py

@@ -62,6 +62,8 @@ __all__ = [
     'AccessPolicyIamBindingConditionArgsDict',
     'AccessPolicyIamMemberConditionArgs',
     'AccessPolicyIamMemberConditionArgsDict',
+    'GcpUserAccessBindingSessionSettingsArgs',
+    'GcpUserAccessBindingSessionSettingsArgsDict',
     'ServicePerimeterDryRunEgressPolicyEgressFromArgs',
     'ServicePerimeterDryRunEgressPolicyEgressFromArgsDict',
     'ServicePerimeterDryRunEgressPolicyEgressFromSourceArgs',
@@ -2228,6 +2230,121 @@ class AccessPolicyIamMemberConditionArgs:
         pulumi.set(self, "description", value)
 
 
+if not MYPY:
+    class GcpUserAccessBindingSessionSettingsArgsDict(TypedDict):
+        max_inactivity: NotRequired[pulumi.Input[builtins.str]]
+        """
+        Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        """
+        session_length: NotRequired[pulumi.Input[builtins.str]]
+        """
+        Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        """
+        session_length_enabled: NotRequired[pulumi.Input[builtins.bool]]
+        """
+        Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        """
+        session_reauth_method: NotRequired[pulumi.Input[builtins.str]]
+        """
+        Optional. The session challenges proposed to users when the Google Cloud session length is up.
+        Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        """
+        use_oidc_max_age: NotRequired[pulumi.Input[builtins.bool]]
+        """
+        Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+elif False:
+    GcpUserAccessBindingSessionSettingsArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class GcpUserAccessBindingSessionSettingsArgs:
+    def __init__(__self__, *,
+                 max_inactivity: Optional[pulumi.Input[builtins.str]] = None,
+                 session_length: Optional[pulumi.Input[builtins.str]] = None,
+                 session_length_enabled: Optional[pulumi.Input[builtins.bool]] = None,
+                 session_reauth_method: Optional[pulumi.Input[builtins.str]] = None,
+                 use_oidc_max_age: Optional[pulumi.Input[builtins.bool]] = None):
+        """
+        :param pulumi.Input[builtins.str] max_inactivity: Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        :param pulumi.Input[builtins.str] session_length: Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        :param pulumi.Input[builtins.bool] session_length_enabled: Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        :param pulumi.Input[builtins.str] session_reauth_method: Optional. The session challenges proposed to users when the Google Cloud session length is up.
+               Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        :param pulumi.Input[builtins.bool] use_oidc_max_age: Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+        if max_inactivity is not None:
+            pulumi.set(__self__, "max_inactivity", max_inactivity)
+        if session_length is not None:
+            pulumi.set(__self__, "session_length", session_length)
+        if session_length_enabled is not None:
+            pulumi.set(__self__, "session_length_enabled", session_length_enabled)
+        if session_reauth_method is not None:
+            pulumi.set(__self__, "session_reauth_method", session_reauth_method)
+        if use_oidc_max_age is not None:
+            pulumi.set(__self__, "use_oidc_max_age", use_oidc_max_age)
+
+    @property
+    @pulumi.getter(name="maxInactivity")
+    def max_inactivity(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        """
+        return pulumi.get(self, "max_inactivity")
+
+    @max_inactivity.setter
+    def max_inactivity(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "max_inactivity", value)
+
+    @property
+    @pulumi.getter(name="sessionLength")
+    def session_length(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        """
+        return pulumi.get(self, "session_length")
+
+    @session_length.setter
+    def session_length(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "session_length", value)
+
+    @property
+    @pulumi.getter(name="sessionLengthEnabled")
+    def session_length_enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        """
+        return pulumi.get(self, "session_length_enabled")
+
+    @session_length_enabled.setter
+    def session_length_enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "session_length_enabled", value)
+
+    @property
+    @pulumi.getter(name="sessionReauthMethod")
+    def session_reauth_method(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Optional. The session challenges proposed to users when the Google Cloud session length is up.
+        Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        """
+        return pulumi.get(self, "session_reauth_method")
+
+    @session_reauth_method.setter
+    def session_reauth_method(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "session_reauth_method", value)
+
+    @property
+    @pulumi.getter(name="useOidcMaxAge")
+    def use_oidc_max_age(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+        return pulumi.get(self, "use_oidc_max_age")
+
+    @use_oidc_max_age.setter
+    def use_oidc_max_age(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "use_oidc_max_age", value)
+
+
 if not MYPY:
     class ServicePerimeterDryRunEgressPolicyEgressFromArgsDict(TypedDict):
         identities: NotRequired[pulumi.Input[Sequence[pulumi.Input[builtins.str]]]]

pulumi_gcp/accesscontextmanager/gcp_user_access_binding.py

@@ -14,39 +14,35 @@ if sys.version_info >= (3, 11):
 else:
     from typing_extensions import NotRequired, TypedDict, TypeAlias
 from .. import _utilities
+from . import outputs
+from ._inputs import *
 
 __all__ = ['GcpUserAccessBindingArgs', 'GcpUserAccessBinding']
 
 @pulumi.input_type
 class GcpUserAccessBindingArgs:
     def __init__(__self__, *,
-                 access_levels: pulumi.Input[builtins.str],
                  group_key: pulumi.Input[builtins.str],
-                 organization_id: pulumi.Input[builtins.str]):
+                 organization_id: pulumi.Input[builtins.str],
+                 access_levels: Optional[pulumi.Input[builtins.str]] = None,
+                 session_settings: Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']] = None):
         """
         The set of arguments for constructing a GcpUserAccessBinding resource.
-        :param pulumi.Input[builtins.str] access_levels: Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
         :param pulumi.Input[builtins.str] group_key: Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
         :param pulumi.Input[builtins.str] organization_id: Required. ID of the parent organization.
                
                
                - - -
+        :param pulumi.Input[builtins.str] access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        :param pulumi.Input['GcpUserAccessBindingSessionSettingsArgs'] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
+               Structure is documented below.
         """
-        pulumi.set(__self__, "access_levels", access_levels)
         pulumi.set(__self__, "group_key", group_key)
         pulumi.set(__self__, "organization_id", organization_id)
-
-    @property
-    @pulumi.getter(name="accessLevels")
-    def access_levels(self) -> pulumi.Input[builtins.str]:
-        """
-        Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
-        """
-        return pulumi.get(self, "access_levels")
-
-    @access_levels.setter
-    def access_levels(self, value: pulumi.Input[builtins.str]):
-        pulumi.set(self, "access_levels", value)
+        if access_levels is not None:
+            pulumi.set(__self__, "access_levels", access_levels)
+        if session_settings is not None:
+            pulumi.set(__self__, "session_settings", session_settings)
 
     @property
     @pulumi.getter(name="groupKey")
@@ -75,6 +71,31 @@ class GcpUserAccessBindingArgs:
     def organization_id(self, value: pulumi.Input[builtins.str]):
         pulumi.set(self, "organization_id", value)
 
+    @property
+    @pulumi.getter(name="accessLevels")
+    def access_levels(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        """
+        return pulumi.get(self, "access_levels")
+
+    @access_levels.setter
+    def access_levels(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "access_levels", value)
+
+    @property
+    @pulumi.getter(name="sessionSettings")
+    def session_settings(self) -> Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']]:
+        """
+        Optional. The Google Cloud session length (GCSL) policy for the group key.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "session_settings")
+
+    @session_settings.setter
+    def session_settings(self, value: Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']]):
+        pulumi.set(self, "session_settings", value)
+
 
 @pulumi.input_type
 class _GcpUserAccessBindingState:
@@ -82,16 +103,19 @@ class _GcpUserAccessBindingState:
                  access_levels: Optional[pulumi.Input[builtins.str]] = None,
                  group_key: Optional[pulumi.Input[builtins.str]] = None,
                  name: Optional[pulumi.Input[builtins.str]] = None,
-                 organization_id: Optional[pulumi.Input[builtins.str]] = None):
+                 organization_id: Optional[pulumi.Input[builtins.str]] = None,
+                 session_settings: Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']] = None):
         """
         Input properties used for looking up and filtering GcpUserAccessBinding resources.
-        :param pulumi.Input[builtins.str] access_levels: Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        :param pulumi.Input[builtins.str] access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
         :param pulumi.Input[builtins.str] group_key: Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
         :param pulumi.Input[builtins.str] name: Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
         :param pulumi.Input[builtins.str] organization_id: Required. ID of the parent organization.
                
                
                - - -
+        :param pulumi.Input['GcpUserAccessBindingSessionSettingsArgs'] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
+               Structure is documented below.
         """
         if access_levels is not None:
             pulumi.set(__self__, "access_levels", access_levels)
@@ -101,12 +125,14 @@ class _GcpUserAccessBindingState:
             pulumi.set(__self__, "name", name)
         if organization_id is not None:
             pulumi.set(__self__, "organization_id", organization_id)
+        if session_settings is not None:
+            pulumi.set(__self__, "session_settings", session_settings)
 
     @property
     @pulumi.getter(name="accessLevels")
     def access_levels(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
         """
         return pulumi.get(self, "access_levels")
 
@@ -153,6 +179,19 @@ class _GcpUserAccessBindingState:
     def organization_id(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "organization_id", value)
 
+    @property
+    @pulumi.getter(name="sessionSettings")
+    def session_settings(self) -> Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']]:
+        """
+        Optional. The Google Cloud session length (GCSL) policy for the group key.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "session_settings")
+
+    @session_settings.setter
+    def session_settings(self, value: Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']]):
+        pulumi.set(self, "session_settings", value)
+
 
 class GcpUserAccessBinding(pulumi.CustomResource):
     @overload
@@ -162,6 +201,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                  access_levels: Optional[pulumi.Input[builtins.str]] = None,
                  group_key: Optional[pulumi.Input[builtins.str]] = None,
                  organization_id: Optional[pulumi.Input[builtins.str]] = None,
+                 session_settings: Optional[pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']]] = None,
                  __props__=None):
         """
         Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
@@ -227,12 +267,14 @@ class GcpUserAccessBinding(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] access_levels: Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        :param pulumi.Input[builtins.str] access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
         :param pulumi.Input[builtins.str] group_key: Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
         :param pulumi.Input[builtins.str] organization_id: Required. ID of the parent organization.
                
                
                - - -
+        :param pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
+               Structure is documented below.
         """
         ...
     @overload
@@ -320,6 +362,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                  access_levels: Optional[pulumi.Input[builtins.str]] = None,
                  group_key: Optional[pulumi.Input[builtins.str]] = None,
                  organization_id: Optional[pulumi.Input[builtins.str]] = None,
+                 session_settings: Optional[pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -329,8 +372,6 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                 raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
             __props__ = GcpUserAccessBindingArgs.__new__(GcpUserAccessBindingArgs)
 
-            if access_levels is None and not opts.urn:
-                raise TypeError("Missing required property 'access_levels'")
             __props__.__dict__["access_levels"] = access_levels
             if group_key is None and not opts.urn:
                 raise TypeError("Missing required property 'group_key'")
@@ -338,6 +379,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
             if organization_id is None and not opts.urn:
                 raise TypeError("Missing required property 'organization_id'")
             __props__.__dict__["organization_id"] = organization_id
+            __props__.__dict__["session_settings"] = session_settings
             __props__.__dict__["name"] = None
         super(GcpUserAccessBinding, __self__).__init__(
             'gcp:accesscontextmanager/gcpUserAccessBinding:GcpUserAccessBinding',
@@ -352,7 +394,8 @@ class GcpUserAccessBinding(pulumi.CustomResource):
             access_levels: Optional[pulumi.Input[builtins.str]] = None,
             group_key: Optional[pulumi.Input[builtins.str]] = None,
             name: Optional[pulumi.Input[builtins.str]] = None,
-            organization_id: Optional[pulumi.Input[builtins.str]] = None) -> 'GcpUserAccessBinding':
+            organization_id: Optional[pulumi.Input[builtins.str]] = None,
+            session_settings: Optional[pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']]] = None) -> 'GcpUserAccessBinding':
         """
         Get an existing GcpUserAccessBinding resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -360,13 +403,15 @@ class GcpUserAccessBinding(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] access_levels: Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        :param pulumi.Input[builtins.str] access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
         :param pulumi.Input[builtins.str] group_key: Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
         :param pulumi.Input[builtins.str] name: Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
         :param pulumi.Input[builtins.str] organization_id: Required. ID of the parent organization.
                
                
                - - -
+        :param pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
+               Structure is documented below.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -376,13 +421,14 @@ class GcpUserAccessBinding(pulumi.CustomResource):
         __props__.__dict__["group_key"] = group_key
         __props__.__dict__["name"] = name
         __props__.__dict__["organization_id"] = organization_id
+        __props__.__dict__["session_settings"] = session_settings
         return GcpUserAccessBinding(resource_name, opts=opts, __props__=__props__)
 
     @property
     @pulumi.getter(name="accessLevels")
-    def access_levels(self) -> pulumi.Output[builtins.str]:
+    def access_levels(self) -> pulumi.Output[Optional[builtins.str]]:
         """
-        Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
         """
         return pulumi.get(self, "access_levels")
 
@@ -413,3 +459,12 @@ class GcpUserAccessBinding(pulumi.CustomResource):
         """
         return pulumi.get(self, "organization_id")
 
+    @property
+    @pulumi.getter(name="sessionSettings")
+    def session_settings(self) -> pulumi.Output[Optional['outputs.GcpUserAccessBindingSessionSettings']]:
+        """
+        Optional. The Google Cloud session length (GCSL) policy for the group key.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "session_settings")
+

pulumi_gcp/accesscontextmanager/outputs.py

@@ -40,6 +40,7 @@ __all__ = [
     'AccessLevelsAccessLevelCustomExpr',
     'AccessPolicyIamBindingCondition',
     'AccessPolicyIamMemberCondition',
+    'GcpUserAccessBindingSessionSettings',
     'ServicePerimeterDryRunEgressPolicyEgressFrom',
     'ServicePerimeterDryRunEgressPolicyEgressFromSource',
     'ServicePerimeterDryRunEgressPolicyEgressTo',
@@ -1656,6 +1657,100 @@ class AccessPolicyIamMemberCondition(dict):
         return pulumi.get(self, "description")
 
 
+@pulumi.output_type
+class GcpUserAccessBindingSessionSettings(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "maxInactivity":
+            suggest = "max_inactivity"
+        elif key == "sessionLength":
+            suggest = "session_length"
+        elif key == "sessionLengthEnabled":
+            suggest = "session_length_enabled"
+        elif key == "sessionReauthMethod":
+            suggest = "session_reauth_method"
+        elif key == "useOidcMaxAge":
+            suggest = "use_oidc_max_age"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingSessionSettings. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingSessionSettings.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingSessionSettings.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 max_inactivity: Optional[builtins.str] = None,
+                 session_length: Optional[builtins.str] = None,
+                 session_length_enabled: Optional[builtins.bool] = None,
+                 session_reauth_method: Optional[builtins.str] = None,
+                 use_oidc_max_age: Optional[builtins.bool] = None):
+        """
+        :param builtins.str max_inactivity: Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        :param builtins.str session_length: Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        :param builtins.bool session_length_enabled: Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        :param builtins.str session_reauth_method: Optional. The session challenges proposed to users when the Google Cloud session length is up.
+               Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        :param builtins.bool use_oidc_max_age: Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+        if max_inactivity is not None:
+            pulumi.set(__self__, "max_inactivity", max_inactivity)
+        if session_length is not None:
+            pulumi.set(__self__, "session_length", session_length)
+        if session_length_enabled is not None:
+            pulumi.set(__self__, "session_length_enabled", session_length_enabled)
+        if session_reauth_method is not None:
+            pulumi.set(__self__, "session_reauth_method", session_reauth_method)
+        if use_oidc_max_age is not None:
+            pulumi.set(__self__, "use_oidc_max_age", use_oidc_max_age)
+
+    @property
+    @pulumi.getter(name="maxInactivity")
+    def max_inactivity(self) -> Optional[builtins.str]:
+        """
+        Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        """
+        return pulumi.get(self, "max_inactivity")
+
+    @property
+    @pulumi.getter(name="sessionLength")
+    def session_length(self) -> Optional[builtins.str]:
+        """
+        Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        """
+        return pulumi.get(self, "session_length")
+
+    @property
+    @pulumi.getter(name="sessionLengthEnabled")
+    def session_length_enabled(self) -> Optional[builtins.bool]:
+        """
+        Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        """
+        return pulumi.get(self, "session_length_enabled")
+
+    @property
+    @pulumi.getter(name="sessionReauthMethod")
+    def session_reauth_method(self) -> Optional[builtins.str]:
+        """
+        Optional. The session challenges proposed to users when the Google Cloud session length is up.
+        Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        """
+        return pulumi.get(self, "session_reauth_method")
+
+    @property
+    @pulumi.getter(name="useOidcMaxAge")
+    def use_oidc_max_age(self) -> Optional[builtins.bool]:
+        """
+        Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+        return pulumi.get(self, "use_oidc_max_age")
+
+
 @pulumi.output_type
 class ServicePerimeterDryRunEgressPolicyEgressFrom(dict):
     @staticmethod

pulumi_gcp/apigee/__init__.py

@@ -9,6 +9,7 @@ import typing
 from .addons_config import *
 from .api import *
 from .app_group import *
+from .control_plane_access import *
 from .developer import *
 from .dns_zone import *
 from .endpoint_attachment import *