pulumi-gcp 8.27.0a1744872023__py3-none-any.whl → 8.27.0a1744903336__py3-none-any.whl

pulumi_gcp/compute/outputs.py

@@ -103,6 +103,9 @@ __all__ = [
     'ImageShieldedInstanceInitialStateDbx',
     'ImageShieldedInstanceInitialStateKek',
     'ImageShieldedInstanceInitialStatePk',
+    'ImageSourceDiskEncryptionKey',
+    'ImageSourceImageEncryptionKey',
+    'ImageSourceSnapshotEncryptionKey',
     'InstanceAdvancedMachineFeatures',
     'InstanceAttachedDisk',
     'InstanceBootDisk',
@@ -8022,6 +8025,306 @@ class ImageShieldedInstanceInitialStatePk(dict):
         return pulumi.get(self, "file_type")
 
 
+@pulumi.output_type
+class ImageSourceDiskEncryptionKey(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "kmsKeySelfLink":
+            suggest = "kms_key_self_link"
+        elif key == "kmsKeyServiceAccount":
+            suggest = "kms_key_service_account"
+        elif key == "rawKey":
+            suggest = "raw_key"
+        elif key == "rsaEncryptedKey":
+            suggest = "rsa_encrypted_key"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in ImageSourceDiskEncryptionKey. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        ImageSourceDiskEncryptionKey.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        ImageSourceDiskEncryptionKey.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 kms_key_self_link: Optional[builtins.str] = None,
+                 kms_key_service_account: Optional[builtins.str] = None,
+                 raw_key: Optional[builtins.str] = None,
+                 rsa_encrypted_key: Optional[builtins.str] = None):
+        """
+        :param builtins.str kms_key_self_link: The self link of the encryption key used to decrypt this resource. Also called KmsKeyName
+               in the cloud console. Your project's Compute Engine System service account
+               (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
+               `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
+               See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+        :param builtins.str kms_key_service_account: The service account being used for the encryption request for the
+               given KMS key. If absent, the Compute Engine default service
+               account is used.
+        :param builtins.str raw_key: Specifies a 256-bit customer-supplied encryption key, encoded in
+               RFC 4648 base64 to either encrypt or decrypt this resource.
+               **Note**: This property is sensitive and will not be displayed in the plan.
+        :param builtins.str rsa_encrypted_key: Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+               customer-supplied encryption key to either encrypt or decrypt
+               this resource. You can provide either the rawKey or the rsaEncryptedKey.
+               **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        if kms_key_self_link is not None:
+            pulumi.set(__self__, "kms_key_self_link", kms_key_self_link)
+        if kms_key_service_account is not None:
+            pulumi.set(__self__, "kms_key_service_account", kms_key_service_account)
+        if raw_key is not None:
+            pulumi.set(__self__, "raw_key", raw_key)
+        if rsa_encrypted_key is not None:
+            pulumi.set(__self__, "rsa_encrypted_key", rsa_encrypted_key)
+
+    @property
+    @pulumi.getter(name="kmsKeySelfLink")
+    def kms_key_self_link(self) -> Optional[builtins.str]:
+        """
+        The self link of the encryption key used to decrypt this resource. Also called KmsKeyName
+        in the cloud console. Your project's Compute Engine System service account
+        (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
+        `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
+        See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+        """
+        return pulumi.get(self, "kms_key_self_link")
+
+    @property
+    @pulumi.getter(name="kmsKeyServiceAccount")
+    def kms_key_service_account(self) -> Optional[builtins.str]:
+        """
+        The service account being used for the encryption request for the
+        given KMS key. If absent, the Compute Engine default service
+        account is used.
+        """
+        return pulumi.get(self, "kms_key_service_account")
+
+    @property
+    @pulumi.getter(name="rawKey")
+    def raw_key(self) -> Optional[builtins.str]:
+        """
+        Specifies a 256-bit customer-supplied encryption key, encoded in
+        RFC 4648 base64 to either encrypt or decrypt this resource.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "raw_key")
+
+    @property
+    @pulumi.getter(name="rsaEncryptedKey")
+    def rsa_encrypted_key(self) -> Optional[builtins.str]:
+        """
+        Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+        customer-supplied encryption key to either encrypt or decrypt
+        this resource. You can provide either the rawKey or the rsaEncryptedKey.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "rsa_encrypted_key")
+
+
+@pulumi.output_type
+class ImageSourceImageEncryptionKey(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "kmsKeySelfLink":
+            suggest = "kms_key_self_link"
+        elif key == "kmsKeyServiceAccount":
+            suggest = "kms_key_service_account"
+        elif key == "rawKey":
+            suggest = "raw_key"
+        elif key == "rsaEncryptedKey":
+            suggest = "rsa_encrypted_key"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in ImageSourceImageEncryptionKey. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        ImageSourceImageEncryptionKey.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        ImageSourceImageEncryptionKey.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 kms_key_self_link: Optional[builtins.str] = None,
+                 kms_key_service_account: Optional[builtins.str] = None,
+                 raw_key: Optional[builtins.str] = None,
+                 rsa_encrypted_key: Optional[builtins.str] = None):
+        """
+        :param builtins.str kms_key_self_link: The self link of the encryption key used to decrypt this resource. Also called KmsKeyName
+               in the cloud console. Your project's Compute Engine System service account
+               (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
+               `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
+               See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+        :param builtins.str kms_key_service_account: The service account being used for the encryption request for the
+               given KMS key. If absent, the Compute Engine default service
+               account is used.
+        :param builtins.str raw_key: Specifies a 256-bit customer-supplied encryption key, encoded in
+               RFC 4648 base64 to either encrypt or decrypt this resource.
+               **Note**: This property is sensitive and will not be displayed in the plan.
+        :param builtins.str rsa_encrypted_key: Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+               customer-supplied encryption key to either encrypt or decrypt
+               this resource. You can provide either the rawKey or the rsaEncryptedKey.
+               **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        if kms_key_self_link is not None:
+            pulumi.set(__self__, "kms_key_self_link", kms_key_self_link)
+        if kms_key_service_account is not None:
+            pulumi.set(__self__, "kms_key_service_account", kms_key_service_account)
+        if raw_key is not None:
+            pulumi.set(__self__, "raw_key", raw_key)
+        if rsa_encrypted_key is not None:
+            pulumi.set(__self__, "rsa_encrypted_key", rsa_encrypted_key)
+
+    @property
+    @pulumi.getter(name="kmsKeySelfLink")
+    def kms_key_self_link(self) -> Optional[builtins.str]:
+        """
+        The self link of the encryption key used to decrypt this resource. Also called KmsKeyName
+        in the cloud console. Your project's Compute Engine System service account
+        (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
+        `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
+        See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+        """
+        return pulumi.get(self, "kms_key_self_link")
+
+    @property
+    @pulumi.getter(name="kmsKeyServiceAccount")
+    def kms_key_service_account(self) -> Optional[builtins.str]:
+        """
+        The service account being used for the encryption request for the
+        given KMS key. If absent, the Compute Engine default service
+        account is used.
+        """
+        return pulumi.get(self, "kms_key_service_account")
+
+    @property
+    @pulumi.getter(name="rawKey")
+    def raw_key(self) -> Optional[builtins.str]:
+        """
+        Specifies a 256-bit customer-supplied encryption key, encoded in
+        RFC 4648 base64 to either encrypt or decrypt this resource.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "raw_key")
+
+    @property
+    @pulumi.getter(name="rsaEncryptedKey")
+    def rsa_encrypted_key(self) -> Optional[builtins.str]:
+        """
+        Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+        customer-supplied encryption key to either encrypt or decrypt
+        this resource. You can provide either the rawKey or the rsaEncryptedKey.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "rsa_encrypted_key")
+
+
+@pulumi.output_type
+class ImageSourceSnapshotEncryptionKey(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "kmsKeySelfLink":
+            suggest = "kms_key_self_link"
+        elif key == "kmsKeyServiceAccount":
+            suggest = "kms_key_service_account"
+        elif key == "rawKey":
+            suggest = "raw_key"
+        elif key == "rsaEncryptedKey":
+            suggest = "rsa_encrypted_key"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in ImageSourceSnapshotEncryptionKey. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        ImageSourceSnapshotEncryptionKey.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        ImageSourceSnapshotEncryptionKey.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 kms_key_self_link: Optional[builtins.str] = None,
+                 kms_key_service_account: Optional[builtins.str] = None,
+                 raw_key: Optional[builtins.str] = None,
+                 rsa_encrypted_key: Optional[builtins.str] = None):
+        """
+        :param builtins.str kms_key_self_link: The self link of the encryption key used to decrypt this resource. Also called KmsKeyName
+               in the cloud console. Your project's Compute Engine System service account
+               (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
+               `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
+               See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+        :param builtins.str kms_key_service_account: The service account being used for the encryption request for the
+               given KMS key. If absent, the Compute Engine default service
+               account is used.
+        :param builtins.str raw_key: Specifies a 256-bit customer-supplied encryption key, encoded in
+               RFC 4648 base64 to either encrypt or decrypt this resource.
+               **Note**: This property is sensitive and will not be displayed in the plan.
+        :param builtins.str rsa_encrypted_key: Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+               customer-supplied encryption key to either encrypt or decrypt
+               this resource. You can provide either the rawKey or the rsaEncryptedKey.
+               **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        if kms_key_self_link is not None:
+            pulumi.set(__self__, "kms_key_self_link", kms_key_self_link)
+        if kms_key_service_account is not None:
+            pulumi.set(__self__, "kms_key_service_account", kms_key_service_account)
+        if raw_key is not None:
+            pulumi.set(__self__, "raw_key", raw_key)
+        if rsa_encrypted_key is not None:
+            pulumi.set(__self__, "rsa_encrypted_key", rsa_encrypted_key)
+
+    @property
+    @pulumi.getter(name="kmsKeySelfLink")
+    def kms_key_self_link(self) -> Optional[builtins.str]:
+        """
+        The self link of the encryption key used to decrypt this resource. Also called KmsKeyName
+        in the cloud console. Your project's Compute Engine System service account
+        (`service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com`) must have
+        `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature.
+        See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys
+        """
+        return pulumi.get(self, "kms_key_self_link")
+
+    @property
+    @pulumi.getter(name="kmsKeyServiceAccount")
+    def kms_key_service_account(self) -> Optional[builtins.str]:
+        """
+        The service account being used for the encryption request for the
+        given KMS key. If absent, the Compute Engine default service
+        account is used.
+        """
+        return pulumi.get(self, "kms_key_service_account")
+
+    @property
+    @pulumi.getter(name="rawKey")
+    def raw_key(self) -> Optional[builtins.str]:
+        """
+        Specifies a 256-bit customer-supplied encryption key, encoded in
+        RFC 4648 base64 to either encrypt or decrypt this resource.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "raw_key")
+
+    @property
+    @pulumi.getter(name="rsaEncryptedKey")
+    def rsa_encrypted_key(self) -> Optional[builtins.str]:
+        """
+        Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit
+        customer-supplied encryption key to either encrypt or decrypt
+        this resource. You can provide either the rawKey or the rsaEncryptedKey.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "rsa_encrypted_key")
+
+
 @pulumi.output_type
 class InstanceAdvancedMachineFeatures(dict):
     @staticmethod
@@ -44880,10 +45183,14 @@ class SnapshotSourceDiskEncryptionKey(dict):
     @staticmethod
     def __key_warning(key: str):
         suggest = None
-        if key == "kmsKeyServiceAccount":
+        if key == "kmsKeySelfLink":
+            suggest = "kms_key_self_link"
+        elif key == "kmsKeyServiceAccount":
             suggest = "kms_key_service_account"
         elif key == "rawKey":
             suggest = "raw_key"
+        elif key == "rsaEncryptedKey":
+            suggest = "rsa_encrypted_key"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in SnapshotSourceDiskEncryptionKey. Access the value via the '{suggest}' property getter instead.")
@@ -44897,19 +45204,37 @@ class SnapshotSourceDiskEncryptionKey(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
+                 kms_key_self_link: Optional[builtins.str] = None,
                  kms_key_service_account: Optional[builtins.str] = None,
-                 raw_key: Optional[builtins.str] = None):
+                 raw_key: Optional[builtins.str] = None,
+                 rsa_encrypted_key: Optional[builtins.str] = None):
         """
+        :param builtins.str kms_key_self_link: The name of the encryption key that is stored in Google Cloud KMS.
         :param builtins.str kms_key_service_account: The service account used for the encryption request for the given KMS key.
                If absent, the Compute Engine Service Agent service account is used.
         :param builtins.str raw_key: Specifies a 256-bit customer-supplied encryption key, encoded in
                RFC 4648 base64 to either encrypt or decrypt this resource.
                **Note**: This property is sensitive and will not be displayed in the plan.
+        :param builtins.str rsa_encrypted_key: Specifies an encryption key stored in Google Cloud KMS, encoded in
+               RFC 4648 base64 to either encrypt or decrypt this resource.
+               **Note**: This property is sensitive and will not be displayed in the plan.
         """
+        if kms_key_self_link is not None:
+            pulumi.set(__self__, "kms_key_self_link", kms_key_self_link)
         if kms_key_service_account is not None:
             pulumi.set(__self__, "kms_key_service_account", kms_key_service_account)
         if raw_key is not None:
             pulumi.set(__self__, "raw_key", raw_key)
+        if rsa_encrypted_key is not None:
+            pulumi.set(__self__, "rsa_encrypted_key", rsa_encrypted_key)
+
+    @property
+    @pulumi.getter(name="kmsKeySelfLink")
+    def kms_key_self_link(self) -> Optional[builtins.str]:
+        """
+        The name of the encryption key that is stored in Google Cloud KMS.
+        """
+        return pulumi.get(self, "kms_key_self_link")
 
     @property
     @pulumi.getter(name="kmsKeyServiceAccount")
@@ -44930,6 +45255,16 @@ class SnapshotSourceDiskEncryptionKey(dict):
         """
         return pulumi.get(self, "raw_key")
 
+    @property
+    @pulumi.getter(name="rsaEncryptedKey")
+    def rsa_encrypted_key(self) -> Optional[builtins.str]:
+        """
+        Specifies an encryption key stored in Google Cloud KMS, encoded in
+        RFC 4648 base64 to either encrypt or decrypt this resource.
+        **Note**: This property is sensitive and will not be displayed in the plan.
+        """
+        return pulumi.get(self, "rsa_encrypted_key")
+
 
 @pulumi.output_type
 class SubnetworkIAMBindingCondition(dict):
@@ -67945,16 +68280,31 @@ class GetSnapshotSnapshotEncryptionKeyResult(dict):
 @pulumi.output_type
 class GetSnapshotSourceDiskEncryptionKeyResult(dict):
     def __init__(__self__, *,
+                 kms_key_self_link: builtins.str,
                  kms_key_service_account: builtins.str,
-                 raw_key: builtins.str):
+                 raw_key: builtins.str,
+                 rsa_encrypted_key: builtins.str):
         """
+        :param builtins.str kms_key_self_link: The name of the encryption key that is stored in Google Cloud KMS.
         :param builtins.str kms_key_service_account: The service account used for the encryption request for the given KMS key.
                If absent, the Compute Engine Service Agent service account is used.
         :param builtins.str raw_key: Specifies a 256-bit customer-supplied encryption key, encoded in
                RFC 4648 base64 to either encrypt or decrypt this resource.
+        :param builtins.str rsa_encrypted_key: Specifies an encryption key stored in Google Cloud KMS, encoded in
+               RFC 4648 base64 to either encrypt or decrypt this resource.
         """
+        pulumi.set(__self__, "kms_key_self_link", kms_key_self_link)
         pulumi.set(__self__, "kms_key_service_account", kms_key_service_account)
         pulumi.set(__self__, "raw_key", raw_key)
+        pulumi.set(__self__, "rsa_encrypted_key", rsa_encrypted_key)
+
+    @property
+    @pulumi.getter(name="kmsKeySelfLink")
+    def kms_key_self_link(self) -> builtins.str:
+        """
+        The name of the encryption key that is stored in Google Cloud KMS.
+        """
+        return pulumi.get(self, "kms_key_self_link")
 
     @property
     @pulumi.getter(name="kmsKeyServiceAccount")
@@ -67974,6 +68324,15 @@ class GetSnapshotSourceDiskEncryptionKeyResult(dict):
         """
         return pulumi.get(self, "raw_key")
 
+    @property
+    @pulumi.getter(name="rsaEncryptedKey")
+    def rsa_encrypted_key(self) -> builtins.str:
+        """
+        Specifies an encryption key stored in Google Cloud KMS, encoded in
+        RFC 4648 base64 to either encrypt or decrypt this resource.
+        """
+        return pulumi.get(self, "rsa_encrypted_key")
+
 
 @pulumi.output_type
 class GetSubnetworkSecondaryIpRangeResult(dict):

pulumi_gcp/compute/region_backend_service.py

@@ -1536,6 +1536,9 @@ class RegionBackendService(pulumi.CustomResource):
         A Region Backend Service defines a regionally-scoped group of virtual
         machines that will serve traffic for load balancing.
 
+        > **Note:** Recreating a `compute.RegionBackendService` that references other dependent resources like `compute.InstanceGroup` will give a `resourceInUseByAnotherResource` error, when decreasing the number of other dependent resources.
+        Use `lifecycle.create_before_destroy` on the dependent resources to avoid this type of error as shown in the Dynamic Backend Count example.
+
         To get more information about RegionBackendService, see:
 
         * [API documentation](https://cloud.google.com/compute/docs/reference/latest/regionBackendServices)
@@ -1882,7 +1885,6 @@ class RegionBackendService(pulumi.CustomResource):
                 ],
             }])
         ```
-
         ## Import
 
         RegionBackendService can be imported using any of these accepted formats:
@@ -2072,6 +2074,9 @@ class RegionBackendService(pulumi.CustomResource):
         A Region Backend Service defines a regionally-scoped group of virtual
         machines that will serve traffic for load balancing.
 
+        > **Note:** Recreating a `compute.RegionBackendService` that references other dependent resources like `compute.InstanceGroup` will give a `resourceInUseByAnotherResource` error, when decreasing the number of other dependent resources.
+        Use `lifecycle.create_before_destroy` on the dependent resources to avoid this type of error as shown in the Dynamic Backend Count example.
+
         To get more information about RegionBackendService, see:
 
         * [API documentation](https://cloud.google.com/compute/docs/reference/latest/regionBackendServices)
@@ -2418,7 +2423,6 @@ class RegionBackendService(pulumi.CustomResource):
                 ],
             }])
         ```
-
         ## Import
 
         RegionBackendService can be imported using any of these accepted formats:

pulumi_gcp/compute/snapshot.py

@@ -668,6 +668,9 @@ class Snapshot(pulumi.CustomResource):
         * How-to Guides
             * [Official Documentation](https://cloud.google.com/compute/docs/disks/create-snapshots)
 
+        > **Warning:** All arguments including the following potentially sensitive
+        values will be stored in the raw state as plain text: `snapshot_encryption_key.raw_key`, `snapshot_encryption_key.rsa_encrypted_key`, `source_disk_encryption_key.raw_key`, `source_disk_encryption_key.rsa_encrypted_key`.
+
         ## Example Usage
 
         ### Snapshot Basic
@@ -811,6 +814,9 @@ class Snapshot(pulumi.CustomResource):
         * How-to Guides
             * [Official Documentation](https://cloud.google.com/compute/docs/disks/create-snapshots)
 
+        > **Warning:** All arguments including the following potentially sensitive
+        values will be stored in the raw state as plain text: `snapshot_encryption_key.raw_key`, `snapshot_encryption_key.rsa_encrypted_key`, `source_disk_encryption_key.raw_key`, `source_disk_encryption_key.rsa_encrypted_key`.
+
         ## Example Usage
 
         ### Snapshot Basic

pulumi_gcp/databasemigrationservice/_inputs.py

@@ -1370,9 +1370,9 @@ class ConnectionProfileMysqlArgs:
 
 if not MYPY:
     class ConnectionProfileMysqlSslArgsDict(TypedDict):
-        ca_certificate: pulumi.Input[builtins.str]
+        ca_certificate: NotRequired[pulumi.Input[builtins.str]]
         """
-        Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
         The replica will use this certificate to verify it's connecting to the right host.
         **Note**: This property is sensitive and will not be displayed in the plan.
         """
@@ -1399,12 +1399,12 @@ elif False:
 @pulumi.input_type
 class ConnectionProfileMysqlSslArgs:
     def __init__(__self__, *,
-                 ca_certificate: pulumi.Input[builtins.str],
+                 ca_certificate: Optional[pulumi.Input[builtins.str]] = None,
                  client_certificate: Optional[pulumi.Input[builtins.str]] = None,
                  client_key: Optional[pulumi.Input[builtins.str]] = None,
                  type: Optional[pulumi.Input[builtins.str]] = None):
         """
-        :param pulumi.Input[builtins.str] ca_certificate: Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        :param pulumi.Input[builtins.str] ca_certificate: Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
                The replica will use this certificate to verify it's connecting to the right host.
                **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[builtins.str] client_certificate: Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.
@@ -1416,7 +1416,8 @@ class ConnectionProfileMysqlSslArgs:
         :param pulumi.Input[builtins.str] type: (Output)
                The current connection profile state.
         """
-        pulumi.set(__self__, "ca_certificate", ca_certificate)
+        if ca_certificate is not None:
+            pulumi.set(__self__, "ca_certificate", ca_certificate)
         if client_certificate is not None:
             pulumi.set(__self__, "client_certificate", client_certificate)
         if client_key is not None:
@@ -1426,16 +1427,16 @@ class ConnectionProfileMysqlSslArgs:
 
     @property
     @pulumi.getter(name="caCertificate")
-    def ca_certificate(self) -> pulumi.Input[builtins.str]:
+    def ca_certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
         The replica will use this certificate to verify it's connecting to the right host.
         **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "ca_certificate")
 
     @ca_certificate.setter
-    def ca_certificate(self, value: pulumi.Input[builtins.str]):
+    def ca_certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "ca_certificate", value)
 
     @property
@@ -1856,9 +1857,9 @@ class ConnectionProfileOraclePrivateConnectivityArgs:
 
 if not MYPY:
     class ConnectionProfileOracleSslArgsDict(TypedDict):
-        ca_certificate: pulumi.Input[builtins.str]
+        ca_certificate: NotRequired[pulumi.Input[builtins.str]]
         """
-        Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
         The replica will use this certificate to verify it's connecting to the right host.
         **Note**: This property is sensitive and will not be displayed in the plan.
         """
@@ -1885,12 +1886,12 @@ elif False:
 @pulumi.input_type
 class ConnectionProfileOracleSslArgs:
     def __init__(__self__, *,
-                 ca_certificate: pulumi.Input[builtins.str],
+                 ca_certificate: Optional[pulumi.Input[builtins.str]] = None,
                  client_certificate: Optional[pulumi.Input[builtins.str]] = None,
                  client_key: Optional[pulumi.Input[builtins.str]] = None,
                  type: Optional[pulumi.Input[builtins.str]] = None):
         """
-        :param pulumi.Input[builtins.str] ca_certificate: Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        :param pulumi.Input[builtins.str] ca_certificate: Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
                The replica will use this certificate to verify it's connecting to the right host.
                **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[builtins.str] client_certificate: Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.
@@ -1902,7 +1903,8 @@ class ConnectionProfileOracleSslArgs:
         :param pulumi.Input[builtins.str] type: (Output)
                The current connection profile state.
         """
-        pulumi.set(__self__, "ca_certificate", ca_certificate)
+        if ca_certificate is not None:
+            pulumi.set(__self__, "ca_certificate", ca_certificate)
         if client_certificate is not None:
             pulumi.set(__self__, "client_certificate", client_certificate)
         if client_key is not None:
@@ -1912,16 +1914,16 @@ class ConnectionProfileOracleSslArgs:
 
     @property
     @pulumi.getter(name="caCertificate")
-    def ca_certificate(self) -> pulumi.Input[builtins.str]:
+    def ca_certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
         The replica will use this certificate to verify it's connecting to the right host.
         **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "ca_certificate")
 
     @ca_certificate.setter
-    def ca_certificate(self, value: pulumi.Input[builtins.str]):
+    def ca_certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "ca_certificate", value)
 
     @property
@@ -2187,9 +2189,9 @@ class ConnectionProfilePostgresqlArgs:
 
 if not MYPY:
     class ConnectionProfilePostgresqlSslArgsDict(TypedDict):
-        ca_certificate: pulumi.Input[builtins.str]
+        ca_certificate: NotRequired[pulumi.Input[builtins.str]]
         """
-        Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
         The replica will use this certificate to verify it's connecting to the right host.
         **Note**: This property is sensitive and will not be displayed in the plan.
         """
@@ -2216,12 +2218,12 @@ elif False:
 @pulumi.input_type
 class ConnectionProfilePostgresqlSslArgs:
     def __init__(__self__, *,
-                 ca_certificate: pulumi.Input[builtins.str],
+                 ca_certificate: Optional[pulumi.Input[builtins.str]] = None,
                  client_certificate: Optional[pulumi.Input[builtins.str]] = None,
                  client_key: Optional[pulumi.Input[builtins.str]] = None,
                  type: Optional[pulumi.Input[builtins.str]] = None):
         """
-        :param pulumi.Input[builtins.str] ca_certificate: Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        :param pulumi.Input[builtins.str] ca_certificate: Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
                The replica will use this certificate to verify it's connecting to the right host.
                **Note**: This property is sensitive and will not be displayed in the plan.
         :param pulumi.Input[builtins.str] client_certificate: Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.
@@ -2233,7 +2235,8 @@ class ConnectionProfilePostgresqlSslArgs:
         :param pulumi.Input[builtins.str] type: (Output)
                The current connection profile state.
         """
-        pulumi.set(__self__, "ca_certificate", ca_certificate)
+        if ca_certificate is not None:
+            pulumi.set(__self__, "ca_certificate", ca_certificate)
         if client_certificate is not None:
             pulumi.set(__self__, "client_certificate", client_certificate)
         if client_key is not None:
@@ -2243,16 +2246,16 @@ class ConnectionProfilePostgresqlSslArgs:
 
     @property
     @pulumi.getter(name="caCertificate")
-    def ca_certificate(self) -> pulumi.Input[builtins.str]:
+    def ca_certificate(self) -> Optional[pulumi.Input[builtins.str]]:
         """
-        Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
+        Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
         The replica will use this certificate to verify it's connecting to the right host.
         **Note**: This property is sensitive and will not be displayed in the plan.
         """
         return pulumi.get(self, "ca_certificate")
 
     @ca_certificate.setter
-    def ca_certificate(self, value: pulumi.Input[builtins.str]):
+    def ca_certificate(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "ca_certificate", value)
 
     @property