pulumi-gcp 8.28.0a1745598508__py3-none-any.whl → 8.29.0a1746076904__py3-none-any.whl

pulumi_gcp/accesscontextmanager/gcp_user_access_binding.py

@@ -25,6 +25,7 @@ class GcpUserAccessBindingArgs:
                  group_key: pulumi.Input[builtins.str],
                  organization_id: pulumi.Input[builtins.str],
                  access_levels: Optional[pulumi.Input[builtins.str]] = None,
+                 scoped_access_settings: Optional[pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]]] = None,
                  session_settings: Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']] = None):
         """
         The set of arguments for constructing a GcpUserAccessBinding resource.
@@ -34,6 +35,8 @@ class GcpUserAccessBindingArgs:
                
                - - -
         :param pulumi.Input[builtins.str] access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        :param pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]] scoped_access_settings: Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+               Structure is documented below.
         :param pulumi.Input['GcpUserAccessBindingSessionSettingsArgs'] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
                Structure is documented below.
         """
@@ -41,6 +44,8 @@ class GcpUserAccessBindingArgs:
         pulumi.set(__self__, "organization_id", organization_id)
         if access_levels is not None:
             pulumi.set(__self__, "access_levels", access_levels)
+        if scoped_access_settings is not None:
+            pulumi.set(__self__, "scoped_access_settings", scoped_access_settings)
         if session_settings is not None:
             pulumi.set(__self__, "session_settings", session_settings)
 
@@ -83,6 +88,19 @@ class GcpUserAccessBindingArgs:
     def access_levels(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "access_levels", value)
 
+    @property
+    @pulumi.getter(name="scopedAccessSettings")
+    def scoped_access_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]]]:
+        """
+        Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "scoped_access_settings")
+
+    @scoped_access_settings.setter
+    def scoped_access_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]]]):
+        pulumi.set(self, "scoped_access_settings", value)
+
     @property
     @pulumi.getter(name="sessionSettings")
     def session_settings(self) -> Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']]:
@@ -104,6 +122,7 @@ class _GcpUserAccessBindingState:
                  group_key: Optional[pulumi.Input[builtins.str]] = None,
                  name: Optional[pulumi.Input[builtins.str]] = None,
                  organization_id: Optional[pulumi.Input[builtins.str]] = None,
+                 scoped_access_settings: Optional[pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]]] = None,
                  session_settings: Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']] = None):
         """
         Input properties used for looking up and filtering GcpUserAccessBinding resources.
@@ -114,6 +133,8 @@ class _GcpUserAccessBindingState:
                
                
                - - -
+        :param pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]] scoped_access_settings: Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+               Structure is documented below.
         :param pulumi.Input['GcpUserAccessBindingSessionSettingsArgs'] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
                Structure is documented below.
         """
@@ -125,6 +146,8 @@ class _GcpUserAccessBindingState:
             pulumi.set(__self__, "name", name)
         if organization_id is not None:
             pulumi.set(__self__, "organization_id", organization_id)
+        if scoped_access_settings is not None:
+            pulumi.set(__self__, "scoped_access_settings", scoped_access_settings)
         if session_settings is not None:
             pulumi.set(__self__, "session_settings", session_settings)
 
@@ -179,6 +202,19 @@ class _GcpUserAccessBindingState:
     def organization_id(self, value: Optional[pulumi.Input[builtins.str]]):
         pulumi.set(self, "organization_id", value)
 
+    @property
+    @pulumi.getter(name="scopedAccessSettings")
+    def scoped_access_settings(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]]]:
+        """
+        Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "scoped_access_settings")
+
+    @scoped_access_settings.setter
+    def scoped_access_settings(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['GcpUserAccessBindingScopedAccessSettingArgs']]]]):
+        pulumi.set(self, "scoped_access_settings", value)
+
     @property
     @pulumi.getter(name="sessionSettings")
     def session_settings(self) -> Optional[pulumi.Input['GcpUserAccessBindingSessionSettingsArgs']]:
@@ -201,6 +237,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                  access_levels: Optional[pulumi.Input[builtins.str]] = None,
                  group_key: Optional[pulumi.Input[builtins.str]] = None,
                  organization_id: Optional[pulumi.Input[builtins.str]] = None,
+                 scoped_access_settings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['GcpUserAccessBindingScopedAccessSettingArgs', 'GcpUserAccessBindingScopedAccessSettingArgsDict']]]]] = None,
                  session_settings: Optional[pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']]] = None,
                  __props__=None):
         """
@@ -273,6 +310,8 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                
                
                - - -
+        :param pulumi.Input[Sequence[pulumi.Input[Union['GcpUserAccessBindingScopedAccessSettingArgs', 'GcpUserAccessBindingScopedAccessSettingArgsDict']]]] scoped_access_settings: Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+               Structure is documented below.
         :param pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
                Structure is documented below.
         """
@@ -362,6 +401,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                  access_levels: Optional[pulumi.Input[builtins.str]] = None,
                  group_key: Optional[pulumi.Input[builtins.str]] = None,
                  organization_id: Optional[pulumi.Input[builtins.str]] = None,
+                 scoped_access_settings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['GcpUserAccessBindingScopedAccessSettingArgs', 'GcpUserAccessBindingScopedAccessSettingArgsDict']]]]] = None,
                  session_settings: Optional[pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
@@ -379,6 +419,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
             if organization_id is None and not opts.urn:
                 raise TypeError("Missing required property 'organization_id'")
             __props__.__dict__["organization_id"] = organization_id
+            __props__.__dict__["scoped_access_settings"] = scoped_access_settings
             __props__.__dict__["session_settings"] = session_settings
             __props__.__dict__["name"] = None
         super(GcpUserAccessBinding, __self__).__init__(
@@ -395,6 +436,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
             group_key: Optional[pulumi.Input[builtins.str]] = None,
             name: Optional[pulumi.Input[builtins.str]] = None,
             organization_id: Optional[pulumi.Input[builtins.str]] = None,
+            scoped_access_settings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['GcpUserAccessBindingScopedAccessSettingArgs', 'GcpUserAccessBindingScopedAccessSettingArgsDict']]]]] = None,
             session_settings: Optional[pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']]] = None) -> 'GcpUserAccessBinding':
         """
         Get an existing GcpUserAccessBinding resource's state with the given name, id, and optional extra
@@ -410,6 +452,8 @@ class GcpUserAccessBinding(pulumi.CustomResource):
                
                
                - - -
+        :param pulumi.Input[Sequence[pulumi.Input[Union['GcpUserAccessBindingScopedAccessSettingArgs', 'GcpUserAccessBindingScopedAccessSettingArgsDict']]]] scoped_access_settings: Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+               Structure is documented below.
         :param pulumi.Input[Union['GcpUserAccessBindingSessionSettingsArgs', 'GcpUserAccessBindingSessionSettingsArgsDict']] session_settings: Optional. The Google Cloud session length (GCSL) policy for the group key.
                Structure is documented below.
         """
@@ -421,6 +465,7 @@ class GcpUserAccessBinding(pulumi.CustomResource):
         __props__.__dict__["group_key"] = group_key
         __props__.__dict__["name"] = name
         __props__.__dict__["organization_id"] = organization_id
+        __props__.__dict__["scoped_access_settings"] = scoped_access_settings
         __props__.__dict__["session_settings"] = session_settings
         return GcpUserAccessBinding(resource_name, opts=opts, __props__=__props__)
 
@@ -459,6 +504,15 @@ class GcpUserAccessBinding(pulumi.CustomResource):
         """
         return pulumi.get(self, "organization_id")
 
+    @property
+    @pulumi.getter(name="scopedAccessSettings")
+    def scoped_access_settings(self) -> pulumi.Output[Optional[Sequence['outputs.GcpUserAccessBindingScopedAccessSetting']]]:
+        """
+        Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "scoped_access_settings")
+
     @property
     @pulumi.getter(name="sessionSettings")
     def session_settings(self) -> pulumi.Output[Optional['outputs.GcpUserAccessBindingSessionSettings']]:

pulumi_gcp/accesscontextmanager/outputs.py

@@ -40,6 +40,13 @@ __all__ = [
     'AccessLevelsAccessLevelCustomExpr',
     'AccessPolicyIamBindingCondition',
     'AccessPolicyIamMemberCondition',
+    'GcpUserAccessBindingScopedAccessSetting',
+    'GcpUserAccessBindingScopedAccessSettingActiveSettings',
+    'GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings',
+    'GcpUserAccessBindingScopedAccessSettingDryRunSettings',
+    'GcpUserAccessBindingScopedAccessSettingScope',
+    'GcpUserAccessBindingScopedAccessSettingScopeClientScope',
+    'GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication',
     'GcpUserAccessBindingSessionSettings',
     'ServicePerimeterDryRunEgressPolicyEgressFrom',
     'ServicePerimeterDryRunEgressPolicyEgressFromSource',
@@ -1657,6 +1664,368 @@ class AccessPolicyIamMemberCondition(dict):
         return pulumi.get(self, "description")
 
 
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSetting(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "activeSettings":
+            suggest = "active_settings"
+        elif key == "dryRunSettings":
+            suggest = "dry_run_settings"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSetting. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSetting.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSetting.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 active_settings: Optional['outputs.GcpUserAccessBindingScopedAccessSettingActiveSettings'] = None,
+                 dry_run_settings: Optional['outputs.GcpUserAccessBindingScopedAccessSettingDryRunSettings'] = None,
+                 scope: Optional['outputs.GcpUserAccessBindingScopedAccessSettingScope'] = None):
+        """
+        :param 'GcpUserAccessBindingScopedAccessSettingActiveSettingsArgs' active_settings: Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set.
+               Structure is documented below.
+        :param 'GcpUserAccessBindingScopedAccessSettingDryRunSettingsArgs' dry_run_settings: Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings.
+               Structure is documented below.
+        :param 'GcpUserAccessBindingScopedAccessSettingScopeArgs' scope: Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
+               Structure is documented below.
+        """
+        if active_settings is not None:
+            pulumi.set(__self__, "active_settings", active_settings)
+        if dry_run_settings is not None:
+            pulumi.set(__self__, "dry_run_settings", dry_run_settings)
+        if scope is not None:
+            pulumi.set(__self__, "scope", scope)
+
+    @property
+    @pulumi.getter(name="activeSettings")
+    def active_settings(self) -> Optional['outputs.GcpUserAccessBindingScopedAccessSettingActiveSettings']:
+        """
+        Optional. Access settings for this scoped access settings. This field may be empty if dryRunSettings is set.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "active_settings")
+
+    @property
+    @pulumi.getter(name="dryRunSettings")
+    def dry_run_settings(self) -> Optional['outputs.GcpUserAccessBindingScopedAccessSettingDryRunSettings']:
+        """
+        Optional. Dry-run access settings for this scoped access settings. This field may be empty if activeSettings is set. Cannot contain session settings.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "dry_run_settings")
+
+    @property
+    @pulumi.getter
+    def scope(self) -> Optional['outputs.GcpUserAccessBindingScopedAccessSettingScope']:
+        """
+        Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "scope")
+
+
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSettingActiveSettings(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "accessLevels":
+            suggest = "access_levels"
+        elif key == "sessionSettings":
+            suggest = "session_settings"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSettingActiveSettings. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSettingActiveSettings.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSettingActiveSettings.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 access_levels: Optional[Sequence[builtins.str]] = None,
+                 session_settings: Optional['outputs.GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings'] = None):
+        """
+        :param Sequence[builtins.str] access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        :param 'GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettingsArgs' session_settings: Optional. Session settings applied to user access on a given AccessScope.
+               Structure is documented below.
+        """
+        if access_levels is not None:
+            pulumi.set(__self__, "access_levels", access_levels)
+        if session_settings is not None:
+            pulumi.set(__self__, "session_settings", session_settings)
+
+    @property
+    @pulumi.getter(name="accessLevels")
+    def access_levels(self) -> Optional[Sequence[builtins.str]]:
+        """
+        Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        """
+        return pulumi.get(self, "access_levels")
+
+    @property
+    @pulumi.getter(name="sessionSettings")
+    def session_settings(self) -> Optional['outputs.GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings']:
+        """
+        Optional. Session settings applied to user access on a given AccessScope.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "session_settings")
+
+
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "maxInactivity":
+            suggest = "max_inactivity"
+        elif key == "sessionLength":
+            suggest = "session_length"
+        elif key == "sessionLengthEnabled":
+            suggest = "session_length_enabled"
+        elif key == "sessionReauthMethod":
+            suggest = "session_reauth_method"
+        elif key == "useOidcMaxAge":
+            suggest = "use_oidc_max_age"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSettingActiveSettingsSessionSettings.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 max_inactivity: Optional[builtins.str] = None,
+                 session_length: Optional[builtins.str] = None,
+                 session_length_enabled: Optional[builtins.bool] = None,
+                 session_reauth_method: Optional[builtins.str] = None,
+                 use_oidc_max_age: Optional[builtins.bool] = None):
+        """
+        :param builtins.str max_inactivity: Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        :param builtins.str session_length: Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        :param builtins.bool session_length_enabled: Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        :param builtins.str session_reauth_method: Optional. The session challenges proposed to users when the Google Cloud session length is up.
+               Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        :param builtins.bool use_oidc_max_age: Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+        if max_inactivity is not None:
+            pulumi.set(__self__, "max_inactivity", max_inactivity)
+        if session_length is not None:
+            pulumi.set(__self__, "session_length", session_length)
+        if session_length_enabled is not None:
+            pulumi.set(__self__, "session_length_enabled", session_length_enabled)
+        if session_reauth_method is not None:
+            pulumi.set(__self__, "session_reauth_method", session_reauth_method)
+        if use_oidc_max_age is not None:
+            pulumi.set(__self__, "use_oidc_max_age", use_oidc_max_age)
+
+    @property
+    @pulumi.getter(name="maxInactivity")
+    def max_inactivity(self) -> Optional[builtins.str]:
+        """
+        Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
+        """
+        return pulumi.get(self, "max_inactivity")
+
+    @property
+    @pulumi.getter(name="sessionLength")
+    def session_length(self) -> Optional[builtins.str]:
+        """
+        Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If useOidcMaxAge is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
+        """
+        return pulumi.get(self, "session_length")
+
+    @property
+    @pulumi.getter(name="sessionLengthEnabled")
+    def session_length_enabled(self) -> Optional[builtins.bool]:
+        """
+        Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
+        """
+        return pulumi.get(self, "session_length_enabled")
+
+    @property
+    @pulumi.getter(name="sessionReauthMethod")
+    def session_reauth_method(self) -> Optional[builtins.str]:
+        """
+        Optional. The session challenges proposed to users when the Google Cloud session length is up.
+        Possible values are: `LOGIN`, `SECURITY_KEY`, `PASSWORD`.
+        """
+        return pulumi.get(self, "session_reauth_method")
+
+    @property
+    @pulumi.getter(name="useOidcMaxAge")
+    def use_oidc_max_age(self) -> Optional[builtins.bool]:
+        """
+        Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the sessionLength field and the max_age OIDC param.
+        """
+        return pulumi.get(self, "use_oidc_max_age")
+
+
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSettingDryRunSettings(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "accessLevels":
+            suggest = "access_levels"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSettingDryRunSettings. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSettingDryRunSettings.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSettingDryRunSettings.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 access_levels: Optional[builtins.str] = None):
+        """
+        :param builtins.str access_levels: Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        """
+        if access_levels is not None:
+            pulumi.set(__self__, "access_levels", access_levels)
+
+    @property
+    @pulumi.getter(name="accessLevels")
+    def access_levels(self) -> Optional[builtins.str]:
+        """
+        Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
+        """
+        return pulumi.get(self, "access_levels")
+
+
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSettingScope(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "clientScope":
+            suggest = "client_scope"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSettingScope. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSettingScope.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSettingScope.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 client_scope: Optional['outputs.GcpUserAccessBindingScopedAccessSettingScopeClientScope'] = None):
+        """
+        :param 'GcpUserAccessBindingScopedAccessSettingScopeClientScopeArgs' client_scope: Optional. Client scope for this access scope.
+               Structure is documented below.
+        """
+        if client_scope is not None:
+            pulumi.set(__self__, "client_scope", client_scope)
+
+    @property
+    @pulumi.getter(name="clientScope")
+    def client_scope(self) -> Optional['outputs.GcpUserAccessBindingScopedAccessSettingScopeClientScope']:
+        """
+        Optional. Client scope for this access scope.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "client_scope")
+
+
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSettingScopeClientScope(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "restrictedClientApplication":
+            suggest = "restricted_client_application"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSettingScopeClientScope. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSettingScopeClientScope.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSettingScopeClientScope.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 restricted_client_application: Optional['outputs.GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication'] = None):
+        """
+        :param 'GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplicationArgs' restricted_client_application: Optional. The application that is subject to this binding's scope.
+               Structure is documented below.
+        """
+        if restricted_client_application is not None:
+            pulumi.set(__self__, "restricted_client_application", restricted_client_application)
+
+    @property
+    @pulumi.getter(name="restrictedClientApplication")
+    def restricted_client_application(self) -> Optional['outputs.GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication']:
+        """
+        Optional. The application that is subject to this binding's scope.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "restricted_client_application")
+
+
+@pulumi.output_type
+class GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "clientId":
+            suggest = "client_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        GcpUserAccessBindingScopedAccessSettingScopeClientScopeRestrictedClientApplication.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 client_id: Optional[builtins.str] = None):
+        """
+        :param builtins.str client_id: The OAuth client ID of the application.
+        """
+        if client_id is not None:
+            pulumi.set(__self__, "client_id", client_id)
+
+    @property
+    @pulumi.getter(name="clientId")
+    def client_id(self) -> Optional[builtins.str]:
+        """
+        The OAuth client ID of the application.
+        """
+        return pulumi.get(self, "client_id")
+
+
 @pulumi.output_type
 class GcpUserAccessBindingSessionSettings(dict):
     @staticmethod

pulumi_gcp/alloydb/_inputs.py

@@ -1804,18 +1804,30 @@ if not MYPY:
         """
         The number of CPU's in the VM instance.
         """
+        machine_type: NotRequired[pulumi.Input[builtins.str]]
+        """
+        Machine type of the VM instance.
+        E.g. "n2-highmem-4", "n2-highmem-8", "c4a-highmem-4-lssd".
+        `cpu_count` must match the number of vCPUs in the machine type.
+        """
 elif False:
     InstanceMachineConfigArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class InstanceMachineConfigArgs:
     def __init__(__self__, *,
-                 cpu_count: Optional[pulumi.Input[builtins.int]] = None):
+                 cpu_count: Optional[pulumi.Input[builtins.int]] = None,
+                 machine_type: Optional[pulumi.Input[builtins.str]] = None):
         """
         :param pulumi.Input[builtins.int] cpu_count: The number of CPU's in the VM instance.
+        :param pulumi.Input[builtins.str] machine_type: Machine type of the VM instance.
+               E.g. "n2-highmem-4", "n2-highmem-8", "c4a-highmem-4-lssd".
+               `cpu_count` must match the number of vCPUs in the machine type.
         """
         if cpu_count is not None:
             pulumi.set(__self__, "cpu_count", cpu_count)
+        if machine_type is not None:
+            pulumi.set(__self__, "machine_type", machine_type)
 
     @property
     @pulumi.getter(name="cpuCount")
@@ -1829,6 +1841,20 @@ class InstanceMachineConfigArgs:
     def cpu_count(self, value: Optional[pulumi.Input[builtins.int]]):
         pulumi.set(self, "cpu_count", value)
 
+    @property
+    @pulumi.getter(name="machineType")
+    def machine_type(self) -> Optional[pulumi.Input[builtins.str]]:
+        """
+        Machine type of the VM instance.
+        E.g. "n2-highmem-4", "n2-highmem-8", "c4a-highmem-4-lssd".
+        `cpu_count` must match the number of vCPUs in the machine type.
+        """
+        return pulumi.get(self, "machine_type")
+
+    @machine_type.setter
+    def machine_type(self, value: Optional[pulumi.Input[builtins.str]]):
+        pulumi.set(self, "machine_type", value)
+
 
 if not MYPY:
     class InstanceNetworkConfigArgsDict(TypedDict):
@@ -1951,6 +1977,10 @@ class InstanceNetworkConfigAuthorizedExternalNetworkArgs:
 
 if not MYPY:
     class InstanceObservabilityConfigArgsDict(TypedDict):
+        assistive_experiences_enabled: NotRequired[pulumi.Input[builtins.bool]]
+        """
+        Whether assistive experiences are enabled for this AlloyDB instance.
+        """
         enabled: NotRequired[pulumi.Input[builtins.bool]]
         """
         Observability feature status for an instance.
@@ -1989,6 +2019,7 @@ elif False:
 @pulumi.input_type
 class InstanceObservabilityConfigArgs:
     def __init__(__self__, *,
+                 assistive_experiences_enabled: Optional[pulumi.Input[builtins.bool]] = None,
                  enabled: Optional[pulumi.Input[builtins.bool]] = None,
                  max_query_string_length: Optional[pulumi.Input[builtins.int]] = None,
                  preserve_comments: Optional[pulumi.Input[builtins.bool]] = None,
@@ -1998,6 +2029,7 @@ class InstanceObservabilityConfigArgs:
                  track_wait_event_types: Optional[pulumi.Input[builtins.bool]] = None,
                  track_wait_events: Optional[pulumi.Input[builtins.bool]] = None):
         """
+        :param pulumi.Input[builtins.bool] assistive_experiences_enabled: Whether assistive experiences are enabled for this AlloyDB instance.
         :param pulumi.Input[builtins.bool] enabled: Observability feature status for an instance.
         :param pulumi.Input[builtins.int] max_query_string_length: Query string length. The default value is 10240. Any integer between 1024 and 100000 is considered valid.
         :param pulumi.Input[builtins.bool] preserve_comments: Preserve comments in the query string.
@@ -2007,6 +2039,8 @@ class InstanceObservabilityConfigArgs:
         :param pulumi.Input[builtins.bool] track_wait_event_types: Record wait event types during query execution for an instance.
         :param pulumi.Input[builtins.bool] track_wait_events: Record wait events during query execution for an instance.
         """
+        if assistive_experiences_enabled is not None:
+            pulumi.set(__self__, "assistive_experiences_enabled", assistive_experiences_enabled)
         if enabled is not None:
             pulumi.set(__self__, "enabled", enabled)
         if max_query_string_length is not None:
@@ -2024,6 +2058,18 @@ class InstanceObservabilityConfigArgs:
         if track_wait_events is not None:
             pulumi.set(__self__, "track_wait_events", track_wait_events)
 
+    @property
+    @pulumi.getter(name="assistiveExperiencesEnabled")
+    def assistive_experiences_enabled(self) -> Optional[pulumi.Input[builtins.bool]]:
+        """
+        Whether assistive experiences are enabled for this AlloyDB instance.
+        """
+        return pulumi.get(self, "assistive_experiences_enabled")
+
+    @assistive_experiences_enabled.setter
+    def assistive_experiences_enabled(self, value: Optional[pulumi.Input[builtins.bool]]):
+        pulumi.set(self, "assistive_experiences_enabled", value)
+
     @property
     @pulumi.getter
     def enabled(self) -> Optional[pulumi.Input[builtins.bool]]: