pulumi-gcp 8.40.0a1754721948__py3-none-any.whl → 8.41.0__py3-none-any.whl

pulumi_gcp/compute/_inputs.py

@@ -153,12 +153,20 @@ __all__ = [
     'FirewallPolicyWithRulesPredefinedRuleMatchArgsDict',
     'FirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs',
     'FirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgsDict',
+    'FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs',
+    'FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict',
+    'FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs',
+    'FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict',
     'FirewallPolicyWithRulesRuleArgs',
     'FirewallPolicyWithRulesRuleArgsDict',
     'FirewallPolicyWithRulesRuleMatchArgs',
     'FirewallPolicyWithRulesRuleMatchArgsDict',
     'FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs',
     'FirewallPolicyWithRulesRuleMatchLayer4ConfigArgsDict',
+    'FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs',
+    'FirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict',
+    'FirewallPolicyWithRulesRuleTargetSecureTagArgs',
+    'FirewallPolicyWithRulesRuleTargetSecureTagArgsDict',
     'ForwardingRuleServiceDirectoryRegistrationsArgs',
     'ForwardingRuleServiceDirectoryRegistrationsArgsDict',
     'FutureReservationAggregateReservationArgs',
@@ -679,6 +687,10 @@ __all__ = [
     'PerInstanceConfigPreservedStateInternalIpArgsDict',
     'PerInstanceConfigPreservedStateInternalIpIpAddressArgs',
     'PerInstanceConfigPreservedStateInternalIpIpAddressArgsDict',
+    'PreviewFeatureRolloutOperationArgs',
+    'PreviewFeatureRolloutOperationArgsDict',
+    'PreviewFeatureRolloutOperationRolloutInputArgs',
+    'PreviewFeatureRolloutOperationRolloutInputArgsDict',
     'RegionAutoscalerAutoscalingPolicyArgs',
     'RegionAutoscalerAutoscalingPolicyArgsDict',
     'RegionAutoscalerAutoscalingPolicyCpuUtilizationArgs',
@@ -727,6 +739,12 @@ __all__ = [
     'RegionBackendServiceDynamicForwardingIpPortSelectionArgsDict',
     'RegionBackendServiceFailoverPolicyArgs',
     'RegionBackendServiceFailoverPolicyArgsDict',
+    'RegionBackendServiceHaPolicyArgs',
+    'RegionBackendServiceHaPolicyArgsDict',
+    'RegionBackendServiceHaPolicyLeaderArgs',
+    'RegionBackendServiceHaPolicyLeaderArgsDict',
+    'RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs',
+    'RegionBackendServiceHaPolicyLeaderNetworkEndpointArgsDict',
     'RegionBackendServiceIamBindingConditionArgs',
     'RegionBackendServiceIamBindingConditionArgsDict',
     'RegionBackendServiceIamMemberConditionArgs',
@@ -951,6 +969,10 @@ __all__ = [
     'RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailLocalizedMessageArgsDict',
     'RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailQuotaInfoArgs',
     'RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailQuotaInfoArgsDict',
+    'RegionSecurityPolicyAdvancedOptionsConfigArgs',
+    'RegionSecurityPolicyAdvancedOptionsConfigArgsDict',
+    'RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs',
+    'RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgsDict',
     'RegionSecurityPolicyDdosProtectionConfigArgs',
     'RegionSecurityPolicyDdosProtectionConfigArgsDict',
     'RegionSecurityPolicyRuleArgs',
@@ -1251,6 +1273,8 @@ __all__ = [
     'RouterNatRuleActionArgsDict',
     'RouterNatSubnetworkArgs',
     'RouterNatSubnetworkArgsDict',
+    'RouterParamsArgs',
+    'RouterParamsArgsDict',
     'RouterPeerAdvertisedIpRangeArgs',
     'RouterPeerAdvertisedIpRangeArgsDict',
     'RouterPeerBfdArgs',
@@ -1359,6 +1383,8 @@ __all__ = [
     'SubnetworkIAMMemberConditionArgsDict',
     'SubnetworkLogConfigArgs',
     'SubnetworkLogConfigArgsDict',
+    'SubnetworkParamsArgs',
+    'SubnetworkParamsArgsDict',
     'SubnetworkSecondaryIpRangeArgs',
     'SubnetworkSecondaryIpRangeArgsDict',
     'URLMapDefaultCustomErrorResponsePolicyArgs',
@@ -8077,6 +8103,22 @@ if not MYPY:
         this rule. If this field is left blank, all VMs
         within the organization will receive the rule.
         """
+        target_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict']]]]
+        """
+        (Output)
+        A list of secure tags that controls which instances the firewall rule
+        applies to. If <code>targetSecureTag</code> are specified, then the
+        firewall rule applies only to instances in the VPC network that have one
+        of those EFFECTIVE secure tags, if all the target_secure_tag are in
+        INEFFECTIVE state, then this rule will be ignored.
+        <code>targetSecureTag</code> may not be set at the same time as
+        <code>targetServiceAccounts</code>.
+        If neither <code>targetServiceAccounts</code> nor
+        <code>targetSecureTag</code> are specified, the firewall rule applies
+        to all instances on the specified network.
+        Maximum number of target secure tags allowed is 256.
+        Structure is documented below.
+        """
         target_service_accounts: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
         """
         (Output)
@@ -8105,6 +8147,7 @@ class FirewallPolicyWithRulesPredefinedRuleArgs:
                  rule_name: Optional[pulumi.Input[_builtins.str]] = None,
                  security_profile_group: Optional[pulumi.Input[_builtins.str]] = None,
                  target_resources: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]]] = None,
                  target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  tls_inspect: Optional[pulumi.Input[_builtins.bool]] = None):
         """
@@ -8143,6 +8186,19 @@ class FirewallPolicyWithRulesPredefinedRuleArgs:
                This field allows you to control which network's VMs get
                this rule. If this field is left blank, all VMs
                within the organization will receive the rule.
+        :param pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]] target_secure_tags: (Output)
+               A list of secure tags that controls which instances the firewall rule
+               applies to. If <code>targetSecureTag</code> are specified, then the
+               firewall rule applies only to instances in the VPC network that have one
+               of those EFFECTIVE secure tags, if all the target_secure_tag are in
+               INEFFECTIVE state, then this rule will be ignored.
+               <code>targetSecureTag</code> may not be set at the same time as
+               <code>targetServiceAccounts</code>.
+               If neither <code>targetServiceAccounts</code> nor
+               <code>targetSecureTag</code> are specified, the firewall rule applies
+               to all instances on the specified network.
+               Maximum number of target secure tags allowed is 256.
+               Structure is documented below.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] target_service_accounts: (Output)
                A list of service accounts indicating the sets of
                instances that are applied with this rule.
@@ -8170,6 +8226,8 @@ class FirewallPolicyWithRulesPredefinedRuleArgs:
             pulumi.set(__self__, "security_profile_group", security_profile_group)
         if target_resources is not None:
             pulumi.set(__self__, "target_resources", target_resources)
+        if target_secure_tags is not None:
+            pulumi.set(__self__, "target_secure_tags", target_secure_tags)
         if target_service_accounts is not None:
             pulumi.set(__self__, "target_service_accounts", target_service_accounts)
         if tls_inspect is not None:
@@ -8320,6 +8378,30 @@ class FirewallPolicyWithRulesPredefinedRuleArgs:
     def target_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "target_resources", value)
 
+    @_builtins.property
+    @pulumi.getter(name="targetSecureTags")
+    def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]]]:
+        """
+        (Output)
+        A list of secure tags that controls which instances the firewall rule
+        applies to. If <code>targetSecureTag</code> are specified, then the
+        firewall rule applies only to instances in the VPC network that have one
+        of those EFFECTIVE secure tags, if all the target_secure_tag are in
+        INEFFECTIVE state, then this rule will be ignored.
+        <code>targetSecureTag</code> may not be set at the same time as
+        <code>targetServiceAccounts</code>.
+        If neither <code>targetServiceAccounts</code> nor
+        <code>targetSecureTag</code> are specified, the firewall rule applies
+        to all instances on the specified network.
+        Maximum number of target secure tags allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "target_secure_tags")
+
+    @target_secure_tags.setter
+    def target_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs']]]]):
+        pulumi.set(self, "target_secure_tags", value)
+
     @_builtins.property
     @pulumi.getter(name="targetServiceAccounts")
     def target_service_accounts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
@@ -8382,9 +8464,6 @@ if not MYPY:
         """
         Pairs of IP protocols and ports that the rule should match.
         Structure is documented below.
-
-
-        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         """
         src_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
         """
@@ -8408,6 +8487,15 @@ if not MYPY:
         ISO 3166 alpha-2 country codes. ex."US"
         Maximum number of source region codes allowed is 5000.
         """
+        src_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict']]]]
+        """
+        List of secure tag values, which should be matched at the source
+        of the traffic.
+        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+        and there is no <code>srcIpRange</code>, this rule will be ignored.
+        Maximum number of source tag values allowed is 256.
+        Structure is documented below.
+        """
         src_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
         """
         Names of Network Threat Intelligence lists.
@@ -8429,6 +8517,7 @@ class FirewallPolicyWithRulesPredefinedRuleMatchArgs:
                  src_fqdns: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  src_ip_ranges: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  src_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 src_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]]] = None,
                  src_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None):
         """
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] dest_address_groups: Address groups which should be matched against the traffic destination.
@@ -8445,9 +8534,6 @@ class FirewallPolicyWithRulesPredefinedRuleMatchArgs:
                The IPs in these lists will be matched against traffic destination.
         :param pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs']]] layer4_configs: Pairs of IP protocols and ports that the rule should match.
                Structure is documented below.
-               
-               
-               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] src_address_groups: Address groups which should be matched against the traffic source.
                Maximum number of source address groups is 10.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] src_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
@@ -8458,6 +8544,12 @@ class FirewallPolicyWithRulesPredefinedRuleMatchArgs:
                of traffic. Should be specified as 2 letter country code defined as per
                ISO 3166 alpha-2 country codes. ex."US"
                Maximum number of source region codes allowed is 5000.
+        :param pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]] src_secure_tags: List of secure tag values, which should be matched at the source
+               of the traffic.
+               For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+               and there is no <code>srcIpRange</code>, this rule will be ignored.
+               Maximum number of source tag values allowed is 256.
+               Structure is documented below.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] src_threat_intelligences: Names of Network Threat Intelligence lists.
                The IPs in these lists will be matched against traffic source.
         """
@@ -8481,6 +8573,8 @@ class FirewallPolicyWithRulesPredefinedRuleMatchArgs:
             pulumi.set(__self__, "src_ip_ranges", src_ip_ranges)
         if src_region_codes is not None:
             pulumi.set(__self__, "src_region_codes", src_region_codes)
+        if src_secure_tags is not None:
+            pulumi.set(__self__, "src_secure_tags", src_secure_tags)
         if src_threat_intelligences is not None:
             pulumi.set(__self__, "src_threat_intelligences", src_threat_intelligences)
 
@@ -8557,9 +8651,6 @@ class FirewallPolicyWithRulesPredefinedRuleMatchArgs:
         """
         Pairs of IP protocols and ports that the rule should match.
         Structure is documented below.
-
-
-        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         """
         return pulumi.get(self, "layer4_configs")
 
@@ -8621,6 +8712,23 @@ class FirewallPolicyWithRulesPredefinedRuleMatchArgs:
     def src_region_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "src_region_codes", value)
 
+    @_builtins.property
+    @pulumi.getter(name="srcSecureTags")
+    def src_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]]]:
+        """
+        List of secure tag values, which should be matched at the source
+        of the traffic.
+        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+        and there is no <code>srcIpRange</code>, this rule will be ignored.
+        Maximum number of source tag values allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "src_secure_tags")
+
+    @src_secure_tags.setter
+    def src_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs']]]]):
+        pulumi.set(self, "src_secure_tags", value)
+
     @_builtins.property
     @pulumi.getter(name="srcThreatIntelligences")
     def src_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
@@ -8720,6 +8828,140 @@ class FirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs:
         pulumi.set(self, "ports", value)
 
 
+if not MYPY:
+    class FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        state: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+
+        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+elif False:
+    FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 state: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param pulumi.Input[_builtins.str] state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+               
+               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+
+        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        return pulumi.get(self, "state")
+
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "state", value)
+
+
+if not MYPY:
+    class FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        state: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+        """
+elif False:
+    FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 state: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param pulumi.Input[_builtins.str] state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+        """
+        return pulumi.get(self, "state")
+
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "state", value)
+
+
 if not MYPY:
     class FirewallPolicyWithRulesRuleArgsDict(TypedDict):
         action: pulumi.Input[_builtins.str]
@@ -8779,6 +9021,21 @@ if not MYPY:
         this rule. If this field is left blank, all VMs
         within the organization will receive the rule.
         """
+        target_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleTargetSecureTagArgsDict']]]]
+        """
+        A list of secure tags that controls which instances the firewall rule
+        applies to. If <code>targetSecureTag</code> are specified, then the
+        firewall rule applies only to instances in the VPC network that have one
+        of those EFFECTIVE secure tags, if all the target_secure_tag are in
+        INEFFECTIVE state, then this rule will be ignored.
+        <code>targetSecureTag</code> may not be set at the same time as
+        <code>targetServiceAccounts</code>.
+        If neither <code>targetServiceAccounts</code> nor
+        <code>targetSecureTag</code> are specified, the firewall rule applies
+        to all instances on the specified network.
+        Maximum number of target secure tags allowed is 256.
+        Structure is documented below.
+        """
         target_service_accounts: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
         """
         A list of service accounts indicating the sets of
@@ -8805,6 +9062,7 @@ class FirewallPolicyWithRulesRuleArgs:
                  rule_name: Optional[pulumi.Input[_builtins.str]] = None,
                  security_profile_group: Optional[pulumi.Input[_builtins.str]] = None,
                  target_resources: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 target_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleTargetSecureTagArgs']]]] = None,
                  target_service_accounts: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  tls_inspect: Optional[pulumi.Input[_builtins.bool]] = None):
         """
@@ -8835,6 +9093,18 @@ class FirewallPolicyWithRulesRuleArgs:
                This field allows you to control which network's VMs get
                this rule. If this field is left blank, all VMs
                within the organization will receive the rule.
+        :param pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule
+               applies to. If <code>targetSecureTag</code> are specified, then the
+               firewall rule applies only to instances in the VPC network that have one
+               of those EFFECTIVE secure tags, if all the target_secure_tag are in
+               INEFFECTIVE state, then this rule will be ignored.
+               <code>targetSecureTag</code> may not be set at the same time as
+               <code>targetServiceAccounts</code>.
+               If neither <code>targetServiceAccounts</code> nor
+               <code>targetSecureTag</code> are specified, the firewall rule applies
+               to all instances on the specified network.
+               Maximum number of target secure tags allowed is 256.
+               Structure is documented below.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] target_service_accounts: A list of service accounts indicating the sets of
                instances that are applied with this rule.
         :param pulumi.Input[_builtins.bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted.
@@ -8857,6 +9127,8 @@ class FirewallPolicyWithRulesRuleArgs:
             pulumi.set(__self__, "security_profile_group", security_profile_group)
         if target_resources is not None:
             pulumi.set(__self__, "target_resources", target_resources)
+        if target_secure_tags is not None:
+            pulumi.set(__self__, "target_secure_tags", target_secure_tags)
         if target_service_accounts is not None:
             pulumi.set(__self__, "target_service_accounts", target_service_accounts)
         if tls_inspect is not None:
@@ -8999,6 +9271,29 @@ class FirewallPolicyWithRulesRuleArgs:
     def target_resources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "target_resources", value)
 
+    @_builtins.property
+    @pulumi.getter(name="targetSecureTags")
+    def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleTargetSecureTagArgs']]]]:
+        """
+        A list of secure tags that controls which instances the firewall rule
+        applies to. If <code>targetSecureTag</code> are specified, then the
+        firewall rule applies only to instances in the VPC network that have one
+        of those EFFECTIVE secure tags, if all the target_secure_tag are in
+        INEFFECTIVE state, then this rule will be ignored.
+        <code>targetSecureTag</code> may not be set at the same time as
+        <code>targetServiceAccounts</code>.
+        If neither <code>targetServiceAccounts</code> nor
+        <code>targetSecureTag</code> are specified, the firewall rule applies
+        to all instances on the specified network.
+        Maximum number of target secure tags allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "target_secure_tags")
+
+    @target_secure_tags.setter
+    def target_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleTargetSecureTagArgs']]]]):
+        pulumi.set(self, "target_secure_tags", value)
+
     @_builtins.property
     @pulumi.getter(name="targetServiceAccounts")
     def target_service_accounts(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
@@ -9032,9 +9327,6 @@ if not MYPY:
         """
         Pairs of IP protocols and ports that the rule should match.
         Structure is documented below.
-
-
-        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         """
         dest_address_groups: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
         """
@@ -9099,6 +9391,15 @@ if not MYPY:
         ISO 3166 alpha-2 country codes. ex."US"
         Maximum number of source region codes allowed is 5000.
         """
+        src_secure_tags: NotRequired[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict']]]]
+        """
+        List of secure tag values, which should be matched at the source
+        of the traffic.
+        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+        and there is no <code>srcIpRange</code>, this rule will be ignored.
+        Maximum number of source tag values allowed is 256.
+        Structure is documented below.
+        """
         src_threat_intelligences: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
         """
         Names of Network Threat Intelligence lists.
@@ -9123,13 +9424,11 @@ class FirewallPolicyWithRulesRuleMatchArgs:
                  src_network_scope: Optional[pulumi.Input[_builtins.str]] = None,
                  src_networks: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  src_region_codes: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
+                 src_secure_tags: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]]] = None,
                  src_threat_intelligences: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None):
         """
         :param pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs']]] layer4_configs: Pairs of IP protocols and ports that the rule should match.
                Structure is documented below.
-               
-               
-               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] dest_address_groups: Address groups which should be matched against the traffic destination.
                Maximum number of destination address groups is 10.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] dest_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
@@ -9157,6 +9456,12 @@ class FirewallPolicyWithRulesRuleMatchArgs:
                of traffic. Should be specified as 2 letter country code defined as per
                ISO 3166 alpha-2 country codes. ex."US"
                Maximum number of source region codes allowed is 5000.
+        :param pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]] src_secure_tags: List of secure tag values, which should be matched at the source
+               of the traffic.
+               For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+               and there is no <code>srcIpRange</code>, this rule will be ignored.
+               Maximum number of source tag values allowed is 256.
+               Structure is documented below.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] src_threat_intelligences: Names of Network Threat Intelligence lists.
                The IPs in these lists will be matched against traffic source.
         """
@@ -9185,6 +9490,8 @@ class FirewallPolicyWithRulesRuleMatchArgs:
             pulumi.set(__self__, "src_networks", src_networks)
         if src_region_codes is not None:
             pulumi.set(__self__, "src_region_codes", src_region_codes)
+        if src_secure_tags is not None:
+            pulumi.set(__self__, "src_secure_tags", src_secure_tags)
         if src_threat_intelligences is not None:
             pulumi.set(__self__, "src_threat_intelligences", src_threat_intelligences)
 
@@ -9194,9 +9501,6 @@ class FirewallPolicyWithRulesRuleMatchArgs:
         """
         Pairs of IP protocols and ports that the rule should match.
         Structure is documented below.
-
-
-        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         """
         return pulumi.get(self, "layer4_configs")
 
@@ -9363,6 +9667,23 @@ class FirewallPolicyWithRulesRuleMatchArgs:
     def src_region_codes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
         pulumi.set(self, "src_region_codes", value)
 
+    @_builtins.property
+    @pulumi.getter(name="srcSecureTags")
+    def src_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]]]:
+        """
+        List of secure tag values, which should be matched at the source
+        of the traffic.
+        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+        and there is no <code>srcIpRange</code>, this rule will be ignored.
+        Maximum number of source tag values allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "src_secure_tags")
+
+    @src_secure_tags.setter
+    def src_secure_tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs']]]]):
+        pulumi.set(self, "src_secure_tags", value)
+
     @_builtins.property
     @pulumi.getter(name="srcThreatIntelligences")
     def src_threat_intelligences(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
@@ -9461,6 +9782,140 @@ class FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs:
         pulumi.set(self, "ports", value)
 
 
+if not MYPY:
+    class FirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        state: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+
+        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+elif False:
+    FirewallPolicyWithRulesRuleMatchSrcSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 state: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param pulumi.Input[_builtins.str] state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+               
+               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+
+        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        return pulumi.get(self, "state")
+
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "state", value)
+
+
+if not MYPY:
+    class FirewallPolicyWithRulesRuleTargetSecureTagArgsDict(TypedDict):
+        name: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        state: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+        """
+elif False:
+    FirewallPolicyWithRulesRuleTargetSecureTagArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class FirewallPolicyWithRulesRuleTargetSecureTagArgs:
+    def __init__(__self__, *,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 state: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param pulumi.Input[_builtins.str] state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "name", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+        """
+        return pulumi.get(self, "state")
+
+    @state.setter
+    def state(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "state", value)
+
+
 if not MYPY:
     class ForwardingRuleServiceDirectoryRegistrationsArgsDict(TypedDict):
         namespace: NotRequired[pulumi.Input[_builtins.str]]
@@ -34527,6 +34982,75 @@ class PerInstanceConfigPreservedStateInternalIpIpAddressArgs:
         pulumi.set(self, "address", value)
 
 
+if not MYPY:
+    class PreviewFeatureRolloutOperationArgsDict(TypedDict):
+        rollout_input: NotRequired[pulumi.Input['PreviewFeatureRolloutOperationRolloutInputArgsDict']]
+        """
+        The input for the rollout operation.
+        Structure is documented below.
+        """
+elif False:
+    PreviewFeatureRolloutOperationArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class PreviewFeatureRolloutOperationArgs:
+    def __init__(__self__, *,
+                 rollout_input: Optional[pulumi.Input['PreviewFeatureRolloutOperationRolloutInputArgs']] = None):
+        """
+        :param pulumi.Input['PreviewFeatureRolloutOperationRolloutInputArgs'] rollout_input: The input for the rollout operation.
+               Structure is documented below.
+        """
+        if rollout_input is not None:
+            pulumi.set(__self__, "rollout_input", rollout_input)
+
+    @_builtins.property
+    @pulumi.getter(name="rolloutInput")
+    def rollout_input(self) -> Optional[pulumi.Input['PreviewFeatureRolloutOperationRolloutInputArgs']]:
+        """
+        The input for the rollout operation.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "rollout_input")
+
+    @rollout_input.setter
+    def rollout_input(self, value: Optional[pulumi.Input['PreviewFeatureRolloutOperationRolloutInputArgs']]):
+        pulumi.set(self, "rollout_input", value)
+
+
+if not MYPY:
+    class PreviewFeatureRolloutOperationRolloutInputArgsDict(TypedDict):
+        predefined_rollout_plan: pulumi.Input[_builtins.str]
+        """
+        Predefined rollout plans.
+        Possible values are: `ROLLOUT_PLAN_FAST_ROLLOUT`.
+        """
+elif False:
+    PreviewFeatureRolloutOperationRolloutInputArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class PreviewFeatureRolloutOperationRolloutInputArgs:
+    def __init__(__self__, *,
+                 predefined_rollout_plan: pulumi.Input[_builtins.str]):
+        """
+        :param pulumi.Input[_builtins.str] predefined_rollout_plan: Predefined rollout plans.
+               Possible values are: `ROLLOUT_PLAN_FAST_ROLLOUT`.
+        """
+        pulumi.set(__self__, "predefined_rollout_plan", predefined_rollout_plan)
+
+    @_builtins.property
+    @pulumi.getter(name="predefinedRolloutPlan")
+    def predefined_rollout_plan(self) -> pulumi.Input[_builtins.str]:
+        """
+        Predefined rollout plans.
+        Possible values are: `ROLLOUT_PLAN_FAST_ROLLOUT`.
+        """
+        return pulumi.get(self, "predefined_rollout_plan")
+
+    @predefined_rollout_plan.setter
+    def predefined_rollout_plan(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "predefined_rollout_plan", value)
+
+
 if not MYPY:
     class RegionAutoscalerAutoscalingPolicyArgsDict(TypedDict):
         max_replicas: pulumi.Input[_builtins.int]
@@ -37472,6 +37996,193 @@ class RegionBackendServiceFailoverPolicyArgs:
         pulumi.set(self, "failover_ratio", value)
 
 
+if not MYPY:
+    class RegionBackendServiceHaPolicyArgsDict(TypedDict):
+        fast_ip_move: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+        Supported values are:
+        * `DISABLED`: Fast IP Move is disabled. You can only use the haPolicy.leader API to
+        update the leader.
+        * `GARP_RA`: Provides a method to very quickly define a new network endpoint as the
+        leader. This method is faster than updating the leader using the
+        haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+        network endpoint that should become the new leader sends either a
+        Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+        packet (IPv6). Google Cloud immediately but temporarily associates the
+        forwarding rule IP address with that VM, and both new and in-flight packets
+        are quickly delivered to that VM.
+        Possible values are: `DISABLED`, `GARP_RA`.
+        """
+        leader: NotRequired[pulumi.Input['RegionBackendServiceHaPolicyLeaderArgsDict']]
+        """
+        Selects one of the network endpoints attached to the backend NEGs of this service as the
+        active endpoint (the leader) that receives all traffic.
+        Structure is documented below.
+        """
+elif False:
+    RegionBackendServiceHaPolicyArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class RegionBackendServiceHaPolicyArgs:
+    def __init__(__self__, *,
+                 fast_ip_move: Optional[pulumi.Input[_builtins.str]] = None,
+                 leader: Optional[pulumi.Input['RegionBackendServiceHaPolicyLeaderArgs']] = None):
+        """
+        :param pulumi.Input[_builtins.str] fast_ip_move: Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+               Supported values are:
+               * `DISABLED`: Fast IP Move is disabled. You can only use the haPolicy.leader API to
+               update the leader.
+               * `GARP_RA`: Provides a method to very quickly define a new network endpoint as the
+               leader. This method is faster than updating the leader using the
+               haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+               network endpoint that should become the new leader sends either a
+               Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+               packet (IPv6). Google Cloud immediately but temporarily associates the
+               forwarding rule IP address with that VM, and both new and in-flight packets
+               are quickly delivered to that VM.
+               Possible values are: `DISABLED`, `GARP_RA`.
+        :param pulumi.Input['RegionBackendServiceHaPolicyLeaderArgs'] leader: Selects one of the network endpoints attached to the backend NEGs of this service as the
+               active endpoint (the leader) that receives all traffic.
+               Structure is documented below.
+        """
+        if fast_ip_move is not None:
+            pulumi.set(__self__, "fast_ip_move", fast_ip_move)
+        if leader is not None:
+            pulumi.set(__self__, "leader", leader)
+
+    @_builtins.property
+    @pulumi.getter(name="fastIpMove")
+    def fast_ip_move(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+        Supported values are:
+        * `DISABLED`: Fast IP Move is disabled. You can only use the haPolicy.leader API to
+        update the leader.
+        * `GARP_RA`: Provides a method to very quickly define a new network endpoint as the
+        leader. This method is faster than updating the leader using the
+        haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+        network endpoint that should become the new leader sends either a
+        Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+        packet (IPv6). Google Cloud immediately but temporarily associates the
+        forwarding rule IP address with that VM, and both new and in-flight packets
+        are quickly delivered to that VM.
+        Possible values are: `DISABLED`, `GARP_RA`.
+        """
+        return pulumi.get(self, "fast_ip_move")
+
+    @fast_ip_move.setter
+    def fast_ip_move(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "fast_ip_move", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def leader(self) -> Optional[pulumi.Input['RegionBackendServiceHaPolicyLeaderArgs']]:
+        """
+        Selects one of the network endpoints attached to the backend NEGs of this service as the
+        active endpoint (the leader) that receives all traffic.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "leader")
+
+    @leader.setter
+    def leader(self, value: Optional[pulumi.Input['RegionBackendServiceHaPolicyLeaderArgs']]):
+        pulumi.set(self, "leader", value)
+
+
+if not MYPY:
+    class RegionBackendServiceHaPolicyLeaderArgsDict(TypedDict):
+        backend_group: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+        attached to.
+        """
+        network_endpoint: NotRequired[pulumi.Input['RegionBackendServiceHaPolicyLeaderNetworkEndpointArgsDict']]
+        """
+        The network endpoint within the leader.backendGroup that is designated as the leader.
+        Structure is documented below.
+        """
+elif False:
+    RegionBackendServiceHaPolicyLeaderArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class RegionBackendServiceHaPolicyLeaderArgs:
+    def __init__(__self__, *,
+                 backend_group: Optional[pulumi.Input[_builtins.str]] = None,
+                 network_endpoint: Optional[pulumi.Input['RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs']] = None):
+        """
+        :param pulumi.Input[_builtins.str] backend_group: A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+               attached to.
+        :param pulumi.Input['RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs'] network_endpoint: The network endpoint within the leader.backendGroup that is designated as the leader.
+               Structure is documented below.
+        """
+        if backend_group is not None:
+            pulumi.set(__self__, "backend_group", backend_group)
+        if network_endpoint is not None:
+            pulumi.set(__self__, "network_endpoint", network_endpoint)
+
+    @_builtins.property
+    @pulumi.getter(name="backendGroup")
+    def backend_group(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+        attached to.
+        """
+        return pulumi.get(self, "backend_group")
+
+    @backend_group.setter
+    def backend_group(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "backend_group", value)
+
+    @_builtins.property
+    @pulumi.getter(name="networkEndpoint")
+    def network_endpoint(self) -> Optional[pulumi.Input['RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs']]:
+        """
+        The network endpoint within the leader.backendGroup that is designated as the leader.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "network_endpoint")
+
+    @network_endpoint.setter
+    def network_endpoint(self, value: Optional[pulumi.Input['RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs']]):
+        pulumi.set(self, "network_endpoint", value)
+
+
+if not MYPY:
+    class RegionBackendServiceHaPolicyLeaderNetworkEndpointArgsDict(TypedDict):
+        instance: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The name of the VM instance of the leader network endpoint. The instance must
+        already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+elif False:
+    RegionBackendServiceHaPolicyLeaderNetworkEndpointArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs:
+    def __init__(__self__, *,
+                 instance: Optional[pulumi.Input[_builtins.str]] = None):
+        """
+        :param pulumi.Input[_builtins.str] instance: The name of the VM instance of the leader network endpoint. The instance must
+               already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+        if instance is not None:
+            pulumi.set(__self__, "instance", instance)
+
+    @_builtins.property
+    @pulumi.getter
+    def instance(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The name of the VM instance of the leader network endpoint. The instance must
+        already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+        return pulumi.get(self, "instance")
+
+    @instance.setter
+    def instance(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "instance", value)
+
+
 if not MYPY:
     class RegionBackendServiceIamBindingConditionArgsDict(TypedDict):
         expression: pulumi.Input[_builtins.str]
@@ -48809,6 +49520,164 @@ class RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailQuotaInfoArgs:
         pulumi.set(self, "rollout_status", value)
 
 
+if not MYPY:
+    class RegionSecurityPolicyAdvancedOptionsConfigArgsDict(TypedDict):
+        json_custom_config: NotRequired[pulumi.Input['RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgsDict']]
+        """
+        Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
+        Structure is documented below.
+        """
+        json_parsing: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
+        Possible values are: `DISABLED`, `STANDARD`, `STANDARD_WITH_GRAPHQL`.
+        """
+        log_level: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        Logging level. Supported values include: "NORMAL", "VERBOSE".
+        Possible values are: `NORMAL`, `VERBOSE`.
+        """
+        request_body_inspection_size: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB, "32KB", "48KB" and "64KB".
+        Values are case insensitive.
+        Possible values are: `8KB`, `16KB`, `32KB`, `48KB`, `64KB`.
+        """
+        user_ip_request_headers: NotRequired[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]
+        """
+        An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+        """
+elif False:
+    RegionSecurityPolicyAdvancedOptionsConfigArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class RegionSecurityPolicyAdvancedOptionsConfigArgs:
+    def __init__(__self__, *,
+                 json_custom_config: Optional[pulumi.Input['RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs']] = None,
+                 json_parsing: Optional[pulumi.Input[_builtins.str]] = None,
+                 log_level: Optional[pulumi.Input[_builtins.str]] = None,
+                 request_body_inspection_size: Optional[pulumi.Input[_builtins.str]] = None,
+                 user_ip_request_headers: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None):
+        """
+        :param pulumi.Input['RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs'] json_custom_config: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
+               Structure is documented below.
+        :param pulumi.Input[_builtins.str] json_parsing: JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
+               Possible values are: `DISABLED`, `STANDARD`, `STANDARD_WITH_GRAPHQL`.
+        :param pulumi.Input[_builtins.str] log_level: Logging level. Supported values include: "NORMAL", "VERBOSE".
+               Possible values are: `NORMAL`, `VERBOSE`.
+        :param pulumi.Input[_builtins.str] request_body_inspection_size: The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB, "32KB", "48KB" and "64KB".
+               Values are case insensitive.
+               Possible values are: `8KB`, `16KB`, `32KB`, `48KB`, `64KB`.
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] user_ip_request_headers: An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+        """
+        if json_custom_config is not None:
+            pulumi.set(__self__, "json_custom_config", json_custom_config)
+        if json_parsing is not None:
+            pulumi.set(__self__, "json_parsing", json_parsing)
+        if log_level is not None:
+            pulumi.set(__self__, "log_level", log_level)
+        if request_body_inspection_size is not None:
+            pulumi.set(__self__, "request_body_inspection_size", request_body_inspection_size)
+        if user_ip_request_headers is not None:
+            pulumi.set(__self__, "user_ip_request_headers", user_ip_request_headers)
+
+    @_builtins.property
+    @pulumi.getter(name="jsonCustomConfig")
+    def json_custom_config(self) -> Optional[pulumi.Input['RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs']]:
+        """
+        Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "json_custom_config")
+
+    @json_custom_config.setter
+    def json_custom_config(self, value: Optional[pulumi.Input['RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs']]):
+        pulumi.set(self, "json_custom_config", value)
+
+    @_builtins.property
+    @pulumi.getter(name="jsonParsing")
+    def json_parsing(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
+        Possible values are: `DISABLED`, `STANDARD`, `STANDARD_WITH_GRAPHQL`.
+        """
+        return pulumi.get(self, "json_parsing")
+
+    @json_parsing.setter
+    def json_parsing(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "json_parsing", value)
+
+    @_builtins.property
+    @pulumi.getter(name="logLevel")
+    def log_level(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        Logging level. Supported values include: "NORMAL", "VERBOSE".
+        Possible values are: `NORMAL`, `VERBOSE`.
+        """
+        return pulumi.get(self, "log_level")
+
+    @log_level.setter
+    def log_level(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "log_level", value)
+
+    @_builtins.property
+    @pulumi.getter(name="requestBodyInspectionSize")
+    def request_body_inspection_size(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB, "32KB", "48KB" and "64KB".
+        Values are case insensitive.
+        Possible values are: `8KB`, `16KB`, `32KB`, `48KB`, `64KB`.
+        """
+        return pulumi.get(self, "request_body_inspection_size")
+
+    @request_body_inspection_size.setter
+    def request_body_inspection_size(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "request_body_inspection_size", value)
+
+    @_builtins.property
+    @pulumi.getter(name="userIpRequestHeaders")
+    def user_ip_request_headers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]:
+        """
+        An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+        """
+        return pulumi.get(self, "user_ip_request_headers")
+
+    @user_ip_request_headers.setter
+    def user_ip_request_headers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "user_ip_request_headers", value)
+
+
+if not MYPY:
+    class RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgsDict(TypedDict):
+        content_types: pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]
+        """
+        A list of custom Content-Type header values to apply the JSON parsing.
+        """
+elif False:
+    RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs:
+    def __init__(__self__, *,
+                 content_types: pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]):
+        """
+        :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] content_types: A list of custom Content-Type header values to apply the JSON parsing.
+        """
+        pulumi.set(__self__, "content_types", content_types)
+
+    @_builtins.property
+    @pulumi.getter(name="contentTypes")
+    def content_types(self) -> pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]:
+        """
+        A list of custom Content-Type header values to apply the JSON parsing.
+        """
+        return pulumi.get(self, "content_types")
+
+    @content_types.setter
+    def content_types(self, value: pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]):
+        pulumi.set(self, "content_types", value)
+
+
 if not MYPY:
     class RegionSecurityPolicyDdosProtectionConfigArgsDict(TypedDict):
         ddos_protection: pulumi.Input[_builtins.str]
@@ -51153,20 +52022,30 @@ if not MYPY:
         The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
         Serverless NEG backends are not currently supported as a mirrored backend service.
         """
+        mirror_percent: NotRequired[pulumi.Input[_builtins.float]]
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
 elif False:
     RegionUrlMapDefaultRouteActionRequestMirrorPolicyArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class RegionUrlMapDefaultRouteActionRequestMirrorPolicyArgs:
     def __init__(__self__, *,
-                 backend_service: Optional[pulumi.Input[_builtins.str]] = None):
+                 backend_service: Optional[pulumi.Input[_builtins.str]] = None,
+                 mirror_percent: Optional[pulumi.Input[_builtins.float]] = None):
         """
         :param pulumi.Input[_builtins.str] backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param pulumi.Input[_builtins.float] mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         if backend_service is not None:
             pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -51182,6 +52061,19 @@ class RegionUrlMapDefaultRouteActionRequestMirrorPolicyArgs:
     def backend_service(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend_service", value)
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[pulumi.Input[_builtins.float]]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
+    @mirror_percent.setter
+    def mirror_percent(self, value: Optional[pulumi.Input[_builtins.float]]):
+        pulumi.set(self, "mirror_percent", value)
+
 
 if not MYPY:
     class RegionUrlMapDefaultRouteActionRetryPolicyArgsDict(TypedDict):
@@ -53030,19 +53922,29 @@ if not MYPY:
         The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
         Serverless NEG backends are not currently supported as a mirrored backend service.
         """
+        mirror_percent: NotRequired[pulumi.Input[_builtins.float]]
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
 elif False:
     RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicyArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicyArgs:
     def __init__(__self__, *,
-                 backend_service: pulumi.Input[_builtins.str]):
+                 backend_service: pulumi.Input[_builtins.str],
+                 mirror_percent: Optional[pulumi.Input[_builtins.float]] = None):
         """
         :param pulumi.Input[_builtins.str] backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param pulumi.Input[_builtins.float] mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -53058,6 +53960,19 @@ class RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicyArgs:
     def backend_service(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend_service", value)
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[pulumi.Input[_builtins.float]]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
+    @mirror_percent.setter
+    def mirror_percent(self, value: Optional[pulumi.Input[_builtins.float]]):
+        pulumi.set(self, "mirror_percent", value)
+
 
 if not MYPY:
     class RegionUrlMapPathMatcherDefaultRouteActionRetryPolicyArgsDict(TypedDict):
@@ -54725,19 +55640,29 @@ if not MYPY:
         The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
         Serverless NEG backends are not currently supported as a mirrored backend service.
         """
+        mirror_percent: NotRequired[pulumi.Input[_builtins.float]]
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
 elif False:
     RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicyArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicyArgs:
     def __init__(__self__, *,
-                 backend_service: pulumi.Input[_builtins.str]):
+                 backend_service: pulumi.Input[_builtins.str],
+                 mirror_percent: Optional[pulumi.Input[_builtins.float]] = None):
         """
         :param pulumi.Input[_builtins.str] backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param pulumi.Input[_builtins.float] mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -54753,6 +55678,19 @@ class RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicyArgs:
     def backend_service(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend_service", value)
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[pulumi.Input[_builtins.float]]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
+    @mirror_percent.setter
+    def mirror_percent(self, value: Optional[pulumi.Input[_builtins.float]]):
+        pulumi.set(self, "mirror_percent", value)
+
 
 if not MYPY:
     class RegionUrlMapPathMatcherPathRuleRouteActionRetryPolicyArgsDict(TypedDict):
@@ -57522,19 +58460,29 @@ if not MYPY:
         The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
         Serverless NEG backends are not currently supported as a mirrored backend service.
         """
+        mirror_percent: NotRequired[pulumi.Input[_builtins.float]]
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
 elif False:
     RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicyArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicyArgs:
     def __init__(__self__, *,
-                 backend_service: pulumi.Input[_builtins.str]):
+                 backend_service: pulumi.Input[_builtins.str],
+                 mirror_percent: Optional[pulumi.Input[_builtins.float]] = None):
         """
         :param pulumi.Input[_builtins.str] backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param pulumi.Input[_builtins.float] mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -57550,6 +58498,19 @@ class RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicyArgs:
     def backend_service(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend_service", value)
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[pulumi.Input[_builtins.float]]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
+    @mirror_percent.setter
+    def mirror_percent(self, value: Optional[pulumi.Input[_builtins.float]]):
+        pulumi.set(self, "mirror_percent", value)
+
 
 if not MYPY:
     class RegionUrlMapPathMatcherRouteRuleRouteActionRetryPolicyArgsDict(TypedDict):
@@ -62498,6 +63459,44 @@ class RouterNatSubnetworkArgs:
         pulumi.set(self, "secondary_ip_range_names", value)
 
 
+if not MYPY:
+    class RouterParamsArgsDict(TypedDict):
+        resource_manager_tags: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]
+        """
+        Resource manager tags to be bound to the router. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456.
+        """
+elif False:
+    RouterParamsArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class RouterParamsArgs:
+    def __init__(__self__, *,
+                 resource_manager_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None):
+        """
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] resource_manager_tags: Resource manager tags to be bound to the router. Tag keys and values have the
+               same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+               and values are in the format tagValues/456.
+        """
+        if resource_manager_tags is not None:
+            pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
+
+    @_builtins.property
+    @pulumi.getter(name="resourceManagerTags")
+    def resource_manager_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        Resource manager tags to be bound to the router. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456.
+        """
+        return pulumi.get(self, "resource_manager_tags")
+
+    @resource_manager_tags.setter
+    def resource_manager_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "resource_manager_tags", value)
+
+
 if not MYPY:
     class RouterPeerAdvertisedIpRangeArgsDict(TypedDict):
         range: pulumi.Input[_builtins.str]
@@ -67194,6 +68193,53 @@ class SubnetworkLogConfigArgs:
         pulumi.set(self, "metadata_fields", value)
 
 
+if not MYPY:
+    class SubnetworkParamsArgsDict(TypedDict):
+        resource_manager_tags: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]
+        """
+        Resource manager tags to be bound to the subnetwork. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456. The field is ignored when empty.
+        The field is immutable and causes resource replacement when mutated. This field is only
+        set at create time and modifying this field after creation will trigger recreation.
+        To apply tags to an existing resource, see the tags.TagBinding resource.
+        """
+elif False:
+    SubnetworkParamsArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class SubnetworkParamsArgs:
+    def __init__(__self__, *,
+                 resource_manager_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]] = None):
+        """
+        :param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] resource_manager_tags: Resource manager tags to be bound to the subnetwork. Tag keys and values have the
+               same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+               and values are in the format tagValues/456. The field is ignored when empty.
+               The field is immutable and causes resource replacement when mutated. This field is only
+               set at create time and modifying this field after creation will trigger recreation.
+               To apply tags to an existing resource, see the tags.TagBinding resource.
+        """
+        if resource_manager_tags is not None:
+            pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
+
+    @_builtins.property
+    @pulumi.getter(name="resourceManagerTags")
+    def resource_manager_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]:
+        """
+        Resource manager tags to be bound to the subnetwork. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456. The field is ignored when empty.
+        The field is immutable and causes resource replacement when mutated. This field is only
+        set at create time and modifying this field after creation will trigger recreation.
+        To apply tags to an existing resource, see the tags.TagBinding resource.
+        """
+        return pulumi.get(self, "resource_manager_tags")
+
+    @resource_manager_tags.setter
+    def resource_manager_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]):
+        pulumi.set(self, "resource_manager_tags", value)
+
+
 if not MYPY:
     class SubnetworkSecondaryIpRangeArgsDict(TypedDict):
         range_name: pulumi.Input[_builtins.str]