pulumi-gcp 8.40.0a1754721948__py3-none-any.whl → 8.41.0__py3-none-any.whl

pulumi_gcp/compute/outputs.py

@@ -85,9 +85,13 @@ __all__ = [
     'FirewallPolicyWithRulesPredefinedRule',
     'FirewallPolicyWithRulesPredefinedRuleMatch',
     'FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config',
+    'FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTag',
+    'FirewallPolicyWithRulesPredefinedRuleTargetSecureTag',
     'FirewallPolicyWithRulesRule',
     'FirewallPolicyWithRulesRuleMatch',
     'FirewallPolicyWithRulesRuleMatchLayer4Config',
+    'FirewallPolicyWithRulesRuleMatchSrcSecureTag',
+    'FirewallPolicyWithRulesRuleTargetSecureTag',
     'ForwardingRuleServiceDirectoryRegistrations',
     'FutureReservationAggregateReservation',
     'FutureReservationAggregateReservationReservedResource',
@@ -348,6 +352,8 @@ __all__ = [
     'PerInstanceConfigPreservedStateExternalIpIpAddress',
     'PerInstanceConfigPreservedStateInternalIp',
     'PerInstanceConfigPreservedStateInternalIpIpAddress',
+    'PreviewFeatureRolloutOperation',
+    'PreviewFeatureRolloutOperationRolloutInput',
     'RegionAutoscalerAutoscalingPolicy',
     'RegionAutoscalerAutoscalingPolicyCpuUtilization',
     'RegionAutoscalerAutoscalingPolicyLoadBalancingUtilization',
@@ -372,6 +378,9 @@ __all__ = [
     'RegionBackendServiceDynamicForwarding',
     'RegionBackendServiceDynamicForwardingIpPortSelection',
     'RegionBackendServiceFailoverPolicy',
+    'RegionBackendServiceHaPolicy',
+    'RegionBackendServiceHaPolicyLeader',
+    'RegionBackendServiceHaPolicyLeaderNetworkEndpoint',
     'RegionBackendServiceIamBindingCondition',
     'RegionBackendServiceIamMemberCondition',
     'RegionBackendServiceIap',
@@ -484,6 +493,8 @@ __all__ = [
     'RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailHelpLink',
     'RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailLocalizedMessage',
     'RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailQuotaInfo',
+    'RegionSecurityPolicyAdvancedOptionsConfig',
+    'RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig',
     'RegionSecurityPolicyDdosProtectionConfig',
     'RegionSecurityPolicyRule',
     'RegionSecurityPolicyRuleMatch',
@@ -634,6 +645,7 @@ __all__ = [
     'RouterNatRule',
     'RouterNatRuleAction',
     'RouterNatSubnetwork',
+    'RouterParams',
     'RouterPeerAdvertisedIpRange',
     'RouterPeerBfd',
     'RouterPeerCustomLearnedIpRange',
@@ -698,6 +710,7 @@ __all__ = [
     'SubnetworkIAMBindingCondition',
     'SubnetworkIAMMemberCondition',
     'SubnetworkLogConfig',
+    'SubnetworkParams',
     'SubnetworkSecondaryIpRange',
     'URLMapDefaultCustomErrorResponsePolicy',
     'URLMapDefaultCustomErrorResponsePolicyErrorResponseRule',
@@ -958,6 +971,9 @@ __all__ = [
     'GetRegionBackendServiceDynamicForwardingResult',
     'GetRegionBackendServiceDynamicForwardingIpPortSelectionResult',
     'GetRegionBackendServiceFailoverPolicyResult',
+    'GetRegionBackendServiceHaPolicyResult',
+    'GetRegionBackendServiceHaPolicyLeaderResult',
+    'GetRegionBackendServiceHaPolicyLeaderNetworkEndpointResult',
     'GetRegionBackendServiceIapResult',
     'GetRegionBackendServiceLogConfigResult',
     'GetRegionBackendServiceOutlierDetectionResult',
@@ -1049,6 +1065,7 @@ __all__ = [
     'GetRouterNatRuleResult',
     'GetRouterNatRuleActionResult',
     'GetRouterNatSubnetworkResult',
+    'GetRouterParamResult',
     'GetRouterStatusBestRouteResult',
     'GetRouterStatusBestRouteAsPathResult',
     'GetRouterStatusBestRouteParamResult',
@@ -5825,6 +5842,8 @@ class FirewallPolicyWithRulesPredefinedRule(dict):
             suggest = "security_profile_group"
         elif key == "targetResources":
             suggest = "target_resources"
+        elif key == "targetSecureTags":
+            suggest = "target_secure_tags"
         elif key == "targetServiceAccounts":
             suggest = "target_service_accounts"
         elif key == "tlsInspect":
@@ -5852,6 +5871,7 @@ class FirewallPolicyWithRulesPredefinedRule(dict):
                  rule_name: Optional[_builtins.str] = None,
                  security_profile_group: Optional[_builtins.str] = None,
                  target_resources: Optional[Sequence[_builtins.str]] = None,
+                 target_secure_tags: Optional[Sequence['outputs.FirewallPolicyWithRulesPredefinedRuleTargetSecureTag']] = None,
                  target_service_accounts: Optional[Sequence[_builtins.str]] = None,
                  tls_inspect: Optional[_builtins.bool] = None):
         """
@@ -5890,6 +5910,19 @@ class FirewallPolicyWithRulesPredefinedRule(dict):
                This field allows you to control which network's VMs get
                this rule. If this field is left blank, all VMs
                within the organization will receive the rule.
+        :param Sequence['FirewallPolicyWithRulesPredefinedRuleTargetSecureTagArgs'] target_secure_tags: (Output)
+               A list of secure tags that controls which instances the firewall rule
+               applies to. If <code>targetSecureTag</code> are specified, then the
+               firewall rule applies only to instances in the VPC network that have one
+               of those EFFECTIVE secure tags, if all the target_secure_tag are in
+               INEFFECTIVE state, then this rule will be ignored.
+               <code>targetSecureTag</code> may not be set at the same time as
+               <code>targetServiceAccounts</code>.
+               If neither <code>targetServiceAccounts</code> nor
+               <code>targetSecureTag</code> are specified, the firewall rule applies
+               to all instances on the specified network.
+               Maximum number of target secure tags allowed is 256.
+               Structure is documented below.
         :param Sequence[_builtins.str] target_service_accounts: (Output)
                A list of service accounts indicating the sets of
                instances that are applied with this rule.
@@ -5917,6 +5950,8 @@ class FirewallPolicyWithRulesPredefinedRule(dict):
             pulumi.set(__self__, "security_profile_group", security_profile_group)
         if target_resources is not None:
             pulumi.set(__self__, "target_resources", target_resources)
+        if target_secure_tags is not None:
+            pulumi.set(__self__, "target_secure_tags", target_secure_tags)
         if target_service_accounts is not None:
             pulumi.set(__self__, "target_service_accounts", target_service_accounts)
         if tls_inspect is not None:
@@ -6027,6 +6062,26 @@ class FirewallPolicyWithRulesPredefinedRule(dict):
         """
         return pulumi.get(self, "target_resources")
 
+    @_builtins.property
+    @pulumi.getter(name="targetSecureTags")
+    def target_secure_tags(self) -> Optional[Sequence['outputs.FirewallPolicyWithRulesPredefinedRuleTargetSecureTag']]:
+        """
+        (Output)
+        A list of secure tags that controls which instances the firewall rule
+        applies to. If <code>targetSecureTag</code> are specified, then the
+        firewall rule applies only to instances in the VPC network that have one
+        of those EFFECTIVE secure tags, if all the target_secure_tag are in
+        INEFFECTIVE state, then this rule will be ignored.
+        <code>targetSecureTag</code> may not be set at the same time as
+        <code>targetServiceAccounts</code>.
+        If neither <code>targetServiceAccounts</code> nor
+        <code>targetSecureTag</code> are specified, the firewall rule applies
+        to all instances on the specified network.
+        Maximum number of target secure tags allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "target_secure_tags")
+
     @_builtins.property
     @pulumi.getter(name="targetServiceAccounts")
     def target_service_accounts(self) -> Optional[Sequence[_builtins.str]]:
@@ -6073,6 +6128,8 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
             suggest = "src_ip_ranges"
         elif key == "srcRegionCodes":
             suggest = "src_region_codes"
+        elif key == "srcSecureTags":
+            suggest = "src_secure_tags"
         elif key == "srcThreatIntelligences":
             suggest = "src_threat_intelligences"
 
@@ -6098,6 +6155,7 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
                  src_fqdns: Optional[Sequence[_builtins.str]] = None,
                  src_ip_ranges: Optional[Sequence[_builtins.str]] = None,
                  src_region_codes: Optional[Sequence[_builtins.str]] = None,
+                 src_secure_tags: Optional[Sequence['outputs.FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTag']] = None,
                  src_threat_intelligences: Optional[Sequence[_builtins.str]] = None):
         """
         :param Sequence[_builtins.str] dest_address_groups: Address groups which should be matched against the traffic destination.
@@ -6114,9 +6172,6 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
                The IPs in these lists will be matched against traffic destination.
         :param Sequence['FirewallPolicyWithRulesPredefinedRuleMatchLayer4ConfigArgs'] layer4_configs: Pairs of IP protocols and ports that the rule should match.
                Structure is documented below.
-               
-               
-               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         :param Sequence[_builtins.str] src_address_groups: Address groups which should be matched against the traffic source.
                Maximum number of source address groups is 10.
         :param Sequence[_builtins.str] src_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
@@ -6127,6 +6182,12 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
                of traffic. Should be specified as 2 letter country code defined as per
                ISO 3166 alpha-2 country codes. ex."US"
                Maximum number of source region codes allowed is 5000.
+        :param Sequence['FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTagArgs'] src_secure_tags: List of secure tag values, which should be matched at the source
+               of the traffic.
+               For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+               and there is no <code>srcIpRange</code>, this rule will be ignored.
+               Maximum number of source tag values allowed is 256.
+               Structure is documented below.
         :param Sequence[_builtins.str] src_threat_intelligences: Names of Network Threat Intelligence lists.
                The IPs in these lists will be matched against traffic source.
         """
@@ -6150,6 +6211,8 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
             pulumi.set(__self__, "src_ip_ranges", src_ip_ranges)
         if src_region_codes is not None:
             pulumi.set(__self__, "src_region_codes", src_region_codes)
+        if src_secure_tags is not None:
+            pulumi.set(__self__, "src_secure_tags", src_secure_tags)
         if src_threat_intelligences is not None:
             pulumi.set(__self__, "src_threat_intelligences", src_threat_intelligences)
 
@@ -6206,9 +6269,6 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
         """
         Pairs of IP protocols and ports that the rule should match.
         Structure is documented below.
-
-
-        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         """
         return pulumi.get(self, "layer4_configs")
 
@@ -6250,6 +6310,19 @@ class FirewallPolicyWithRulesPredefinedRuleMatch(dict):
         """
         return pulumi.get(self, "src_region_codes")
 
+    @_builtins.property
+    @pulumi.getter(name="srcSecureTags")
+    def src_secure_tags(self) -> Optional[Sequence['outputs.FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTag']]:
+        """
+        List of secure tag values, which should be matched at the source
+        of the traffic.
+        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+        and there is no <code>srcIpRange</code>, this rule will be ignored.
+        Maximum number of source tag values allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "src_secure_tags")
+
     @_builtins.property
     @pulumi.getter(name="srcThreatIntelligences")
     def src_threat_intelligences(self) -> Optional[Sequence[_builtins.str]]:
@@ -6330,6 +6403,88 @@ class FirewallPolicyWithRulesPredefinedRuleMatchLayer4Config(dict):
         return pulumi.get(self, "ports")
 
 
+@pulumi.output_type
+class FirewallPolicyWithRulesPredefinedRuleMatchSrcSecureTag(dict):
+    def __init__(__self__, *,
+                 name: Optional[_builtins.str] = None,
+                 state: Optional[_builtins.str] = None):
+        """
+        :param _builtins.str name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param _builtins.str state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+               
+               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[_builtins.str]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[_builtins.str]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+
+        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        return pulumi.get(self, "state")
+
+
+@pulumi.output_type
+class FirewallPolicyWithRulesPredefinedRuleTargetSecureTag(dict):
+    def __init__(__self__, *,
+                 name: Optional[_builtins.str] = None,
+                 state: Optional[_builtins.str] = None):
+        """
+        :param _builtins.str name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param _builtins.str state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[_builtins.str]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[_builtins.str]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+        """
+        return pulumi.get(self, "state")
+
+
 @pulumi.output_type
 class FirewallPolicyWithRulesRule(dict):
     @staticmethod
@@ -6343,6 +6498,8 @@ class FirewallPolicyWithRulesRule(dict):
             suggest = "security_profile_group"
         elif key == "targetResources":
             suggest = "target_resources"
+        elif key == "targetSecureTags":
+            suggest = "target_secure_tags"
         elif key == "targetServiceAccounts":
             suggest = "target_service_accounts"
         elif key == "tlsInspect":
@@ -6370,6 +6527,7 @@ class FirewallPolicyWithRulesRule(dict):
                  rule_name: Optional[_builtins.str] = None,
                  security_profile_group: Optional[_builtins.str] = None,
                  target_resources: Optional[Sequence[_builtins.str]] = None,
+                 target_secure_tags: Optional[Sequence['outputs.FirewallPolicyWithRulesRuleTargetSecureTag']] = None,
                  target_service_accounts: Optional[Sequence[_builtins.str]] = None,
                  tls_inspect: Optional[_builtins.bool] = None):
         """
@@ -6400,6 +6558,18 @@ class FirewallPolicyWithRulesRule(dict):
                This field allows you to control which network's VMs get
                this rule. If this field is left blank, all VMs
                within the organization will receive the rule.
+        :param Sequence['FirewallPolicyWithRulesRuleTargetSecureTagArgs'] target_secure_tags: A list of secure tags that controls which instances the firewall rule
+               applies to. If <code>targetSecureTag</code> are specified, then the
+               firewall rule applies only to instances in the VPC network that have one
+               of those EFFECTIVE secure tags, if all the target_secure_tag are in
+               INEFFECTIVE state, then this rule will be ignored.
+               <code>targetSecureTag</code> may not be set at the same time as
+               <code>targetServiceAccounts</code>.
+               If neither <code>targetServiceAccounts</code> nor
+               <code>targetSecureTag</code> are specified, the firewall rule applies
+               to all instances on the specified network.
+               Maximum number of target secure tags allowed is 256.
+               Structure is documented below.
         :param Sequence[_builtins.str] target_service_accounts: A list of service accounts indicating the sets of
                instances that are applied with this rule.
         :param _builtins.bool tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted.
@@ -6422,6 +6592,8 @@ class FirewallPolicyWithRulesRule(dict):
             pulumi.set(__self__, "security_profile_group", security_profile_group)
         if target_resources is not None:
             pulumi.set(__self__, "target_resources", target_resources)
+        if target_secure_tags is not None:
+            pulumi.set(__self__, "target_secure_tags", target_secure_tags)
         if target_service_accounts is not None:
             pulumi.set(__self__, "target_service_accounts", target_service_accounts)
         if tls_inspect is not None:
@@ -6524,6 +6696,25 @@ class FirewallPolicyWithRulesRule(dict):
         """
         return pulumi.get(self, "target_resources")
 
+    @_builtins.property
+    @pulumi.getter(name="targetSecureTags")
+    def target_secure_tags(self) -> Optional[Sequence['outputs.FirewallPolicyWithRulesRuleTargetSecureTag']]:
+        """
+        A list of secure tags that controls which instances the firewall rule
+        applies to. If <code>targetSecureTag</code> are specified, then the
+        firewall rule applies only to instances in the VPC network that have one
+        of those EFFECTIVE secure tags, if all the target_secure_tag are in
+        INEFFECTIVE state, then this rule will be ignored.
+        <code>targetSecureTag</code> may not be set at the same time as
+        <code>targetServiceAccounts</code>.
+        If neither <code>targetServiceAccounts</code> nor
+        <code>targetSecureTag</code> are specified, the firewall rule applies
+        to all instances on the specified network.
+        Maximum number of target secure tags allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "target_secure_tags")
+
     @_builtins.property
     @pulumi.getter(name="targetServiceAccounts")
     def target_service_accounts(self) -> Optional[Sequence[_builtins.str]]:
@@ -6574,6 +6765,8 @@ class FirewallPolicyWithRulesRuleMatch(dict):
             suggest = "src_networks"
         elif key == "srcRegionCodes":
             suggest = "src_region_codes"
+        elif key == "srcSecureTags":
+            suggest = "src_secure_tags"
         elif key == "srcThreatIntelligences":
             suggest = "src_threat_intelligences"
 
@@ -6602,13 +6795,11 @@ class FirewallPolicyWithRulesRuleMatch(dict):
                  src_network_scope: Optional[_builtins.str] = None,
                  src_networks: Optional[Sequence[_builtins.str]] = None,
                  src_region_codes: Optional[Sequence[_builtins.str]] = None,
+                 src_secure_tags: Optional[Sequence['outputs.FirewallPolicyWithRulesRuleMatchSrcSecureTag']] = None,
                  src_threat_intelligences: Optional[Sequence[_builtins.str]] = None):
         """
         :param Sequence['FirewallPolicyWithRulesRuleMatchLayer4ConfigArgs'] layer4_configs: Pairs of IP protocols and ports that the rule should match.
                Structure is documented below.
-               
-               
-               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         :param Sequence[_builtins.str] dest_address_groups: Address groups which should be matched against the traffic destination.
                Maximum number of destination address groups is 10.
         :param Sequence[_builtins.str] dest_fqdns: Fully Qualified Domain Name (FQDN) which should be matched against
@@ -6636,6 +6827,12 @@ class FirewallPolicyWithRulesRuleMatch(dict):
                of traffic. Should be specified as 2 letter country code defined as per
                ISO 3166 alpha-2 country codes. ex."US"
                Maximum number of source region codes allowed is 5000.
+        :param Sequence['FirewallPolicyWithRulesRuleMatchSrcSecureTagArgs'] src_secure_tags: List of secure tag values, which should be matched at the source
+               of the traffic.
+               For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+               and there is no <code>srcIpRange</code>, this rule will be ignored.
+               Maximum number of source tag values allowed is 256.
+               Structure is documented below.
         :param Sequence[_builtins.str] src_threat_intelligences: Names of Network Threat Intelligence lists.
                The IPs in these lists will be matched against traffic source.
         """
@@ -6664,6 +6861,8 @@ class FirewallPolicyWithRulesRuleMatch(dict):
             pulumi.set(__self__, "src_networks", src_networks)
         if src_region_codes is not None:
             pulumi.set(__self__, "src_region_codes", src_region_codes)
+        if src_secure_tags is not None:
+            pulumi.set(__self__, "src_secure_tags", src_secure_tags)
         if src_threat_intelligences is not None:
             pulumi.set(__self__, "src_threat_intelligences", src_threat_intelligences)
 
@@ -6673,9 +6872,6 @@ class FirewallPolicyWithRulesRuleMatch(dict):
         """
         Pairs of IP protocols and ports that the rule should match.
         Structure is documented below.
-
-
-        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
         """
         return pulumi.get(self, "layer4_configs")
 
@@ -6790,6 +6986,19 @@ class FirewallPolicyWithRulesRuleMatch(dict):
         """
         return pulumi.get(self, "src_region_codes")
 
+    @_builtins.property
+    @pulumi.getter(name="srcSecureTags")
+    def src_secure_tags(self) -> Optional[Sequence['outputs.FirewallPolicyWithRulesRuleMatchSrcSecureTag']]:
+        """
+        List of secure tag values, which should be matched at the source
+        of the traffic.
+        For INGRESS rule, if all the <code>srcSecureTag</code> are INEFFECTIVE,
+        and there is no <code>srcIpRange</code>, this rule will be ignored.
+        Maximum number of source tag values allowed is 256.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "src_secure_tags")
+
     @_builtins.property
     @pulumi.getter(name="srcThreatIntelligences")
     def src_threat_intelligences(self) -> Optional[Sequence[_builtins.str]]:
@@ -6869,6 +7078,88 @@ class FirewallPolicyWithRulesRuleMatchLayer4Config(dict):
         return pulumi.get(self, "ports")
 
 
+@pulumi.output_type
+class FirewallPolicyWithRulesRuleMatchSrcSecureTag(dict):
+    def __init__(__self__, *,
+                 name: Optional[_builtins.str] = None,
+                 state: Optional[_builtins.str] = None):
+        """
+        :param _builtins.str name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param _builtins.str state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+               
+               <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[_builtins.str]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[_builtins.str]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+
+        <a name="nested_rule_rule_match_layer4_config"></a>The `layer4_config` block supports:
+        """
+        return pulumi.get(self, "state")
+
+
+@pulumi.output_type
+class FirewallPolicyWithRulesRuleTargetSecureTag(dict):
+    def __init__(__self__, *,
+                 name: Optional[_builtins.str] = None,
+                 state: Optional[_builtins.str] = None):
+        """
+        :param _builtins.str name: Name of the secure tag, created with TagManager's TagValue API.
+               @pattern tagValues/[0-9]+
+        :param _builtins.str state: (Output)
+               [Output Only] State of the secure tag, either `EFFECTIVE` or
+               `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+               or its network is deleted.
+        """
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if state is not None:
+            pulumi.set(__self__, "state", state)
+
+    @_builtins.property
+    @pulumi.getter
+    def name(self) -> Optional[_builtins.str]:
+        """
+        Name of the secure tag, created with TagManager's TagValue API.
+        @pattern tagValues/[0-9]+
+        """
+        return pulumi.get(self, "name")
+
+    @_builtins.property
+    @pulumi.getter
+    def state(self) -> Optional[_builtins.str]:
+        """
+        (Output)
+        [Output Only] State of the secure tag, either `EFFECTIVE` or
+        `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+        or its network is deleted.
+        """
+        return pulumi.get(self, "state")
+
+
 @pulumi.output_type
 class ForwardingRuleServiceDirectoryRegistrations(dict):
     def __init__(__self__, *,
@@ -25911,6 +26202,81 @@ class PerInstanceConfigPreservedStateInternalIpIpAddress(dict):
         return pulumi.get(self, "address")
 
 
+@pulumi.output_type
+class PreviewFeatureRolloutOperation(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "rolloutInput":
+            suggest = "rollout_input"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PreviewFeatureRolloutOperation. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PreviewFeatureRolloutOperation.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PreviewFeatureRolloutOperation.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 rollout_input: Optional['outputs.PreviewFeatureRolloutOperationRolloutInput'] = None):
+        """
+        :param 'PreviewFeatureRolloutOperationRolloutInputArgs' rollout_input: The input for the rollout operation.
+               Structure is documented below.
+        """
+        if rollout_input is not None:
+            pulumi.set(__self__, "rollout_input", rollout_input)
+
+    @_builtins.property
+    @pulumi.getter(name="rolloutInput")
+    def rollout_input(self) -> Optional['outputs.PreviewFeatureRolloutOperationRolloutInput']:
+        """
+        The input for the rollout operation.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "rollout_input")
+
+
+@pulumi.output_type
+class PreviewFeatureRolloutOperationRolloutInput(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "predefinedRolloutPlan":
+            suggest = "predefined_rollout_plan"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in PreviewFeatureRolloutOperationRolloutInput. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        PreviewFeatureRolloutOperationRolloutInput.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        PreviewFeatureRolloutOperationRolloutInput.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 predefined_rollout_plan: _builtins.str):
+        """
+        :param _builtins.str predefined_rollout_plan: Predefined rollout plans.
+               Possible values are: `ROLLOUT_PLAN_FAST_ROLLOUT`.
+        """
+        pulumi.set(__self__, "predefined_rollout_plan", predefined_rollout_plan)
+
+    @_builtins.property
+    @pulumi.getter(name="predefinedRolloutPlan")
+    def predefined_rollout_plan(self) -> _builtins.str:
+        """
+        Predefined rollout plans.
+        Possible values are: `ROLLOUT_PLAN_FAST_ROLLOUT`.
+        """
+        return pulumi.get(self, "predefined_rollout_plan")
+
+
 @pulumi.output_type
 class RegionAutoscalerAutoscalingPolicy(dict):
     @staticmethod
@@ -28085,6 +28451,157 @@ class RegionBackendServiceFailoverPolicy(dict):
         return pulumi.get(self, "failover_ratio")
 
 
+@pulumi.output_type
+class RegionBackendServiceHaPolicy(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "fastIpMove":
+            suggest = "fast_ip_move"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionBackendServiceHaPolicy. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionBackendServiceHaPolicy.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionBackendServiceHaPolicy.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 fast_ip_move: Optional[_builtins.str] = None,
+                 leader: Optional['outputs.RegionBackendServiceHaPolicyLeader'] = None):
+        """
+        :param _builtins.str fast_ip_move: Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+               Supported values are:
+               * `DISABLED`: Fast IP Move is disabled. You can only use the haPolicy.leader API to
+               update the leader.
+               * `GARP_RA`: Provides a method to very quickly define a new network endpoint as the
+               leader. This method is faster than updating the leader using the
+               haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+               network endpoint that should become the new leader sends either a
+               Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+               packet (IPv6). Google Cloud immediately but temporarily associates the
+               forwarding rule IP address with that VM, and both new and in-flight packets
+               are quickly delivered to that VM.
+               Possible values are: `DISABLED`, `GARP_RA`.
+        :param 'RegionBackendServiceHaPolicyLeaderArgs' leader: Selects one of the network endpoints attached to the backend NEGs of this service as the
+               active endpoint (the leader) that receives all traffic.
+               Structure is documented below.
+        """
+        if fast_ip_move is not None:
+            pulumi.set(__self__, "fast_ip_move", fast_ip_move)
+        if leader is not None:
+            pulumi.set(__self__, "leader", leader)
+
+    @_builtins.property
+    @pulumi.getter(name="fastIpMove")
+    def fast_ip_move(self) -> Optional[_builtins.str]:
+        """
+        Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+        Supported values are:
+        * `DISABLED`: Fast IP Move is disabled. You can only use the haPolicy.leader API to
+        update the leader.
+        * `GARP_RA`: Provides a method to very quickly define a new network endpoint as the
+        leader. This method is faster than updating the leader using the
+        haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+        network endpoint that should become the new leader sends either a
+        Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+        packet (IPv6). Google Cloud immediately but temporarily associates the
+        forwarding rule IP address with that VM, and both new and in-flight packets
+        are quickly delivered to that VM.
+        Possible values are: `DISABLED`, `GARP_RA`.
+        """
+        return pulumi.get(self, "fast_ip_move")
+
+    @_builtins.property
+    @pulumi.getter
+    def leader(self) -> Optional['outputs.RegionBackendServiceHaPolicyLeader']:
+        """
+        Selects one of the network endpoints attached to the backend NEGs of this service as the
+        active endpoint (the leader) that receives all traffic.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "leader")
+
+
+@pulumi.output_type
+class RegionBackendServiceHaPolicyLeader(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "backendGroup":
+            suggest = "backend_group"
+        elif key == "networkEndpoint":
+            suggest = "network_endpoint"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionBackendServiceHaPolicyLeader. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionBackendServiceHaPolicyLeader.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionBackendServiceHaPolicyLeader.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 backend_group: Optional[_builtins.str] = None,
+                 network_endpoint: Optional['outputs.RegionBackendServiceHaPolicyLeaderNetworkEndpoint'] = None):
+        """
+        :param _builtins.str backend_group: A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+               attached to.
+        :param 'RegionBackendServiceHaPolicyLeaderNetworkEndpointArgs' network_endpoint: The network endpoint within the leader.backendGroup that is designated as the leader.
+               Structure is documented below.
+        """
+        if backend_group is not None:
+            pulumi.set(__self__, "backend_group", backend_group)
+        if network_endpoint is not None:
+            pulumi.set(__self__, "network_endpoint", network_endpoint)
+
+    @_builtins.property
+    @pulumi.getter(name="backendGroup")
+    def backend_group(self) -> Optional[_builtins.str]:
+        """
+        A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+        attached to.
+        """
+        return pulumi.get(self, "backend_group")
+
+    @_builtins.property
+    @pulumi.getter(name="networkEndpoint")
+    def network_endpoint(self) -> Optional['outputs.RegionBackendServiceHaPolicyLeaderNetworkEndpoint']:
+        """
+        The network endpoint within the leader.backendGroup that is designated as the leader.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "network_endpoint")
+
+
+@pulumi.output_type
+class RegionBackendServiceHaPolicyLeaderNetworkEndpoint(dict):
+    def __init__(__self__, *,
+                 instance: Optional[_builtins.str] = None):
+        """
+        :param _builtins.str instance: The name of the VM instance of the leader network endpoint. The instance must
+               already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+        if instance is not None:
+            pulumi.set(__self__, "instance", instance)
+
+    @_builtins.property
+    @pulumi.getter
+    def instance(self) -> Optional[_builtins.str]:
+        """
+        The name of the VM instance of the leader network endpoint. The instance must
+        already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+        return pulumi.get(self, "instance")
+
+
 @pulumi.output_type
 class RegionBackendServiceIamBindingCondition(dict):
     def __init__(__self__, *,
@@ -36521,6 +37038,143 @@ class RegionResizeRequestStatusLastAttemptErrorErrorErrorDetailQuotaInfo(dict):
         return pulumi.get(self, "rollout_status")
 
 
+@pulumi.output_type
+class RegionSecurityPolicyAdvancedOptionsConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "jsonCustomConfig":
+            suggest = "json_custom_config"
+        elif key == "jsonParsing":
+            suggest = "json_parsing"
+        elif key == "logLevel":
+            suggest = "log_level"
+        elif key == "requestBodyInspectionSize":
+            suggest = "request_body_inspection_size"
+        elif key == "userIpRequestHeaders":
+            suggest = "user_ip_request_headers"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyAdvancedOptionsConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyAdvancedOptionsConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyAdvancedOptionsConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 json_custom_config: Optional['outputs.RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig'] = None,
+                 json_parsing: Optional[_builtins.str] = None,
+                 log_level: Optional[_builtins.str] = None,
+                 request_body_inspection_size: Optional[_builtins.str] = None,
+                 user_ip_request_headers: Optional[Sequence[_builtins.str]] = None):
+        """
+        :param 'RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigArgs' json_custom_config: Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
+               Structure is documented below.
+        :param _builtins.str json_parsing: JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
+               Possible values are: `DISABLED`, `STANDARD`, `STANDARD_WITH_GRAPHQL`.
+        :param _builtins.str log_level: Logging level. Supported values include: "NORMAL", "VERBOSE".
+               Possible values are: `NORMAL`, `VERBOSE`.
+        :param _builtins.str request_body_inspection_size: The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB, "32KB", "48KB" and "64KB".
+               Values are case insensitive.
+               Possible values are: `8KB`, `16KB`, `32KB`, `48KB`, `64KB`.
+        :param Sequence[_builtins.str] user_ip_request_headers: An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+        """
+        if json_custom_config is not None:
+            pulumi.set(__self__, "json_custom_config", json_custom_config)
+        if json_parsing is not None:
+            pulumi.set(__self__, "json_parsing", json_parsing)
+        if log_level is not None:
+            pulumi.set(__self__, "log_level", log_level)
+        if request_body_inspection_size is not None:
+            pulumi.set(__self__, "request_body_inspection_size", request_body_inspection_size)
+        if user_ip_request_headers is not None:
+            pulumi.set(__self__, "user_ip_request_headers", user_ip_request_headers)
+
+    @_builtins.property
+    @pulumi.getter(name="jsonCustomConfig")
+    def json_custom_config(self) -> Optional['outputs.RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig']:
+        """
+        Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
+        Structure is documented below.
+        """
+        return pulumi.get(self, "json_custom_config")
+
+    @_builtins.property
+    @pulumi.getter(name="jsonParsing")
+    def json_parsing(self) -> Optional[_builtins.str]:
+        """
+        JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
+        Possible values are: `DISABLED`, `STANDARD`, `STANDARD_WITH_GRAPHQL`.
+        """
+        return pulumi.get(self, "json_parsing")
+
+    @_builtins.property
+    @pulumi.getter(name="logLevel")
+    def log_level(self) -> Optional[_builtins.str]:
+        """
+        Logging level. Supported values include: "NORMAL", "VERBOSE".
+        Possible values are: `NORMAL`, `VERBOSE`.
+        """
+        return pulumi.get(self, "log_level")
+
+    @_builtins.property
+    @pulumi.getter(name="requestBodyInspectionSize")
+    def request_body_inspection_size(self) -> Optional[_builtins.str]:
+        """
+        The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB, "32KB", "48KB" and "64KB".
+        Values are case insensitive.
+        Possible values are: `8KB`, `16KB`, `32KB`, `48KB`, `64KB`.
+        """
+        return pulumi.get(self, "request_body_inspection_size")
+
+    @_builtins.property
+    @pulumi.getter(name="userIpRequestHeaders")
+    def user_ip_request_headers(self) -> Optional[Sequence[_builtins.str]]:
+        """
+        An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+        """
+        return pulumi.get(self, "user_ip_request_headers")
+
+
+@pulumi.output_type
+class RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "contentTypes":
+            suggest = "content_types"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 content_types: Sequence[_builtins.str]):
+        """
+        :param Sequence[_builtins.str] content_types: A list of custom Content-Type header values to apply the JSON parsing.
+        """
+        pulumi.set(__self__, "content_types", content_types)
+
+    @_builtins.property
+    @pulumi.getter(name="contentTypes")
+    def content_types(self) -> Sequence[_builtins.str]:
+        """
+        A list of custom Content-Type header values to apply the JSON parsing.
+        """
+        return pulumi.get(self, "content_types")
+
+
 @pulumi.output_type
 class RegionSecurityPolicyDdosProtectionConfig(dict):
     @staticmethod
@@ -38254,6 +38908,8 @@ class RegionUrlMapDefaultRouteActionRequestMirrorPolicy(dict):
         suggest = None
         if key == "backendService":
             suggest = "backend_service"
+        elif key == "mirrorPercent":
+            suggest = "mirror_percent"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in RegionUrlMapDefaultRouteActionRequestMirrorPolicy. Access the value via the '{suggest}' property getter instead.")
@@ -38267,14 +38923,19 @@ class RegionUrlMapDefaultRouteActionRequestMirrorPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 backend_service: Optional[_builtins.str] = None):
+                 backend_service: Optional[_builtins.str] = None,
+                 mirror_percent: Optional[_builtins.float] = None):
         """
         :param _builtins.str backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param _builtins.float mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         if backend_service is not None:
             pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -38286,6 +38947,15 @@ class RegionUrlMapDefaultRouteActionRequestMirrorPolicy(dict):
         """
         return pulumi.get(self, "backend_service")
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[_builtins.float]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
 
 @pulumi.output_type
 class RegionUrlMapDefaultRouteActionRetryPolicy(dict):
@@ -39696,6 +40366,8 @@ class RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicy(dict):
         suggest = None
         if key == "backendService":
             suggest = "backend_service"
+        elif key == "mirrorPercent":
+            suggest = "mirror_percent"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicy. Access the value via the '{suggest}' property getter instead.")
@@ -39709,13 +40381,18 @@ class RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 backend_service: _builtins.str):
+                 backend_service: _builtins.str,
+                 mirror_percent: Optional[_builtins.float] = None):
         """
         :param _builtins.str backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param _builtins.float mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -39727,6 +40404,15 @@ class RegionUrlMapPathMatcherDefaultRouteActionRequestMirrorPolicy(dict):
         """
         return pulumi.get(self, "backend_service")
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[_builtins.float]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
 
 @pulumi.output_type
 class RegionUrlMapPathMatcherDefaultRouteActionRetryPolicy(dict):
@@ -41005,6 +41691,8 @@ class RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicy(dict):
         suggest = None
         if key == "backendService":
             suggest = "backend_service"
+        elif key == "mirrorPercent":
+            suggest = "mirror_percent"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicy. Access the value via the '{suggest}' property getter instead.")
@@ -41018,13 +41706,18 @@ class RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 backend_service: _builtins.str):
+                 backend_service: _builtins.str,
+                 mirror_percent: Optional[_builtins.float] = None):
         """
         :param _builtins.str backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param _builtins.float mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -41036,6 +41729,15 @@ class RegionUrlMapPathMatcherPathRuleRouteActionRequestMirrorPolicy(dict):
         """
         return pulumi.get(self, "backend_service")
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[_builtins.float]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
 
 @pulumi.output_type
 class RegionUrlMapPathMatcherPathRuleRouteActionRetryPolicy(dict):
@@ -43168,6 +43870,8 @@ class RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicy(dict):
         suggest = None
         if key == "backendService":
             suggest = "backend_service"
+        elif key == "mirrorPercent":
+            suggest = "mirror_percent"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicy. Access the value via the '{suggest}' property getter instead.")
@@ -43181,13 +43885,18 @@ class RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicy(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 backend_service: _builtins.str):
+                 backend_service: _builtins.str,
+                 mirror_percent: Optional[_builtins.float] = None):
         """
         :param _builtins.str backend_service: The full or partial URL to the RegionBackendService resource being mirrored to.
                The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.
                Serverless NEG backends are not currently supported as a mirrored backend service.
+        :param _builtins.float mirror_percent: The percentage of requests to be mirrored to backendService.
+               The value must be between 0.0 and 100.0 inclusive.
         """
         pulumi.set(__self__, "backend_service", backend_service)
+        if mirror_percent is not None:
+            pulumi.set(__self__, "mirror_percent", mirror_percent)
 
     @_builtins.property
     @pulumi.getter(name="backendService")
@@ -43199,6 +43908,15 @@ class RegionUrlMapPathMatcherRouteRuleRouteActionRequestMirrorPolicy(dict):
         """
         return pulumi.get(self, "backend_service")
 
+    @_builtins.property
+    @pulumi.getter(name="mirrorPercent")
+    def mirror_percent(self) -> Optional[_builtins.float]:
+        """
+        The percentage of requests to be mirrored to backendService.
+        The value must be between 0.0 and 100.0 inclusive.
+        """
+        return pulumi.get(self, "mirror_percent")
+
 
 @pulumi.output_type
 class RegionUrlMapPathMatcherRouteRuleRouteActionRetryPolicy(dict):
@@ -46953,6 +47671,46 @@ class RouterNatSubnetwork(dict):
         return pulumi.get(self, "secondary_ip_range_names")
 
 
+@pulumi.output_type
+class RouterParams(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "resourceManagerTags":
+            suggest = "resource_manager_tags"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in RouterParams. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        RouterParams.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        RouterParams.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 resource_manager_tags: Optional[Mapping[str, _builtins.str]] = None):
+        """
+        :param Mapping[str, _builtins.str] resource_manager_tags: Resource manager tags to be bound to the router. Tag keys and values have the
+               same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+               and values are in the format tagValues/456.
+        """
+        if resource_manager_tags is not None:
+            pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
+
+    @_builtins.property
+    @pulumi.getter(name="resourceManagerTags")
+    def resource_manager_tags(self) -> Optional[Mapping[str, _builtins.str]]:
+        """
+        Resource manager tags to be bound to the router. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456.
+        """
+        return pulumi.get(self, "resource_manager_tags")
+
+
 @pulumi.output_type
 class RouterPeerAdvertisedIpRange(dict):
     def __init__(__self__, *,
@@ -51467,6 +52225,52 @@ class SubnetworkLogConfig(dict):
         return pulumi.get(self, "metadata_fields")
 
 
+@pulumi.output_type
+class SubnetworkParams(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "resourceManagerTags":
+            suggest = "resource_manager_tags"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in SubnetworkParams. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        SubnetworkParams.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        SubnetworkParams.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 resource_manager_tags: Optional[Mapping[str, _builtins.str]] = None):
+        """
+        :param Mapping[str, _builtins.str] resource_manager_tags: Resource manager tags to be bound to the subnetwork. Tag keys and values have the
+               same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+               and values are in the format tagValues/456. The field is ignored when empty.
+               The field is immutable and causes resource replacement when mutated. This field is only
+               set at create time and modifying this field after creation will trigger recreation.
+               To apply tags to an existing resource, see the tags.TagBinding resource.
+        """
+        if resource_manager_tags is not None:
+            pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
+
+    @_builtins.property
+    @pulumi.getter(name="resourceManagerTags")
+    def resource_manager_tags(self) -> Optional[Mapping[str, _builtins.str]]:
+        """
+        Resource manager tags to be bound to the subnetwork. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456. The field is ignored when empty.
+        The field is immutable and causes resource replacement when mutated. This field is only
+        set at create time and modifying this field after creation will trigger recreation.
+        To apply tags to an existing resource, see the tags.TagBinding resource.
+        """
+        return pulumi.get(self, "resource_manager_tags")
+
+
 @pulumi.output_type
 class SubnetworkSecondaryIpRange(dict):
     @staticmethod
@@ -62575,9 +63379,6 @@ class GetForwardingRulesRuleResult(dict):
                
                The forwarded traffic must be of a type appropriate to the target object.
                *  For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).
-               *  For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
-                 *  'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).
-                 *  'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).
                
                For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
         """
@@ -63107,9 +63908,6 @@ class GetForwardingRulesRuleResult(dict):
 
         The forwarded traffic must be of a type appropriate to the target object.
         *  For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).
-        *  For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
-          *  'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).
-          *  'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).
 
         For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
         """
@@ -69428,6 +70226,114 @@ class GetRegionBackendServiceFailoverPolicyResult(dict):
         return pulumi.get(self, "failover_ratio")
 
 
+@pulumi.output_type
+class GetRegionBackendServiceHaPolicyResult(dict):
+    def __init__(__self__, *,
+                 fast_ip_move: _builtins.str,
+                 leaders: Sequence['outputs.GetRegionBackendServiceHaPolicyLeaderResult']):
+        """
+        :param _builtins.str fast_ip_move: Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+               Supported values are:
+               
+               * 'DISABLED': Fast IP Move is disabled. You can only use the haPolicy.leader API to
+                             update the leader.
+               
+               * 'GARP_RA': Provides a method to very quickly define a new network endpoint as the
+                            leader. This method is faster than updating the leader using the
+                            haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+                            network endpoint that should become the new leader sends either a
+                            Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+                            packet (IPv6). Google Cloud immediately but temporarily associates the
+                            forwarding rule IP address with that VM, and both new and in-flight packets
+                            are quickly delivered to that VM. Possible values: ["DISABLED", "GARP_RA"]
+        :param Sequence['GetRegionBackendServiceHaPolicyLeaderArgs'] leaders: Selects one of the network endpoints attached to the backend NEGs of this service as the
+               active endpoint (the leader) that receives all traffic.
+        """
+        pulumi.set(__self__, "fast_ip_move", fast_ip_move)
+        pulumi.set(__self__, "leaders", leaders)
+
+    @_builtins.property
+    @pulumi.getter(name="fastIpMove")
+    def fast_ip_move(self) -> _builtins.str:
+        """
+        Specifies whether fast IP move is enabled, and if so, the mechanism to achieve it.
+        Supported values are:
+
+        * 'DISABLED': Fast IP Move is disabled. You can only use the haPolicy.leader API to
+                      update the leader.
+
+        * 'GARP_RA': Provides a method to very quickly define a new network endpoint as the
+                     leader. This method is faster than updating the leader using the
+                     haPolicy.leader API. Fast IP move works as follows: The VM hosting the
+                     network endpoint that should become the new leader sends either a
+                     Gratuitous ARP (GARP) packet (IPv4) or an ICMPv6 Router Advertisement(RA)
+                     packet (IPv6). Google Cloud immediately but temporarily associates the
+                     forwarding rule IP address with that VM, and both new and in-flight packets
+                     are quickly delivered to that VM. Possible values: ["DISABLED", "GARP_RA"]
+        """
+        return pulumi.get(self, "fast_ip_move")
+
+    @_builtins.property
+    @pulumi.getter
+    def leaders(self) -> Sequence['outputs.GetRegionBackendServiceHaPolicyLeaderResult']:
+        """
+        Selects one of the network endpoints attached to the backend NEGs of this service as the
+        active endpoint (the leader) that receives all traffic.
+        """
+        return pulumi.get(self, "leaders")
+
+
+@pulumi.output_type
+class GetRegionBackendServiceHaPolicyLeaderResult(dict):
+    def __init__(__self__, *,
+                 backend_group: _builtins.str,
+                 network_endpoints: Sequence['outputs.GetRegionBackendServiceHaPolicyLeaderNetworkEndpointResult']):
+        """
+        :param _builtins.str backend_group: A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+               attached to.
+        :param Sequence['GetRegionBackendServiceHaPolicyLeaderNetworkEndpointArgs'] network_endpoints: The network endpoint within the leader.backendGroup that is designated as the leader.
+        """
+        pulumi.set(__self__, "backend_group", backend_group)
+        pulumi.set(__self__, "network_endpoints", network_endpoints)
+
+    @_builtins.property
+    @pulumi.getter(name="backendGroup")
+    def backend_group(self) -> _builtins.str:
+        """
+        A fully-qualified URL of the zonal Network Endpoint Group (NEG) that the leader is
+        attached to.
+        """
+        return pulumi.get(self, "backend_group")
+
+    @_builtins.property
+    @pulumi.getter(name="networkEndpoints")
+    def network_endpoints(self) -> Sequence['outputs.GetRegionBackendServiceHaPolicyLeaderNetworkEndpointResult']:
+        """
+        The network endpoint within the leader.backendGroup that is designated as the leader.
+        """
+        return pulumi.get(self, "network_endpoints")
+
+
+@pulumi.output_type
+class GetRegionBackendServiceHaPolicyLeaderNetworkEndpointResult(dict):
+    def __init__(__self__, *,
+                 instance: _builtins.str):
+        """
+        :param _builtins.str instance: The name of the VM instance of the leader network endpoint. The instance must
+               already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+        pulumi.set(__self__, "instance", instance)
+
+    @_builtins.property
+    @pulumi.getter
+    def instance(self) -> _builtins.str:
+        """
+        The name of the VM instance of the leader network endpoint. The instance must
+        already be attached to the NEG specified in the haPolicy.leader.backendGroup.
+        """
+        return pulumi.get(self, "instance")
+
+
 @pulumi.output_type
 class GetRegionBackendServiceIapResult(dict):
     def __init__(__self__, *,
@@ -73759,6 +74665,28 @@ class GetRouterNatSubnetworkResult(dict):
         return pulumi.get(self, "source_ip_ranges_to_nats")
 
 
+@pulumi.output_type
+class GetRouterParamResult(dict):
+    def __init__(__self__, *,
+                 resource_manager_tags: Mapping[str, _builtins.str]):
+        """
+        :param Mapping[str, _builtins.str] resource_manager_tags: Resource manager tags to be bound to the router. Tag keys and values have the
+               same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+               and values are in the format tagValues/456.
+        """
+        pulumi.set(__self__, "resource_manager_tags", resource_manager_tags)
+
+    @_builtins.property
+    @pulumi.getter(name="resourceManagerTags")
+    def resource_manager_tags(self) -> Mapping[str, _builtins.str]:
+        """
+        Resource manager tags to be bound to the router. Tag keys and values have the
+        same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id},
+        and values are in the format tagValues/456.
+        """
+        return pulumi.get(self, "resource_manager_tags")
+
+
 @pulumi.output_type
 class GetRouterStatusBestRouteResult(dict):
     def __init__(__self__, *,
@@ -76095,6 +77023,7 @@ class GetSubnetworksSubnetworkResult(dict):
                  ip_cidr_range: _builtins.str,
                  name: _builtins.str,
                  network: _builtins.str,
+                 network_name: _builtins.str,
                  network_self_link: _builtins.str,
                  private_ip_google_access: _builtins.bool,
                  self_link: _builtins.str):
@@ -76103,6 +77032,8 @@ class GetSubnetworksSubnetworkResult(dict):
         :param _builtins.str ip_cidr_range: The IP address range represented as a CIDR block.
         :param _builtins.str name: The name of the subnetwork.
         :param _builtins.str network: The self link of the parent network.
+        :param _builtins.str network_name: The name of the parent network computed from `network` attribute.
+        :param _builtins.str network_self_link: (Deprecated) The name of the parent network computed from `network` attribute. (deprecated and will be removed in a future major release. Use `network_name` instead.)
         :param _builtins.bool private_ip_google_access: Whether the VMs in the subnet can access Google services without assigned external IP addresses.
         :param _builtins.str self_link: The self link of the subnetwork.
         """
@@ -76110,6 +77041,7 @@ class GetSubnetworksSubnetworkResult(dict):
         pulumi.set(__self__, "ip_cidr_range", ip_cidr_range)
         pulumi.set(__self__, "name", name)
         pulumi.set(__self__, "network", network)
+        pulumi.set(__self__, "network_name", network_name)
         pulumi.set(__self__, "network_self_link", network_self_link)
         pulumi.set(__self__, "private_ip_google_access", private_ip_google_access)
         pulumi.set(__self__, "self_link", self_link)
@@ -76146,9 +77078,21 @@ class GetSubnetworksSubnetworkResult(dict):
         """
         return pulumi.get(self, "network")
 
+    @_builtins.property
+    @pulumi.getter(name="networkName")
+    def network_name(self) -> _builtins.str:
+        """
+        The name of the parent network computed from `network` attribute.
+        """
+        return pulumi.get(self, "network_name")
+
     @_builtins.property
     @pulumi.getter(name="networkSelfLink")
+    @_utilities.deprecated("""Use `network_name` instead. This field will be removed in a future major release.""")
     def network_self_link(self) -> _builtins.str:
+        """
+        (Deprecated) The name of the parent network computed from `network` attribute. (deprecated and will be removed in a future major release. Use `network_name` instead.)
+        """
         return pulumi.get(self, "network_self_link")
 
     @_builtins.property