pulumi-gcp 8.41.0a1755408441__py3-none-any.whl → 8.41.0a1755638986__py3-none-any.whl

pulumi_gcp/storage/_inputs.py

@@ -195,6 +195,8 @@ __all__ = [
     'TransferJobTransferSpecAzureBlobStorageDataSourceArgsDict',
     'TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs',
     'TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgsDict',
+    'TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs',
+    'TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgsDict',
     'TransferJobTransferSpecGcsDataSinkArgs',
     'TransferJobTransferSpecGcsDataSinkArgsDict',
     'TransferJobTransferSpecGcsDataSourceArgs',
@@ -5603,6 +5605,10 @@ if not MYPY:
         """
         AWS credentials block.
         """
+        cloudfront_domain: NotRequired[pulumi.Input[_builtins.str]]
+        """
+        The CloudFront distribution domain name pointing to this bucket, to use when fetching. See [Transfer from S3 via CloudFront](https://cloud.google.com/storage-transfer/docs/s3-cloudfront) for more information. Format: https://{id}.cloudfront.net or any valid custom domain. Must begin with https://.
+        """
         managed_private_network: NotRequired[pulumi.Input[_builtins.bool]]
         """
         Egress bytes over a Google-managed private network. This network is shared between other users of Storage Transfer Service.
@@ -5623,12 +5629,14 @@ class TransferJobTransferSpecAwsS3DataSourceArgs:
     def __init__(__self__, *,
                  bucket_name: pulumi.Input[_builtins.str],
                  aws_access_key: Optional[pulumi.Input['TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs']] = None,
+                 cloudfront_domain: Optional[pulumi.Input[_builtins.str]] = None,
                  managed_private_network: Optional[pulumi.Input[_builtins.bool]] = None,
                  path: Optional[pulumi.Input[_builtins.str]] = None,
                  role_arn: Optional[pulumi.Input[_builtins.str]] = None):
         """
         :param pulumi.Input[_builtins.str] bucket_name: S3 Bucket name.
         :param pulumi.Input['TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs'] aws_access_key: AWS credentials block.
+        :param pulumi.Input[_builtins.str] cloudfront_domain: The CloudFront distribution domain name pointing to this bucket, to use when fetching. See [Transfer from S3 via CloudFront](https://cloud.google.com/storage-transfer/docs/s3-cloudfront) for more information. Format: https://{id}.cloudfront.net or any valid custom domain. Must begin with https://.
         :param pulumi.Input[_builtins.bool] managed_private_network: Egress bytes over a Google-managed private network. This network is shared between other users of Storage Transfer Service.
         :param pulumi.Input[_builtins.str] path: S3 Bucket path in bucket to transfer.
         :param pulumi.Input[_builtins.str] role_arn: The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.
@@ -5636,6 +5644,8 @@ class TransferJobTransferSpecAwsS3DataSourceArgs:
         pulumi.set(__self__, "bucket_name", bucket_name)
         if aws_access_key is not None:
             pulumi.set(__self__, "aws_access_key", aws_access_key)
+        if cloudfront_domain is not None:
+            pulumi.set(__self__, "cloudfront_domain", cloudfront_domain)
         if managed_private_network is not None:
             pulumi.set(__self__, "managed_private_network", managed_private_network)
         if path is not None:
@@ -5667,6 +5677,18 @@ class TransferJobTransferSpecAwsS3DataSourceArgs:
     def aws_access_key(self, value: Optional[pulumi.Input['TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs']]):
         pulumi.set(self, "aws_access_key", value)
 
+    @_builtins.property
+    @pulumi.getter(name="cloudfrontDomain")
+    def cloudfront_domain(self) -> Optional[pulumi.Input[_builtins.str]]:
+        """
+        The CloudFront distribution domain name pointing to this bucket, to use when fetching. See [Transfer from S3 via CloudFront](https://cloud.google.com/storage-transfer/docs/s3-cloudfront) for more information. Format: https://{id}.cloudfront.net or any valid custom domain. Must begin with https://.
+        """
+        return pulumi.get(self, "cloudfront_domain")
+
+    @cloudfront_domain.setter
+    def cloudfront_domain(self, value: Optional[pulumi.Input[_builtins.str]]):
+        pulumi.set(self, "cloudfront_domain", value)
+
     @_builtins.property
     @pulumi.getter(name="managedPrivateNetwork")
     def managed_private_network(self) -> Optional[pulumi.Input[_builtins.bool]]:
@@ -5766,11 +5788,15 @@ if not MYPY:
         """
         azure_credentials: NotRequired[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgsDict']]
         """
-        Credentials used to authenticate API requests to Azure block.
+        ) Credentials used to authenticate API requests to Azure block.
         """
         credentials_secret: NotRequired[pulumi.Input[_builtins.str]]
         """
-        Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        ) Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        """
+        federated_identity_config: NotRequired[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgsDict']]
+        """
+        Federated identity config of a user registered Azure application. Structure documented below.
         """
         path: NotRequired[pulumi.Input[_builtins.str]]
         """
@@ -5786,12 +5812,14 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceArgs:
                  storage_account: pulumi.Input[_builtins.str],
                  azure_credentials: Optional[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs']] = None,
                  credentials_secret: Optional[pulumi.Input[_builtins.str]] = None,
+                 federated_identity_config: Optional[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs']] = None,
                  path: Optional[pulumi.Input[_builtins.str]] = None):
         """
         :param pulumi.Input[_builtins.str] container: The container to transfer from the Azure Storage account.`
         :param pulumi.Input[_builtins.str] storage_account: The name of the Azure Storage account.
-        :param pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs'] azure_credentials: Credentials used to authenticate API requests to Azure block.
-        :param pulumi.Input[_builtins.str] credentials_secret: Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        :param pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs'] azure_credentials: ) Credentials used to authenticate API requests to Azure block.
+        :param pulumi.Input[_builtins.str] credentials_secret: ) Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        :param pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs'] federated_identity_config: Federated identity config of a user registered Azure application. Structure documented below.
         :param pulumi.Input[_builtins.str] path: Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.
         """
         pulumi.set(__self__, "container", container)
@@ -5800,6 +5828,8 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceArgs:
             pulumi.set(__self__, "azure_credentials", azure_credentials)
         if credentials_secret is not None:
             pulumi.set(__self__, "credentials_secret", credentials_secret)
+        if federated_identity_config is not None:
+            pulumi.set(__self__, "federated_identity_config", federated_identity_config)
         if path is not None:
             pulumi.set(__self__, "path", path)
 
@@ -5831,7 +5861,7 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceArgs:
     @pulumi.getter(name="azureCredentials")
     def azure_credentials(self) -> Optional[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs']]:
         """
-        Credentials used to authenticate API requests to Azure block.
+        ) Credentials used to authenticate API requests to Azure block.
         """
         return pulumi.get(self, "azure_credentials")
 
@@ -5843,7 +5873,7 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceArgs:
     @pulumi.getter(name="credentialsSecret")
     def credentials_secret(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        ) Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
         """
         return pulumi.get(self, "credentials_secret")
 
@@ -5851,6 +5881,18 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceArgs:
     def credentials_secret(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "credentials_secret", value)
 
+    @_builtins.property
+    @pulumi.getter(name="federatedIdentityConfig")
+    def federated_identity_config(self) -> Optional[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs']]:
+        """
+        Federated identity config of a user registered Azure application. Structure documented below.
+        """
+        return pulumi.get(self, "federated_identity_config")
+
+    @federated_identity_config.setter
+    def federated_identity_config(self, value: Optional[pulumi.Input['TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs']]):
+        pulumi.set(self, "federated_identity_config", value)
+
     @_builtins.property
     @pulumi.getter
     def path(self) -> Optional[pulumi.Input[_builtins.str]]:
@@ -5869,8 +5911,6 @@ if not MYPY:
         sas_token: pulumi.Input[_builtins.str]
         """
         Azure shared access signature. See [Grant limited access to Azure Storage resources using shared access signatures (SAS)](https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview).
-
-        <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
         """
 elif False:
     TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgsDict: TypeAlias = Mapping[str, Any]
@@ -5881,8 +5921,6 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs:
                  sas_token: pulumi.Input[_builtins.str]):
         """
         :param pulumi.Input[_builtins.str] sas_token: Azure shared access signature. See [Grant limited access to Azure Storage resources using shared access signatures (SAS)](https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview).
-               
-               <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
         """
         pulumi.set(__self__, "sas_token", sas_token)
 
@@ -5891,8 +5929,6 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs:
     def sas_token(self) -> pulumi.Input[_builtins.str]:
         """
         Azure shared access signature. See [Grant limited access to Azure Storage resources using shared access signatures (SAS)](https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview).
-
-        <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
         """
         return pulumi.get(self, "sas_token")
 
@@ -5901,6 +5937,62 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs:
         pulumi.set(self, "sas_token", value)
 
 
+if not MYPY:
+    class TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgsDict(TypedDict):
+        client_id: pulumi.Input[_builtins.str]
+        """
+        The client (application) ID of the application with federated credentials.
+        """
+        tenant_id: pulumi.Input[_builtins.str]
+        """
+        The client (directory) ID of the application with federated credentials.
+
+        <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
+        """
+elif False:
+    TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs:
+    def __init__(__self__, *,
+                 client_id: pulumi.Input[_builtins.str],
+                 tenant_id: pulumi.Input[_builtins.str]):
+        """
+        :param pulumi.Input[_builtins.str] client_id: The client (application) ID of the application with federated credentials.
+        :param pulumi.Input[_builtins.str] tenant_id: The client (directory) ID of the application with federated credentials.
+               
+               <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
+        """
+        pulumi.set(__self__, "client_id", client_id)
+        pulumi.set(__self__, "tenant_id", tenant_id)
+
+    @_builtins.property
+    @pulumi.getter(name="clientId")
+    def client_id(self) -> pulumi.Input[_builtins.str]:
+        """
+        The client (application) ID of the application with federated credentials.
+        """
+        return pulumi.get(self, "client_id")
+
+    @client_id.setter
+    def client_id(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "client_id", value)
+
+    @_builtins.property
+    @pulumi.getter(name="tenantId")
+    def tenant_id(self) -> pulumi.Input[_builtins.str]:
+        """
+        The client (directory) ID of the application with federated credentials.
+
+        <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
+        """
+        return pulumi.get(self, "tenant_id")
+
+    @tenant_id.setter
+    def tenant_id(self, value: pulumi.Input[_builtins.str]):
+        pulumi.set(self, "tenant_id", value)
+
+
 if not MYPY:
     class TransferJobTransferSpecGcsDataSinkArgsDict(TypedDict):
         bucket_name: pulumi.Input[_builtins.str]

pulumi_gcp/storage/outputs.py

@@ -106,6 +106,7 @@ __all__ = [
     'TransferJobTransferSpecAwsS3DataSourceAwsAccessKey',
     'TransferJobTransferSpecAzureBlobStorageDataSource',
     'TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentials',
+    'TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig',
     'TransferJobTransferSpecGcsDataSink',
     'TransferJobTransferSpecGcsDataSource',
     'TransferJobTransferSpecHdfsDataSource',
@@ -4570,6 +4571,8 @@ class TransferJobTransferSpecAwsS3DataSource(dict):
             suggest = "bucket_name"
         elif key == "awsAccessKey":
             suggest = "aws_access_key"
+        elif key == "cloudfrontDomain":
+            suggest = "cloudfront_domain"
         elif key == "managedPrivateNetwork":
             suggest = "managed_private_network"
         elif key == "roleArn":
@@ -4589,12 +4592,14 @@ class TransferJobTransferSpecAwsS3DataSource(dict):
     def __init__(__self__, *,
                  bucket_name: _builtins.str,
                  aws_access_key: Optional['outputs.TransferJobTransferSpecAwsS3DataSourceAwsAccessKey'] = None,
+                 cloudfront_domain: Optional[_builtins.str] = None,
                  managed_private_network: Optional[_builtins.bool] = None,
                  path: Optional[_builtins.str] = None,
                  role_arn: Optional[_builtins.str] = None):
         """
         :param _builtins.str bucket_name: S3 Bucket name.
         :param 'TransferJobTransferSpecAwsS3DataSourceAwsAccessKeyArgs' aws_access_key: AWS credentials block.
+        :param _builtins.str cloudfront_domain: The CloudFront distribution domain name pointing to this bucket, to use when fetching. See [Transfer from S3 via CloudFront](https://cloud.google.com/storage-transfer/docs/s3-cloudfront) for more information. Format: https://{id}.cloudfront.net or any valid custom domain. Must begin with https://.
         :param _builtins.bool managed_private_network: Egress bytes over a Google-managed private network. This network is shared between other users of Storage Transfer Service.
         :param _builtins.str path: S3 Bucket path in bucket to transfer.
         :param _builtins.str role_arn: The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.
@@ -4602,6 +4607,8 @@ class TransferJobTransferSpecAwsS3DataSource(dict):
         pulumi.set(__self__, "bucket_name", bucket_name)
         if aws_access_key is not None:
             pulumi.set(__self__, "aws_access_key", aws_access_key)
+        if cloudfront_domain is not None:
+            pulumi.set(__self__, "cloudfront_domain", cloudfront_domain)
         if managed_private_network is not None:
             pulumi.set(__self__, "managed_private_network", managed_private_network)
         if path is not None:
@@ -4625,6 +4632,14 @@ class TransferJobTransferSpecAwsS3DataSource(dict):
         """
         return pulumi.get(self, "aws_access_key")
 
+    @_builtins.property
+    @pulumi.getter(name="cloudfrontDomain")
+    def cloudfront_domain(self) -> Optional[_builtins.str]:
+        """
+        The CloudFront distribution domain name pointing to this bucket, to use when fetching. See [Transfer from S3 via CloudFront](https://cloud.google.com/storage-transfer/docs/s3-cloudfront) for more information. Format: https://{id}.cloudfront.net or any valid custom domain. Must begin with https://.
+        """
+        return pulumi.get(self, "cloudfront_domain")
+
     @_builtins.property
     @pulumi.getter(name="managedPrivateNetwork")
     def managed_private_network(self) -> Optional[_builtins.bool]:
@@ -4709,6 +4724,8 @@ class TransferJobTransferSpecAzureBlobStorageDataSource(dict):
             suggest = "azure_credentials"
         elif key == "credentialsSecret":
             suggest = "credentials_secret"
+        elif key == "federatedIdentityConfig":
+            suggest = "federated_identity_config"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in TransferJobTransferSpecAzureBlobStorageDataSource. Access the value via the '{suggest}' property getter instead.")
@@ -4726,12 +4743,14 @@ class TransferJobTransferSpecAzureBlobStorageDataSource(dict):
                  storage_account: _builtins.str,
                  azure_credentials: Optional['outputs.TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentials'] = None,
                  credentials_secret: Optional[_builtins.str] = None,
+                 federated_identity_config: Optional['outputs.TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig'] = None,
                  path: Optional[_builtins.str] = None):
         """
         :param _builtins.str container: The container to transfer from the Azure Storage account.`
         :param _builtins.str storage_account: The name of the Azure Storage account.
-        :param 'TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs' azure_credentials: Credentials used to authenticate API requests to Azure block.
-        :param _builtins.str credentials_secret: Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        :param 'TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentialsArgs' azure_credentials: ) Credentials used to authenticate API requests to Azure block.
+        :param _builtins.str credentials_secret: ) Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        :param 'TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfigArgs' federated_identity_config: Federated identity config of a user registered Azure application. Structure documented below.
         :param _builtins.str path: Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.
         """
         pulumi.set(__self__, "container", container)
@@ -4740,6 +4759,8 @@ class TransferJobTransferSpecAzureBlobStorageDataSource(dict):
             pulumi.set(__self__, "azure_credentials", azure_credentials)
         if credentials_secret is not None:
             pulumi.set(__self__, "credentials_secret", credentials_secret)
+        if federated_identity_config is not None:
+            pulumi.set(__self__, "federated_identity_config", federated_identity_config)
         if path is not None:
             pulumi.set(__self__, "path", path)
 
@@ -4763,7 +4784,7 @@ class TransferJobTransferSpecAzureBlobStorageDataSource(dict):
     @pulumi.getter(name="azureCredentials")
     def azure_credentials(self) -> Optional['outputs.TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentials']:
         """
-        Credentials used to authenticate API requests to Azure block.
+        ) Credentials used to authenticate API requests to Azure block.
         """
         return pulumi.get(self, "azure_credentials")
 
@@ -4771,10 +4792,18 @@ class TransferJobTransferSpecAzureBlobStorageDataSource(dict):
     @pulumi.getter(name="credentialsSecret")
     def credentials_secret(self) -> Optional[_builtins.str]:
         """
-        Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
+        ) Full Resource name of a secret in Secret Manager containing [SAS Credentials in JSON form](https://cloud.google.com/storage-transfer/docs/reference/rest/v1/TransferSpec#azureblobstoragedata:~:text=begin%20with%20a%20%27/%27.-,credentialsSecret,-string). Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,
         """
         return pulumi.get(self, "credentials_secret")
 
+    @_builtins.property
+    @pulumi.getter(name="federatedIdentityConfig")
+    def federated_identity_config(self) -> Optional['outputs.TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig']:
+        """
+        Federated identity config of a user registered Azure application. Structure documented below.
+        """
+        return pulumi.get(self, "federated_identity_config")
+
     @_builtins.property
     @pulumi.getter
     def path(self) -> Optional[_builtins.str]:
@@ -4807,8 +4836,6 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentials(dict):
                  sas_token: _builtins.str):
         """
         :param _builtins.str sas_token: Azure shared access signature. See [Grant limited access to Azure Storage resources using shared access signatures (SAS)](https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview).
-               
-               <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
         """
         pulumi.set(__self__, "sas_token", sas_token)
 
@@ -4817,10 +4844,60 @@ class TransferJobTransferSpecAzureBlobStorageDataSourceAzureCredentials(dict):
     def sas_token(self) -> _builtins.str:
         """
         Azure shared access signature. See [Grant limited access to Azure Storage resources using shared access signatures (SAS)](https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview).
+        """
+        return pulumi.get(self, "sas_token")
+
+
+@pulumi.output_type
+class TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "clientId":
+            suggest = "client_id"
+        elif key == "tenantId":
+            suggest = "tenant_id"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        TransferJobTransferSpecAzureBlobStorageDataSourceFederatedIdentityConfig.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 client_id: _builtins.str,
+                 tenant_id: _builtins.str):
+        """
+        :param _builtins.str client_id: The client (application) ID of the application with federated credentials.
+        :param _builtins.str tenant_id: The client (directory) ID of the application with federated credentials.
+               
+               <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
+        """
+        pulumi.set(__self__, "client_id", client_id)
+        pulumi.set(__self__, "tenant_id", tenant_id)
+
+    @_builtins.property
+    @pulumi.getter(name="clientId")
+    def client_id(self) -> _builtins.str:
+        """
+        The client (application) ID of the application with federated credentials.
+        """
+        return pulumi.get(self, "client_id")
+
+    @_builtins.property
+    @pulumi.getter(name="tenantId")
+    def tenant_id(self) -> _builtins.str:
+        """
+        The client (directory) ID of the application with federated credentials.
 
         <a name="nested_schedule_start_end_date"></a>The `schedule_start_date` and `schedule_end_date` blocks support:
         """
-        return pulumi.get(self, "sas_token")
+        return pulumi.get(self, "tenant_id")
 
 
 @pulumi.output_type

pulumi_gcp/vertex/__init__.py

@@ -39,6 +39,7 @@ from .ai_index import *
 from .ai_index_endpoint import *
 from .ai_index_endpoint_deployed_index import *
 from .ai_metadata_store import *
+from .ai_rag_engine_config import *
 from .ai_tensorboard import *
 from .get_ai_endpoint_iam_policy import *
 from .get_ai_feature_group_iam_policy import *

pulumi_gcp/vertex/_inputs.py

@@ -205,6 +205,14 @@ __all__ = [
     'AiMetadataStoreEncryptionSpecArgsDict',
     'AiMetadataStoreStateArgs',
     'AiMetadataStoreStateArgsDict',
+    'AiRagEngineConfigRagManagedDbConfigArgs',
+    'AiRagEngineConfigRagManagedDbConfigArgsDict',
+    'AiRagEngineConfigRagManagedDbConfigBasicArgs',
+    'AiRagEngineConfigRagManagedDbConfigBasicArgsDict',
+    'AiRagEngineConfigRagManagedDbConfigScaledArgs',
+    'AiRagEngineConfigRagManagedDbConfigScaledArgsDict',
+    'AiRagEngineConfigRagManagedDbConfigUnprovisionedArgs',
+    'AiRagEngineConfigRagManagedDbConfigUnprovisionedArgsDict',
     'AiTensorboardEncryptionSpecArgs',
     'AiTensorboardEncryptionSpecArgsDict',
 ]
@@ -7821,6 +7829,120 @@ class AiMetadataStoreStateArgs:
         pulumi.set(self, "disk_utilization_bytes", value)
 
 
+if not MYPY:
+    class AiRagEngineConfigRagManagedDbConfigArgsDict(TypedDict):
+        basic: NotRequired[pulumi.Input['AiRagEngineConfigRagManagedDbConfigBasicArgsDict']]
+        """
+        Basic tier is a cost-effective and low compute tier suitable for the following cases: Experimenting with RagManagedDb, Small data size, Latency insensitive workload, Only using RAG Engine with external vector DBs.
+        NOTE: This is the default tier if not explicitly chosen.
+        """
+        scaled: NotRequired[pulumi.Input['AiRagEngineConfigRagManagedDbConfigScaledArgsDict']]
+        """
+        Scaled tier offers production grade performance along with autoscaling functionality. It is suitable for customers with large amounts of data or performance sensitive workloads.
+        """
+        unprovisioned: NotRequired[pulumi.Input['AiRagEngineConfigRagManagedDbConfigUnprovisionedArgsDict']]
+        """
+        Disables the RAG Engine service and deletes all your data held within this service. This will halt the billing of the service.
+        NOTE: Once deleted the data cannot be recovered. To start using RAG Engine again, you will need to update the tier by calling the UpdateRagEngineConfig API.
+        """
+elif False:
+    AiRagEngineConfigRagManagedDbConfigArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class AiRagEngineConfigRagManagedDbConfigArgs:
+    def __init__(__self__, *,
+                 basic: Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigBasicArgs']] = None,
+                 scaled: Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigScaledArgs']] = None,
+                 unprovisioned: Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigUnprovisionedArgs']] = None):
+        """
+        :param pulumi.Input['AiRagEngineConfigRagManagedDbConfigBasicArgs'] basic: Basic tier is a cost-effective and low compute tier suitable for the following cases: Experimenting with RagManagedDb, Small data size, Latency insensitive workload, Only using RAG Engine with external vector DBs.
+               NOTE: This is the default tier if not explicitly chosen.
+        :param pulumi.Input['AiRagEngineConfigRagManagedDbConfigScaledArgs'] scaled: Scaled tier offers production grade performance along with autoscaling functionality. It is suitable for customers with large amounts of data or performance sensitive workloads.
+        :param pulumi.Input['AiRagEngineConfigRagManagedDbConfigUnprovisionedArgs'] unprovisioned: Disables the RAG Engine service and deletes all your data held within this service. This will halt the billing of the service.
+               NOTE: Once deleted the data cannot be recovered. To start using RAG Engine again, you will need to update the tier by calling the UpdateRagEngineConfig API.
+        """
+        if basic is not None:
+            pulumi.set(__self__, "basic", basic)
+        if scaled is not None:
+            pulumi.set(__self__, "scaled", scaled)
+        if unprovisioned is not None:
+            pulumi.set(__self__, "unprovisioned", unprovisioned)
+
+    @_builtins.property
+    @pulumi.getter
+    def basic(self) -> Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigBasicArgs']]:
+        """
+        Basic tier is a cost-effective and low compute tier suitable for the following cases: Experimenting with RagManagedDb, Small data size, Latency insensitive workload, Only using RAG Engine with external vector DBs.
+        NOTE: This is the default tier if not explicitly chosen.
+        """
+        return pulumi.get(self, "basic")
+
+    @basic.setter
+    def basic(self, value: Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigBasicArgs']]):
+        pulumi.set(self, "basic", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def scaled(self) -> Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigScaledArgs']]:
+        """
+        Scaled tier offers production grade performance along with autoscaling functionality. It is suitable for customers with large amounts of data or performance sensitive workloads.
+        """
+        return pulumi.get(self, "scaled")
+
+    @scaled.setter
+    def scaled(self, value: Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigScaledArgs']]):
+        pulumi.set(self, "scaled", value)
+
+    @_builtins.property
+    @pulumi.getter
+    def unprovisioned(self) -> Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigUnprovisionedArgs']]:
+        """
+        Disables the RAG Engine service and deletes all your data held within this service. This will halt the billing of the service.
+        NOTE: Once deleted the data cannot be recovered. To start using RAG Engine again, you will need to update the tier by calling the UpdateRagEngineConfig API.
+        """
+        return pulumi.get(self, "unprovisioned")
+
+    @unprovisioned.setter
+    def unprovisioned(self, value: Optional[pulumi.Input['AiRagEngineConfigRagManagedDbConfigUnprovisionedArgs']]):
+        pulumi.set(self, "unprovisioned", value)
+
+
+if not MYPY:
+    class AiRagEngineConfigRagManagedDbConfigBasicArgsDict(TypedDict):
+        pass
+elif False:
+    AiRagEngineConfigRagManagedDbConfigBasicArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class AiRagEngineConfigRagManagedDbConfigBasicArgs:
+    def __init__(__self__):
+        pass
+
+
+if not MYPY:
+    class AiRagEngineConfigRagManagedDbConfigScaledArgsDict(TypedDict):
+        pass
+elif False:
+    AiRagEngineConfigRagManagedDbConfigScaledArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class AiRagEngineConfigRagManagedDbConfigScaledArgs:
+    def __init__(__self__):
+        pass
+
+
+if not MYPY:
+    class AiRagEngineConfigRagManagedDbConfigUnprovisionedArgsDict(TypedDict):
+        pass
+elif False:
+    AiRagEngineConfigRagManagedDbConfigUnprovisionedArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class AiRagEngineConfigRagManagedDbConfigUnprovisionedArgs:
+    def __init__(__self__):
+        pass
+
+
 if not MYPY:
     class AiTensorboardEncryptionSpecArgsDict(TypedDict):
         kms_key_name: pulumi.Input[_builtins.str]