pulumi-gcp 8.7.0a1730183903__py3-none-any.whl → 8.7.0a1730196225__py3-none-any.whl

pulumi_gcp/compute/region_network_firewall_policy_rule.py

@@ -39,30 +39,33 @@ class RegionNetworkFirewallPolicyRuleArgs:
         """
         The set of arguments for constructing a RegionNetworkFirewallPolicyRule resource.
         :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
-        :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        :param pulumi.Input[str] direction: The direction in which this rule applies.
+               Possible values are: `INGRESS`, `EGRESS`.
         :param pulumi.Input[str] firewall_policy: The firewall policy of the resource.
         :param pulumi.Input['RegionNetworkFirewallPolicyRuleMatchArgs'] match: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
+               Structure is documented below.
+        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
+               The priority must be a positive value between 0 and 2147483647.
+               Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         :param pulumi.Input[str] description: An optional description for this resource.
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
                traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
         :param pulumi.Input[bool] enable_logging: Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
                export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on
                "goto_next" rules.
-        :param pulumi.Input[str] project: The project for the resource
         :param pulumi.Input[str] region: The location of this resource.
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        :param pulumi.Input[Sequence[pulumi.Input['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-               specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-               tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-               <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-               <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-               instances on the specified network. Maximum number of target label tags allowed is 256.
+        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfile resource instance. Example:
+               https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+               Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+               Group and Firewall Policy Rule must be in the same scope.
+        :param pulumi.Input[Sequence[pulumi.Input['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+               the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+               targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+               time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+               applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
                'apply_security_profile_group' and cannot be set for other actions.
         """
         pulumi.set(__self__, "action", action)
@@ -107,7 +110,8 @@ class RegionNetworkFirewallPolicyRuleArgs:
     @pulumi.getter
     def direction(self) -> pulumi.Input[str]:
         """
-        The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        The direction in which this rule applies.
+        Possible values are: `INGRESS`, `EGRESS`.
         """
         return pulumi.get(self, "direction")
 
@@ -132,6 +136,7 @@ class RegionNetworkFirewallPolicyRuleArgs:
     def match(self) -> pulumi.Input['RegionNetworkFirewallPolicyRuleMatchArgs']:
         """
         A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
+        Structure is documented below.
         """
         return pulumi.get(self, "match")
 
@@ -143,7 +148,9 @@ class RegionNetworkFirewallPolicyRuleArgs:
     @pulumi.getter
     def priority(self) -> pulumi.Input[int]:
         """
-        An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
+        An integer indicating the priority of a rule in the list.
+        The priority must be a positive value between 0 and 2147483647.
+        Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         """
         return pulumi.get(self, "priority")
 
@@ -193,9 +200,6 @@ class RegionNetworkFirewallPolicyRuleArgs:
     @property
     @pulumi.getter
     def project(self) -> Optional[pulumi.Input[str]]:
-        """
-        The project for the resource
-        """
         return pulumi.get(self, "project")
 
     @project.setter
@@ -230,9 +234,10 @@ class RegionNetworkFirewallPolicyRuleArgs:
     @pulumi.getter(name="securityProfileGroup")
     def security_profile_group(self) -> Optional[pulumi.Input[str]]:
         """
-        A fully-qualified URL of a SecurityProfileGroup resource. Example:
-        https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-        It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
+        A fully-qualified URL of a SecurityProfile resource instance. Example:
+        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+        Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+        Group and Firewall Policy Rule must be in the same scope.
         """
         return pulumi.get(self, "security_profile_group")
 
@@ -244,12 +249,11 @@ class RegionNetworkFirewallPolicyRuleArgs:
     @pulumi.getter(name="targetSecureTags")
     def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs']]]]:
         """
-        A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-        specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-        tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-        <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-        instances on the specified network. Maximum number of target label tags allowed is 256.
+        A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+        the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+        targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+        time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+        applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         """
         return pulumi.get(self, "target_secure_tags")
 
@@ -273,7 +277,7 @@ class RegionNetworkFirewallPolicyRuleArgs:
     @pulumi.getter(name="tlsInspect")
     def tls_inspect(self) -> Optional[pulumi.Input[bool]]:
         """
-        Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
         'apply_security_profile_group' and cannot be set for other actions.
         """
         return pulumi.get(self, "tls_inspect")
@@ -287,6 +291,7 @@ class RegionNetworkFirewallPolicyRuleArgs:
 class _RegionNetworkFirewallPolicyRuleState:
     def __init__(__self__, *,
                  action: Optional[pulumi.Input[str]] = None,
+                 creation_timestamp: Optional[pulumi.Input[str]] = None,
                  description: Optional[pulumi.Input[str]] = None,
                  direction: Optional[pulumi.Input[str]] = None,
                  disabled: Optional[pulumi.Input[bool]] = None,
@@ -306,8 +311,10 @@ class _RegionNetworkFirewallPolicyRuleState:
         """
         Input properties used for looking up and filtering RegionNetworkFirewallPolicyRule resources.
         :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        :param pulumi.Input[str] creation_timestamp: Creation timestamp in RFC3339 text format.
         :param pulumi.Input[str] description: An optional description for this resource.
-        :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        :param pulumi.Input[str] direction: The direction in which this rule applies.
+               Possible values are: `INGRESS`, `EGRESS`.
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
                traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
         :param pulumi.Input[bool] enable_logging: Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
@@ -316,26 +323,30 @@ class _RegionNetworkFirewallPolicyRuleState:
         :param pulumi.Input[str] firewall_policy: The firewall policy of the resource.
         :param pulumi.Input[str] kind: Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules
         :param pulumi.Input['RegionNetworkFirewallPolicyRuleMatchArgs'] match: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
-        :param pulumi.Input[str] project: The project for the resource
+               Structure is documented below.
+        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
+               The priority must be a positive value between 0 and 2147483647.
+               Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         :param pulumi.Input[str] region: The location of this resource.
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
         :param pulumi.Input[int] rule_tuple_count: Calculation of the complexity of a single firewall policy rule.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        :param pulumi.Input[Sequence[pulumi.Input['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-               specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-               tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-               <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-               <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-               instances on the specified network. Maximum number of target label tags allowed is 256.
+        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfile resource instance. Example:
+               https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+               Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+               Group and Firewall Policy Rule must be in the same scope.
+        :param pulumi.Input[Sequence[pulumi.Input['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs']]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+               the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+               targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+               time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+               applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
                'apply_security_profile_group' and cannot be set for other actions.
         """
         if action is not None:
             pulumi.set(__self__, "action", action)
+        if creation_timestamp is not None:
+            pulumi.set(__self__, "creation_timestamp", creation_timestamp)
         if description is not None:
             pulumi.set(__self__, "description", description)
         if direction is not None:
@@ -381,6 +392,18 @@ class _RegionNetworkFirewallPolicyRuleState:
     def action(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "action", value)
 
+    @property
+    @pulumi.getter(name="creationTimestamp")
+    def creation_timestamp(self) -> Optional[pulumi.Input[str]]:
+        """
+        Creation timestamp in RFC3339 text format.
+        """
+        return pulumi.get(self, "creation_timestamp")
+
+    @creation_timestamp.setter
+    def creation_timestamp(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "creation_timestamp", value)
+
     @property
     @pulumi.getter
     def description(self) -> Optional[pulumi.Input[str]]:
@@ -397,7 +420,8 @@ class _RegionNetworkFirewallPolicyRuleState:
     @pulumi.getter
     def direction(self) -> Optional[pulumi.Input[str]]:
         """
-        The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        The direction in which this rule applies.
+        Possible values are: `INGRESS`, `EGRESS`.
         """
         return pulumi.get(self, "direction")
 
@@ -461,6 +485,7 @@ class _RegionNetworkFirewallPolicyRuleState:
     def match(self) -> Optional[pulumi.Input['RegionNetworkFirewallPolicyRuleMatchArgs']]:
         """
         A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
+        Structure is documented below.
         """
         return pulumi.get(self, "match")
 
@@ -472,7 +497,9 @@ class _RegionNetworkFirewallPolicyRuleState:
     @pulumi.getter
     def priority(self) -> Optional[pulumi.Input[int]]:
         """
-        An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
+        An integer indicating the priority of a rule in the list.
+        The priority must be a positive value between 0 and 2147483647.
+        Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         """
         return pulumi.get(self, "priority")
 
@@ -483,9 +510,6 @@ class _RegionNetworkFirewallPolicyRuleState:
     @property
     @pulumi.getter
     def project(self) -> Optional[pulumi.Input[str]]:
-        """
-        The project for the resource
-        """
         return pulumi.get(self, "project")
 
     @project.setter
@@ -532,9 +556,10 @@ class _RegionNetworkFirewallPolicyRuleState:
     @pulumi.getter(name="securityProfileGroup")
     def security_profile_group(self) -> Optional[pulumi.Input[str]]:
         """
-        A fully-qualified URL of a SecurityProfileGroup resource. Example:
-        https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-        It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
+        A fully-qualified URL of a SecurityProfile resource instance. Example:
+        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+        Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+        Group and Firewall Policy Rule must be in the same scope.
         """
         return pulumi.get(self, "security_profile_group")
 
@@ -546,12 +571,11 @@ class _RegionNetworkFirewallPolicyRuleState:
     @pulumi.getter(name="targetSecureTags")
     def target_secure_tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs']]]]:
         """
-        A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-        specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-        tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-        <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-        instances on the specified network. Maximum number of target label tags allowed is 256.
+        A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+        the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+        targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+        time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+        applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         """
         return pulumi.get(self, "target_secure_tags")
 
@@ -575,7 +599,7 @@ class _RegionNetworkFirewallPolicyRuleState:
     @pulumi.getter(name="tlsInspect")
     def tls_inspect(self) -> Optional[pulumi.Input[bool]]:
         """
-        Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
         'apply_security_profile_group' and cannot be set for other actions.
         """
         return pulumi.get(self, "tls_inspect")
@@ -607,17 +631,22 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
                  tls_inspect: Optional[pulumi.Input[bool]] = None,
                  __props__=None):
         """
-        The Compute NetworkFirewallPolicyRule resource
+        Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
+
+        To get more information about RegionNetworkFirewallPolicyRule, see:
+
+        * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionNetworkFirewallPolicies/addRule)
 
         ## Example Usage
 
-        ### Regional
+        ### Region Network Firewall Policy Rule
+
         ```python
         import pulumi
         import pulumi_gcp as gcp
 
         basic_regional_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_regional_networksecurity_address_group",
-            name="policy",
+            name="address",
             parent="projects/my-project-name",
             description="Sample regional networksecurity_address_group",
             location="us-west1",
@@ -670,7 +699,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
 
         ## Import
 
-        NetworkFirewallPolicyRule can be imported using any of these accepted formats:
+        RegionNetworkFirewallPolicyRule can be imported using any of these accepted formats:
 
         * `projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/{{priority}}`
 
@@ -680,7 +709,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
 
         * `{{firewall_policy}}/{{priority}}`
 
-        When using the `pulumi import` command, NetworkFirewallPolicyRule can be imported using one of the formats above. For example:
+        When using the `pulumi import` command, RegionNetworkFirewallPolicyRule can be imported using one of the formats above. For example:
 
         ```sh
         $ pulumi import gcp:compute/regionNetworkFirewallPolicyRule:RegionNetworkFirewallPolicyRule default projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/{{priority}}
@@ -702,7 +731,8 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
         :param pulumi.Input[str] description: An optional description for this resource.
-        :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        :param pulumi.Input[str] direction: The direction in which this rule applies.
+               Possible values are: `INGRESS`, `EGRESS`.
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
                traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
         :param pulumi.Input[bool] enable_logging: Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
@@ -710,21 +740,23 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
                "goto_next" rules.
         :param pulumi.Input[str] firewall_policy: The firewall policy of the resource.
         :param pulumi.Input[Union['RegionNetworkFirewallPolicyRuleMatchArgs', 'RegionNetworkFirewallPolicyRuleMatchArgsDict']] match: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
-        :param pulumi.Input[str] project: The project for the resource
+               Structure is documented below.
+        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
+               The priority must be a positive value between 0 and 2147483647.
+               Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         :param pulumi.Input[str] region: The location of this resource.
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        :param pulumi.Input[Sequence[pulumi.Input[Union['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs', 'RegionNetworkFirewallPolicyRuleTargetSecureTagArgsDict']]]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-               specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-               tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-               <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-               <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-               instances on the specified network. Maximum number of target label tags allowed is 256.
+        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfile resource instance. Example:
+               https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+               Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+               Group and Firewall Policy Rule must be in the same scope.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs', 'RegionNetworkFirewallPolicyRuleTargetSecureTagArgsDict']]]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+               the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+               targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+               time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+               applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
                'apply_security_profile_group' and cannot be set for other actions.
         """
         ...
@@ -734,17 +766,22 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
                  args: RegionNetworkFirewallPolicyRuleArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        The Compute NetworkFirewallPolicyRule resource
+        Represents a rule that describes one or more match conditions along with the action to be taken when traffic matches this condition (allow or deny).
+
+        To get more information about RegionNetworkFirewallPolicyRule, see:
+
+        * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionNetworkFirewallPolicies/addRule)
 
         ## Example Usage
 
-        ### Regional
+        ### Region Network Firewall Policy Rule
+
         ```python
         import pulumi
         import pulumi_gcp as gcp
 
         basic_regional_networksecurity_address_group = gcp.networksecurity.AddressGroup("basic_regional_networksecurity_address_group",
-            name="policy",
+            name="address",
             parent="projects/my-project-name",
             description="Sample regional networksecurity_address_group",
             location="us-west1",
@@ -797,7 +834,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
 
         ## Import
 
-        NetworkFirewallPolicyRule can be imported using any of these accepted formats:
+        RegionNetworkFirewallPolicyRule can be imported using any of these accepted formats:
 
         * `projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/{{priority}}`
 
@@ -807,7 +844,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
 
         * `{{firewall_policy}}/{{priority}}`
 
-        When using the `pulumi import` command, NetworkFirewallPolicyRule can be imported using one of the formats above. For example:
+        When using the `pulumi import` command, RegionNetworkFirewallPolicyRule can be imported using one of the formats above. For example:
 
         ```sh
         $ pulumi import gcp:compute/regionNetworkFirewallPolicyRule:RegionNetworkFirewallPolicyRule default projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/{{priority}}
@@ -889,6 +926,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
             __props__.__dict__["target_secure_tags"] = target_secure_tags
             __props__.__dict__["target_service_accounts"] = target_service_accounts
             __props__.__dict__["tls_inspect"] = tls_inspect
+            __props__.__dict__["creation_timestamp"] = None
             __props__.__dict__["kind"] = None
             __props__.__dict__["rule_tuple_count"] = None
         super(RegionNetworkFirewallPolicyRule, __self__).__init__(
@@ -902,6 +940,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
             action: Optional[pulumi.Input[str]] = None,
+            creation_timestamp: Optional[pulumi.Input[str]] = None,
             description: Optional[pulumi.Input[str]] = None,
             direction: Optional[pulumi.Input[str]] = None,
             disabled: Optional[pulumi.Input[bool]] = None,
@@ -926,8 +965,10 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] action: The Action to perform when the client connection triggers the rule. Valid actions are "allow", "deny", "goto_next" and "apply_security_profile_group".
+        :param pulumi.Input[str] creation_timestamp: Creation timestamp in RFC3339 text format.
         :param pulumi.Input[str] description: An optional description for this resource.
-        :param pulumi.Input[str] direction: The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        :param pulumi.Input[str] direction: The direction in which this rule applies.
+               Possible values are: `INGRESS`, `EGRESS`.
         :param pulumi.Input[bool] disabled: Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and
                traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.
         :param pulumi.Input[bool] enable_logging: Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured
@@ -936,22 +977,24 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
         :param pulumi.Input[str] firewall_policy: The firewall policy of the resource.
         :param pulumi.Input[str] kind: Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules
         :param pulumi.Input[Union['RegionNetworkFirewallPolicyRuleMatchArgs', 'RegionNetworkFirewallPolicyRuleMatchArgsDict']] match: A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
-        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
-        :param pulumi.Input[str] project: The project for the resource
+               Structure is documented below.
+        :param pulumi.Input[int] priority: An integer indicating the priority of a rule in the list.
+               The priority must be a positive value between 0 and 2147483647.
+               Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         :param pulumi.Input[str] region: The location of this resource.
         :param pulumi.Input[str] rule_name: An optional name for the rule. This field is not a unique identifier and can be updated.
         :param pulumi.Input[int] rule_tuple_count: Calculation of the complexity of a single firewall policy rule.
-        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfileGroup resource. Example:
-               https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-               It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
-        :param pulumi.Input[Sequence[pulumi.Input[Union['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs', 'RegionNetworkFirewallPolicyRuleTargetSecureTagArgsDict']]]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-               specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-               tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-               <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-               <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-               instances on the specified network. Maximum number of target label tags allowed is 256.
+        :param pulumi.Input[str] security_profile_group: A fully-qualified URL of a SecurityProfile resource instance. Example:
+               https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+               Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+               Group and Firewall Policy Rule must be in the same scope.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['RegionNetworkFirewallPolicyRuleTargetSecureTagArgs', 'RegionNetworkFirewallPolicyRuleTargetSecureTagArgsDict']]]] target_secure_tags: A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+               the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+               targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+               time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+               applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] target_service_accounts: A list of service accounts indicating the sets of instances that are applied with this rule.
-        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        :param pulumi.Input[bool] tls_inspect: Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
                'apply_security_profile_group' and cannot be set for other actions.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -959,6 +1002,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
         __props__ = _RegionNetworkFirewallPolicyRuleState.__new__(_RegionNetworkFirewallPolicyRuleState)
 
         __props__.__dict__["action"] = action
+        __props__.__dict__["creation_timestamp"] = creation_timestamp
         __props__.__dict__["description"] = description
         __props__.__dict__["direction"] = direction
         __props__.__dict__["disabled"] = disabled
@@ -985,6 +1029,14 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
         """
         return pulumi.get(self, "action")
 
+    @property
+    @pulumi.getter(name="creationTimestamp")
+    def creation_timestamp(self) -> pulumi.Output[str]:
+        """
+        Creation timestamp in RFC3339 text format.
+        """
+        return pulumi.get(self, "creation_timestamp")
+
     @property
     @pulumi.getter
     def description(self) -> pulumi.Output[Optional[str]]:
@@ -997,7 +1049,8 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
     @pulumi.getter
     def direction(self) -> pulumi.Output[str]:
         """
-        The direction in which this rule applies. Possible values: INGRESS, EGRESS
+        The direction in which this rule applies.
+        Possible values are: `INGRESS`, `EGRESS`.
         """
         return pulumi.get(self, "direction")
 
@@ -1041,6 +1094,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
     def match(self) -> pulumi.Output['outputs.RegionNetworkFirewallPolicyRuleMatch']:
         """
         A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.
+        Structure is documented below.
         """
         return pulumi.get(self, "match")
 
@@ -1048,16 +1102,15 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
     @pulumi.getter
     def priority(self) -> pulumi.Output[int]:
         """
-        An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
+        An integer indicating the priority of a rule in the list.
+        The priority must be a positive value between 0 and 2147483647.
+        Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.
         """
         return pulumi.get(self, "priority")
 
     @property
     @pulumi.getter
     def project(self) -> pulumi.Output[str]:
-        """
-        The project for the resource
-        """
         return pulumi.get(self, "project")
 
     @property
@@ -1088,9 +1141,10 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
     @pulumi.getter(name="securityProfileGroup")
     def security_profile_group(self) -> pulumi.Output[Optional[str]]:
         """
-        A fully-qualified URL of a SecurityProfileGroup resource. Example:
-        https://networksecurity.googleapis.com/v1/organizations/{organizationId}/locations/global/securityProfileGroups/my-security-profile-group.
-        It must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions.
+        A fully-qualified URL of a SecurityProfile resource instance. Example:
+        https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+        Must be specified if action = 'apply_security_profile_group' and cannot be specified for other actions. Security Profile
+        Group and Firewall Policy Rule must be in the same scope.
         """
         return pulumi.get(self, "security_profile_group")
 
@@ -1098,12 +1152,11 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
     @pulumi.getter(name="targetSecureTags")
     def target_secure_tags(self) -> pulumi.Output[Optional[Sequence['outputs.RegionNetworkFirewallPolicyRuleTargetSecureTag']]]:
         """
-        A list of secure tags that controls which instances the firewall rule applies to. If <code>targetSecureTag</code> are
-        specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure
-        tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored.
-        <code>targetSecureTag</code> may not be set at the same time as <code>targetServiceAccounts</code>. If neither
-        <code>targetServiceAccounts</code> nor <code>targetSecureTag</code> are specified, the firewall rule applies to all
-        instances on the specified network. Maximum number of target label tags allowed is 256.
+        A list of secure tags that controls which instances the firewall rule applies to. If targetSecureTag are specified, then
+        the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the
+        targetSecureTag are in INEFFECTIVE state, then this rule will be ignored. targetSecureTag may not be set at the same
+        time as targetServiceAccounts. If neither targetServiceAccounts nor targetSecureTag are specified, the firewall rule
+        applies to all instances on the specified network. Maximum number of target label tags allowed is 256.
         """
         return pulumi.get(self, "target_secure_tags")
 
@@ -1119,7 +1172,7 @@ class RegionNetworkFirewallPolicyRule(pulumi.CustomResource):
     @pulumi.getter(name="tlsInspect")
     def tls_inspect(self) -> pulumi.Output[Optional[bool]]:
         """
-        Boolean flag indicating if the traffic should be TLS decrypted. It can be set only if action =
+        Boolean flag indicating if the traffic should be TLS decrypted. Can be set only if action =
         'apply_security_profile_group' and cannot be set for other actions.
         """
         return pulumi.get(self, "tls_inspect")

pulumi_gcp/config/__init__.pyi

@@ -259,6 +259,8 @@ networkServicesCustomEndpoint: Optional[str]
 
 notebooksCustomEndpoint: Optional[str]
 
+oracleDatabaseCustomEndpoint: Optional[str]
+
 orgPolicyCustomEndpoint: Optional[str]
 
 osConfigCustomEndpoint: Optional[str]
@@ -349,6 +351,8 @@ tpuCustomEndpoint: Optional[str]
 
 tpuV2CustomEndpoint: Optional[str]
 
+transcoderCustomEndpoint: Optional[str]
+
 universeDomain: Optional[str]
 
 userProjectOverride: Optional[bool]