pulumi-gcp 8.7.0a1730183903__py3-none-any.whl → 8.7.0a1730196225__py3-none-any.whl

pulumi_gcp/secretmanager/get_regional_secret_version_access.py

@@ -26,10 +26,13 @@ class GetRegionalSecretVersionAccessResult:
     """
     A collection of values returned by getRegionalSecretVersionAccess.
     """
-    def __init__(__self__, id=None, location=None, name=None, project=None, secret=None, secret_data=None, version=None):
+    def __init__(__self__, id=None, is_secret_data_base64=None, location=None, name=None, project=None, secret=None, secret_data=None, version=None):
         if id and not isinstance(id, str):
             raise TypeError("Expected argument 'id' to be a str")
         pulumi.set(__self__, "id", id)
+        if is_secret_data_base64 and not isinstance(is_secret_data_base64, bool):
+            raise TypeError("Expected argument 'is_secret_data_base64' to be a bool")
+        pulumi.set(__self__, "is_secret_data_base64", is_secret_data_base64)
         if location and not isinstance(location, str):
             raise TypeError("Expected argument 'location' to be a str")
         pulumi.set(__self__, "location", location)
@@ -57,6 +60,11 @@ class GetRegionalSecretVersionAccessResult:
         """
         return pulumi.get(self, "id")
 
+    @property
+    @pulumi.getter(name="isSecretDataBase64")
+    def is_secret_data_base64(self) -> Optional[bool]:
+        return pulumi.get(self, "is_secret_data_base64")
+
     @property
     @pulumi.getter
     def location(self) -> str:
@@ -102,6 +110,7 @@ class AwaitableGetRegionalSecretVersionAccessResult(GetRegionalSecretVersionAcce
             yield self
         return GetRegionalSecretVersionAccessResult(
             id=self.id,
+            is_secret_data_base64=self.is_secret_data_base64,
             location=self.location,
             name=self.name,
             project=self.project,
@@ -110,13 +119,14 @@ class AwaitableGetRegionalSecretVersionAccessResult(GetRegionalSecretVersionAcce
             version=self.version)
 
 
-def get_regional_secret_version_access(location: Optional[str] = None,
+def get_regional_secret_version_access(is_secret_data_base64: Optional[bool] = None,
+                                       location: Optional[str] = None,
                                        project: Optional[str] = None,
                                        secret: Optional[str] = None,
                                        version: Optional[str] = None,
                                        opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetRegionalSecretVersionAccessResult:
     """
-    Get the value from a Secret Manager regional secret version. This is similar to the secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/access).
+    Get the value from a Secret Manager regional secret version. This is similar to the secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions/access).
 
     ## Example Usage
 
@@ -129,6 +139,8 @@ def get_regional_secret_version_access(location: Optional[str] = None,
     ```
 
 
+    :param bool is_secret_data_base64: If set to 'true', the secret data is
+           expected to be base64-encoded string.
     :param str location: Location of Secret Manager regional secret resource.
            It must be provided when the `secret` field provided consists of only the name of the regional secret.
     :param str project: The project to get the secret version for. If it
@@ -139,6 +151,7 @@ def get_regional_secret_version_access(location: Optional[str] = None,
            is not provided, the latest version is retrieved.
     """
     __args__ = dict()
+    __args__['isSecretDataBase64'] = is_secret_data_base64
     __args__['location'] = location
     __args__['project'] = project
     __args__['secret'] = secret
@@ -148,19 +161,21 @@ def get_regional_secret_version_access(location: Optional[str] = None,
 
     return AwaitableGetRegionalSecretVersionAccessResult(
         id=pulumi.get(__ret__, 'id'),
+        is_secret_data_base64=pulumi.get(__ret__, 'is_secret_data_base64'),
         location=pulumi.get(__ret__, 'location'),
         name=pulumi.get(__ret__, 'name'),
         project=pulumi.get(__ret__, 'project'),
         secret=pulumi.get(__ret__, 'secret'),
         secret_data=pulumi.get(__ret__, 'secret_data'),
         version=pulumi.get(__ret__, 'version'))
-def get_regional_secret_version_access_output(location: Optional[pulumi.Input[Optional[str]]] = None,
+def get_regional_secret_version_access_output(is_secret_data_base64: Optional[pulumi.Input[Optional[bool]]] = None,
+                                              location: Optional[pulumi.Input[Optional[str]]] = None,
                                               project: Optional[pulumi.Input[Optional[str]]] = None,
                                               secret: Optional[pulumi.Input[str]] = None,
                                               version: Optional[pulumi.Input[Optional[str]]] = None,
                                               opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetRegionalSecretVersionAccessResult]:
     """
-    Get the value from a Secret Manager regional secret version. This is similar to the secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/access).
+    Get the value from a Secret Manager regional secret version. This is similar to the secretmanager.RegionalSecretVersion datasource, but it only requires the [Secret Manager Secret Accessor](https://cloud.google.com/secret-manager/docs/access-control#secretmanager.secretAccessor) role. For more information see the [official documentation](https://cloud.google.com/secret-manager/docs/regional-secrets-overview) and [API](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets.versions/access).
 
     ## Example Usage
 
@@ -173,6 +188,8 @@ def get_regional_secret_version_access_output(location: Optional[pulumi.Input[Op
     ```
 
 
+    :param bool is_secret_data_base64: If set to 'true', the secret data is
+           expected to be base64-encoded string.
     :param str location: Location of Secret Manager regional secret resource.
            It must be provided when the `secret` field provided consists of only the name of the regional secret.
     :param str project: The project to get the secret version for. If it
@@ -183,6 +200,7 @@ def get_regional_secret_version_access_output(location: Optional[pulumi.Input[Op
            is not provided, the latest version is retrieved.
     """
     __args__ = dict()
+    __args__['isSecretDataBase64'] = is_secret_data_base64
     __args__['location'] = location
     __args__['project'] = project
     __args__['secret'] = secret
@@ -191,6 +209,7 @@ def get_regional_secret_version_access_output(location: Optional[pulumi.Input[Op
     __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getRegionalSecretVersionAccess:getRegionalSecretVersionAccess', __args__, opts=opts, typ=GetRegionalSecretVersionAccessResult)
     return __ret__.apply(lambda __response__: GetRegionalSecretVersionAccessResult(
         id=pulumi.get(__response__, 'id'),
+        is_secret_data_base64=pulumi.get(__response__, 'is_secret_data_base64'),
         location=pulumi.get(__response__, 'location'),
         name=pulumi.get(__response__, 'name'),
         project=pulumi.get(__response__, 'project'),

pulumi_gcp/secretmanager/get_secret_version.py

@@ -26,7 +26,7 @@ class GetSecretVersionResult:
     """
     A collection of values returned by getSecretVersion.
     """
-    def __init__(__self__, create_time=None, destroy_time=None, enabled=None, id=None, name=None, project=None, secret=None, secret_data=None, version=None):
+    def __init__(__self__, create_time=None, destroy_time=None, enabled=None, id=None, is_secret_data_base64=None, name=None, project=None, secret=None, secret_data=None, version=None):
         if create_time and not isinstance(create_time, str):
             raise TypeError("Expected argument 'create_time' to be a str")
         pulumi.set(__self__, "create_time", create_time)
@@ -39,6 +39,9 @@ class GetSecretVersionResult:
         if id and not isinstance(id, str):
             raise TypeError("Expected argument 'id' to be a str")
         pulumi.set(__self__, "id", id)
+        if is_secret_data_base64 and not isinstance(is_secret_data_base64, bool):
+            raise TypeError("Expected argument 'is_secret_data_base64' to be a bool")
+        pulumi.set(__self__, "is_secret_data_base64", is_secret_data_base64)
         if name and not isinstance(name, str):
             raise TypeError("Expected argument 'name' to be a str")
         pulumi.set(__self__, "name", name)
@@ -87,6 +90,11 @@ class GetSecretVersionResult:
         """
         return pulumi.get(self, "id")
 
+    @property
+    @pulumi.getter(name="isSecretDataBase64")
+    def is_secret_data_base64(self) -> Optional[bool]:
+        return pulumi.get(self, "is_secret_data_base64")
+
     @property
     @pulumi.getter
     def name(self) -> str:
@@ -130,6 +138,7 @@ class AwaitableGetSecretVersionResult(GetSecretVersionResult):
             destroy_time=self.destroy_time,
             enabled=self.enabled,
             id=self.id,
+            is_secret_data_base64=self.is_secret_data_base64,
             name=self.name,
             project=self.project,
             secret=self.secret,
@@ -137,7 +146,8 @@ class AwaitableGetSecretVersionResult(GetSecretVersionResult):
             version=self.version)
 
 
-def get_secret_version(project: Optional[str] = None,
+def get_secret_version(is_secret_data_base64: Optional[bool] = None,
+                       project: Optional[str] = None,
                        secret: Optional[str] = None,
                        version: Optional[str] = None,
                        opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetSecretVersionResult:
@@ -154,6 +164,8 @@ def get_secret_version(project: Optional[str] = None,
     ```
 
 
+    :param bool is_secret_data_base64: If set to 'true', the secret data is
+           expected to be base64-encoded string.
     :param str project: The project to get the secret version for. If it
            is not provided, the provider project is used.
     :param str secret: The secret to get the secret version for.
@@ -161,6 +173,7 @@ def get_secret_version(project: Optional[str] = None,
            is not provided, the latest version is retrieved.
     """
     __args__ = dict()
+    __args__['isSecretDataBase64'] = is_secret_data_base64
     __args__['project'] = project
     __args__['secret'] = secret
     __args__['version'] = version
@@ -172,12 +185,14 @@ def get_secret_version(project: Optional[str] = None,
         destroy_time=pulumi.get(__ret__, 'destroy_time'),
         enabled=pulumi.get(__ret__, 'enabled'),
         id=pulumi.get(__ret__, 'id'),
+        is_secret_data_base64=pulumi.get(__ret__, 'is_secret_data_base64'),
         name=pulumi.get(__ret__, 'name'),
         project=pulumi.get(__ret__, 'project'),
         secret=pulumi.get(__ret__, 'secret'),
         secret_data=pulumi.get(__ret__, 'secret_data'),
         version=pulumi.get(__ret__, 'version'))
-def get_secret_version_output(project: Optional[pulumi.Input[Optional[str]]] = None,
+def get_secret_version_output(is_secret_data_base64: Optional[pulumi.Input[Optional[bool]]] = None,
+                              project: Optional[pulumi.Input[Optional[str]]] = None,
                               secret: Optional[pulumi.Input[str]] = None,
                               version: Optional[pulumi.Input[Optional[str]]] = None,
                               opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretVersionResult]:
@@ -194,6 +209,8 @@ def get_secret_version_output(project: Optional[pulumi.Input[Optional[str]]] = N
     ```
 
 
+    :param bool is_secret_data_base64: If set to 'true', the secret data is
+           expected to be base64-encoded string.
     :param str project: The project to get the secret version for. If it
            is not provided, the provider project is used.
     :param str secret: The secret to get the secret version for.
@@ -201,6 +218,7 @@ def get_secret_version_output(project: Optional[pulumi.Input[Optional[str]]] = N
            is not provided, the latest version is retrieved.
     """
     __args__ = dict()
+    __args__['isSecretDataBase64'] = is_secret_data_base64
     __args__['project'] = project
     __args__['secret'] = secret
     __args__['version'] = version
@@ -211,6 +229,7 @@ def get_secret_version_output(project: Optional[pulumi.Input[Optional[str]]] = N
         destroy_time=pulumi.get(__response__, 'destroy_time'),
         enabled=pulumi.get(__response__, 'enabled'),
         id=pulumi.get(__response__, 'id'),
+        is_secret_data_base64=pulumi.get(__response__, 'is_secret_data_base64'),
         name=pulumi.get(__response__, 'name'),
         project=pulumi.get(__response__, 'project'),
         secret=pulumi.get(__response__, 'secret'),

pulumi_gcp/secretmanager/get_secret_version_access.py

@@ -26,10 +26,13 @@ class GetSecretVersionAccessResult:
     """
     A collection of values returned by getSecretVersionAccess.
     """
-    def __init__(__self__, id=None, name=None, project=None, secret=None, secret_data=None, version=None):
+    def __init__(__self__, id=None, is_secret_data_base64=None, name=None, project=None, secret=None, secret_data=None, version=None):
         if id and not isinstance(id, str):
             raise TypeError("Expected argument 'id' to be a str")
         pulumi.set(__self__, "id", id)
+        if is_secret_data_base64 and not isinstance(is_secret_data_base64, bool):
+            raise TypeError("Expected argument 'is_secret_data_base64' to be a bool")
+        pulumi.set(__self__, "is_secret_data_base64", is_secret_data_base64)
         if name and not isinstance(name, str):
             raise TypeError("Expected argument 'name' to be a str")
         pulumi.set(__self__, "name", name)
@@ -54,6 +57,11 @@ class GetSecretVersionAccessResult:
         """
         return pulumi.get(self, "id")
 
+    @property
+    @pulumi.getter(name="isSecretDataBase64")
+    def is_secret_data_base64(self) -> Optional[bool]:
+        return pulumi.get(self, "is_secret_data_base64")
+
     @property
     @pulumi.getter
     def name(self) -> str:
@@ -94,6 +102,7 @@ class AwaitableGetSecretVersionAccessResult(GetSecretVersionAccessResult):
             yield self
         return GetSecretVersionAccessResult(
             id=self.id,
+            is_secret_data_base64=self.is_secret_data_base64,
             name=self.name,
             project=self.project,
             secret=self.secret,
@@ -101,7 +110,8 @@ class AwaitableGetSecretVersionAccessResult(GetSecretVersionAccessResult):
             version=self.version)
 
 
-def get_secret_version_access(project: Optional[str] = None,
+def get_secret_version_access(is_secret_data_base64: Optional[bool] = None,
+                              project: Optional[str] = None,
                               secret: Optional[str] = None,
                               version: Optional[str] = None,
                               opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetSecretVersionAccessResult:
@@ -118,6 +128,8 @@ def get_secret_version_access(project: Optional[str] = None,
     ```
 
 
+    :param bool is_secret_data_base64: If set to 'true', the secret data is
+           expected to be base64-encoded string.
     :param str project: The project to get the secret version for. If it
            is not provided, the provider project is used.
     :param str secret: The secret to get the secret version for.
@@ -125,6 +137,7 @@ def get_secret_version_access(project: Optional[str] = None,
            is not provided, the latest version is retrieved.
     """
     __args__ = dict()
+    __args__['isSecretDataBase64'] = is_secret_data_base64
     __args__['project'] = project
     __args__['secret'] = secret
     __args__['version'] = version
@@ -133,12 +146,14 @@ def get_secret_version_access(project: Optional[str] = None,
 
     return AwaitableGetSecretVersionAccessResult(
         id=pulumi.get(__ret__, 'id'),
+        is_secret_data_base64=pulumi.get(__ret__, 'is_secret_data_base64'),
         name=pulumi.get(__ret__, 'name'),
         project=pulumi.get(__ret__, 'project'),
         secret=pulumi.get(__ret__, 'secret'),
         secret_data=pulumi.get(__ret__, 'secret_data'),
         version=pulumi.get(__ret__, 'version'))
-def get_secret_version_access_output(project: Optional[pulumi.Input[Optional[str]]] = None,
+def get_secret_version_access_output(is_secret_data_base64: Optional[pulumi.Input[Optional[bool]]] = None,
+                                     project: Optional[pulumi.Input[Optional[str]]] = None,
                                      secret: Optional[pulumi.Input[str]] = None,
                                      version: Optional[pulumi.Input[Optional[str]]] = None,
                                      opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetSecretVersionAccessResult]:
@@ -155,6 +170,8 @@ def get_secret_version_access_output(project: Optional[pulumi.Input[Optional[str
     ```
 
 
+    :param bool is_secret_data_base64: If set to 'true', the secret data is
+           expected to be base64-encoded string.
     :param str project: The project to get the secret version for. If it
            is not provided, the provider project is used.
     :param str secret: The secret to get the secret version for.
@@ -162,6 +179,7 @@ def get_secret_version_access_output(project: Optional[pulumi.Input[Optional[str
            is not provided, the latest version is retrieved.
     """
     __args__ = dict()
+    __args__['isSecretDataBase64'] = is_secret_data_base64
     __args__['project'] = project
     __args__['secret'] = secret
     __args__['version'] = version
@@ -169,6 +187,7 @@ def get_secret_version_access_output(project: Optional[pulumi.Input[Optional[str
     __ret__ = pulumi.runtime.invoke_output('gcp:secretmanager/getSecretVersionAccess:getSecretVersionAccess', __args__, opts=opts, typ=GetSecretVersionAccessResult)
     return __ret__.apply(lambda __response__: GetSecretVersionAccessResult(
         id=pulumi.get(__response__, 'id'),
+        is_secret_data_base64=pulumi.get(__response__, 'is_secret_data_base64'),
         name=pulumi.get(__response__, 'name'),
         project=pulumi.get(__response__, 'project'),
         secret=pulumi.get(__response__, 'secret'),

pulumi_gcp/secretmanager/regional_secret.py

@@ -703,7 +703,7 @@ class RegionalSecret(pulumi.CustomResource):
 
         To get more information about RegionalSecret, see:
 
-        * [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets)
+        * [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets)
 
         ## Example Usage
 
@@ -922,7 +922,7 @@ class RegionalSecret(pulumi.CustomResource):
 
         To get more information about RegionalSecret, see:
 
-        * [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets)
+        * [API documentation](https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.locations.secrets)
 
         ## Example Usage
 

pulumi_gcp/siteverification/get_token.py

@@ -93,14 +93,6 @@ def get_token(identifier: Optional[str] = None,
               verification_method: Optional[str] = None,
               opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetTokenResult:
     """
-    ## subcategory: "Site Verification"
-
-    description: |-
-      A verification token is used to demonstrate ownership of a website or domain.
-    ---
-
-    # siteverification_get_token
-
     A verification token is used to demonstrate ownership of a website or domain.
 
     To get more information about Token, see:
@@ -163,14 +155,6 @@ def get_token_output(identifier: Optional[pulumi.Input[str]] = None,
                      verification_method: Optional[pulumi.Input[str]] = None,
                      opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTokenResult]:
     """
-    ## subcategory: "Site Verification"
-
-    description: |-
-      A verification token is used to demonstrate ownership of a website or domain.
-    ---
-
-    # siteverification_get_token
-
     A verification token is used to demonstrate ownership of a website or domain.
 
     To get more information about Token, see:

pulumi_gcp/siteverification/owner.py

@@ -115,14 +115,6 @@ class Owner(pulumi.CustomResource):
                  web_resource_id: Optional[pulumi.Input[str]] = None,
                  __props__=None):
         """
-        ## subcategory: "Site Verification"
-
-        description: |-
-          Manages additional owners on verified web resources.
-        ---
-
-        # siteverification.Owner
-
         An owner is an additional user that may manage a verified web site in the
         [Google Search Console](https://www.google.com/webmasters/tools/). There
         are two types of web resource owners:
@@ -221,14 +213,6 @@ class Owner(pulumi.CustomResource):
                  args: OwnerArgs,
                  opts: Optional[pulumi.ResourceOptions] = None):
         """
-        ## subcategory: "Site Verification"
-
-        description: |-
-          Manages additional owners on verified web resources.
-        ---
-
-        # siteverification.Owner
-
         An owner is an additional user that may manage a verified web site in the
         [Google Search Console](https://www.google.com/webmasters/tools/). There
         are two types of web resource owners:

pulumi_gcp/spanner/_inputs.py

@@ -168,27 +168,38 @@ class BackupScheduleSpecCronSpecArgs:
 
 if not MYPY:
     class DatabaseEncryptionConfigArgsDict(TypedDict):
-        kms_key_name: pulumi.Input[str]
+        kms_key_name: NotRequired[pulumi.Input[str]]
         """
         Fully qualified name of the KMS key to use to encrypt this database. This key must exist
         in the same location as the Spanner Database.
         """
+        kms_key_names: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
+        """
+        Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
+        in the same locations as the Spanner Database.
+        """
 elif False:
     DatabaseEncryptionConfigArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class DatabaseEncryptionConfigArgs:
     def __init__(__self__, *,
-                 kms_key_name: pulumi.Input[str]):
+                 kms_key_name: Optional[pulumi.Input[str]] = None,
+                 kms_key_names: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         :param pulumi.Input[str] kms_key_name: Fully qualified name of the KMS key to use to encrypt this database. This key must exist
                in the same location as the Spanner Database.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] kms_key_names: Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
+               in the same locations as the Spanner Database.
         """
-        pulumi.set(__self__, "kms_key_name", kms_key_name)
+        if kms_key_name is not None:
+            pulumi.set(__self__, "kms_key_name", kms_key_name)
+        if kms_key_names is not None:
+            pulumi.set(__self__, "kms_key_names", kms_key_names)
 
     @property
     @pulumi.getter(name="kmsKeyName")
-    def kms_key_name(self) -> pulumi.Input[str]:
+    def kms_key_name(self) -> Optional[pulumi.Input[str]]:
         """
         Fully qualified name of the KMS key to use to encrypt this database. This key must exist
         in the same location as the Spanner Database.
@@ -196,9 +207,22 @@ class DatabaseEncryptionConfigArgs:
         return pulumi.get(self, "kms_key_name")
 
     @kms_key_name.setter
-    def kms_key_name(self, value: pulumi.Input[str]):
+    def kms_key_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "kms_key_name", value)
 
+    @property
+    @pulumi.getter(name="kmsKeyNames")
+    def kms_key_names(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
+        """
+        Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
+        in the same locations as the Spanner Database.
+        """
+        return pulumi.get(self, "kms_key_names")
+
+    @kms_key_names.setter
+    def kms_key_names(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
+        pulumi.set(self, "kms_key_names", value)
+
 
 if not MYPY:
     class DatabaseIAMBindingConditionArgsDict(TypedDict):

pulumi_gcp/spanner/outputs.py

@@ -130,6 +130,8 @@ class DatabaseEncryptionConfig(dict):
         suggest = None
         if key == "kmsKeyName":
             suggest = "kms_key_name"
+        elif key == "kmsKeyNames":
+            suggest = "kms_key_names"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in DatabaseEncryptionConfig. Access the value via the '{suggest}' property getter instead.")
@@ -143,22 +145,37 @@ class DatabaseEncryptionConfig(dict):
         return super().get(key, default)
 
     def __init__(__self__, *,
-                 kms_key_name: str):
+                 kms_key_name: Optional[str] = None,
+                 kms_key_names: Optional[Sequence[str]] = None):
         """
         :param str kms_key_name: Fully qualified name of the KMS key to use to encrypt this database. This key must exist
                in the same location as the Spanner Database.
+        :param Sequence[str] kms_key_names: Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
+               in the same locations as the Spanner Database.
         """
-        pulumi.set(__self__, "kms_key_name", kms_key_name)
+        if kms_key_name is not None:
+            pulumi.set(__self__, "kms_key_name", kms_key_name)
+        if kms_key_names is not None:
+            pulumi.set(__self__, "kms_key_names", kms_key_names)
 
     @property
     @pulumi.getter(name="kmsKeyName")
-    def kms_key_name(self) -> str:
+    def kms_key_name(self) -> Optional[str]:
         """
         Fully qualified name of the KMS key to use to encrypt this database. This key must exist
         in the same location as the Spanner Database.
         """
         return pulumi.get(self, "kms_key_name")
 
+    @property
+    @pulumi.getter(name="kmsKeyNames")
+    def kms_key_names(self) -> Optional[Sequence[str]]:
+        """
+        Fully qualified name of the KMS keys to use to encrypt this database. The keys must exist
+        in the same locations as the Spanner Database.
+        """
+        return pulumi.get(self, "kms_key_names")
+
 
 @pulumi.output_type
 class DatabaseIAMBindingCondition(dict):

pulumi_gcp/sql/_inputs.py

@@ -1837,11 +1837,11 @@ if not MYPY:
         """
         server_ca_mode: NotRequired[pulumi.Input[str]]
         """
-        Specify how the server certificate's Certificate Authority is hosted. Supported value is `GOOGLE_MANAGED_INTERNAL_CA`.
+        Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`.
         """
         ssl_mode: NotRequired[pulumi.Input[str]]
         """
-        Specify how SSL connection should be enforced in DB connections.
+        Specify how SSL connection should be enforced in DB connections. Supported values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY`, and `TRUSTED_CLIENT_CERTIFICATE_REQUIRED` (not supported for SQL Server). See [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1/instances#ipconfiguration) for details.
         """
 elif False:
     DatabaseInstanceSettingsIpConfigurationArgsDict: TypeAlias = Mapping[str, Any]
@@ -1869,8 +1869,8 @@ class DatabaseInstanceSettingsIpConfigurationArgs:
                At least `ipv4_enabled` must be enabled or a `private_network` must be configured.
                This setting can be updated, but it cannot be removed after it is set.
         :param pulumi.Input[Sequence[pulumi.Input['DatabaseInstanceSettingsIpConfigurationPscConfigArgs']]] psc_configs: PSC settings for a Cloud SQL instance.
-        :param pulumi.Input[str] server_ca_mode: Specify how the server certificate's Certificate Authority is hosted. Supported value is `GOOGLE_MANAGED_INTERNAL_CA`.
-        :param pulumi.Input[str] ssl_mode: Specify how SSL connection should be enforced in DB connections.
+        :param pulumi.Input[str] server_ca_mode: Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`.
+        :param pulumi.Input[str] ssl_mode: Specify how SSL connection should be enforced in DB connections. Supported values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY`, and `TRUSTED_CLIENT_CERTIFICATE_REQUIRED` (not supported for SQL Server). See [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1/instances#ipconfiguration) for details.
         """
         if allocated_ip_range is not None:
             pulumi.set(__self__, "allocated_ip_range", allocated_ip_range)
@@ -1968,7 +1968,7 @@ class DatabaseInstanceSettingsIpConfigurationArgs:
     @pulumi.getter(name="serverCaMode")
     def server_ca_mode(self) -> Optional[pulumi.Input[str]]:
         """
-        Specify how the server certificate's Certificate Authority is hosted. Supported value is `GOOGLE_MANAGED_INTERNAL_CA`.
+        Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`.
         """
         return pulumi.get(self, "server_ca_mode")
 
@@ -1980,7 +1980,7 @@ class DatabaseInstanceSettingsIpConfigurationArgs:
     @pulumi.getter(name="sslMode")
     def ssl_mode(self) -> Optional[pulumi.Input[str]]:
         """
-        Specify how SSL connection should be enforced in DB connections.
+        Specify how SSL connection should be enforced in DB connections. Supported values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY`, and `TRUSTED_CLIENT_CERTIFICATE_REQUIRED` (not supported for SQL Server). See [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1/instances#ipconfiguration) for details.
         """
         return pulumi.get(self, "ssl_mode")
 

pulumi_gcp/sql/outputs.py

@@ -1492,8 +1492,8 @@ class DatabaseInstanceSettingsIpConfiguration(dict):
                At least `ipv4_enabled` must be enabled or a `private_network` must be configured.
                This setting can be updated, but it cannot be removed after it is set.
         :param Sequence['DatabaseInstanceSettingsIpConfigurationPscConfigArgs'] psc_configs: PSC settings for a Cloud SQL instance.
-        :param str server_ca_mode: Specify how the server certificate's Certificate Authority is hosted. Supported value is `GOOGLE_MANAGED_INTERNAL_CA`.
-        :param str ssl_mode: Specify how SSL connection should be enforced in DB connections.
+        :param str server_ca_mode: Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`.
+        :param str ssl_mode: Specify how SSL connection should be enforced in DB connections. Supported values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY`, and `TRUSTED_CLIENT_CERTIFICATE_REQUIRED` (not supported for SQL Server). See [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1/instances#ipconfiguration) for details.
         """
         if allocated_ip_range is not None:
             pulumi.set(__self__, "allocated_ip_range", allocated_ip_range)
@@ -1567,7 +1567,7 @@ class DatabaseInstanceSettingsIpConfiguration(dict):
     @pulumi.getter(name="serverCaMode")
     def server_ca_mode(self) -> Optional[str]:
         """
-        Specify how the server certificate's Certificate Authority is hosted. Supported value is `GOOGLE_MANAGED_INTERNAL_CA`.
+        Specify how the server certificate's Certificate Authority is hosted. Supported values are `GOOGLE_MANAGED_INTERNAL_CA` and `GOOGLE_MANAGED_CAS_CA`.
         """
         return pulumi.get(self, "server_ca_mode")
 
@@ -1575,7 +1575,7 @@ class DatabaseInstanceSettingsIpConfiguration(dict):
     @pulumi.getter(name="sslMode")
     def ssl_mode(self) -> Optional[str]:
         """
-        Specify how SSL connection should be enforced in DB connections.
+        Specify how SSL connection should be enforced in DB connections. Supported values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY`, and `TRUSTED_CLIENT_CERTIFICATE_REQUIRED` (not supported for SQL Server). See [API reference doc](https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1/instances#ipconfiguration) for details.
         """
         return pulumi.get(self, "ssl_mode")