hashicorp · modular-magician · Apr 28, 2023 · Apr 28, 2023
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
@@ -106,7 +106,7 @@ or use existing tokens to access resources. If the pool is re-enabled, existing
 				Type:     schema.TypeString,
 				Optional: true,
 				Description: `Duration that the Google Cloud access tokens, console sign-in sessions,
-and 'gcloud' sign-in sessions from this pool are valid.  
+and 'gcloud' sign-in sessions from this pool are valid.
 Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
 If 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).
 A duration in seconds with up to nine fractional digits, ending with ''s''. Example: "'3.5s'".`,

@@ -245,9 +245,9 @@ The max size of the acceptable xml document will be bounded to 128k characters.
 The metadata xml document should satisfy the following constraints:
 1) Must contain an Identity Provider Entity ID.
 2) Must contain at least one non-expired signing key certificate.
-3) For each signing key: 
-  a) Valid from should be no more than 7 days from now. 
-  b) Valid to should be no more than 10 years in the future. 
+3) For each signing key:
+  a) Valid from should be no more than 7 days from now.
+  b) Valid to should be no more than 10 years in the future.
 4) Up to 3 IdP signing keys are allowed in the metadata xml.
 
 When updating the provider's metadata xml, at least one non-expired signing key

@@ -85,8 +85,8 @@ func ResourceIdentityPlatformProjectDefaultConfig() *schema.Resource {
 									"password_required": {
 										Type:     schema.TypeBool,
 										Optional: true,
-										Description: `Whether a password is required for email auth or not. If true, both an email and 
-password must be provided to sign in. If false, a user may sign in via either 
+										Description: `Whether a password is required for email auth or not. If true, both an email and
+password must be provided to sign in. If false, a user may sign in via either
 email/password or email link.`,
 									},
 								},

@@ -112,7 +112,7 @@ letter 's' (seconds). It must be greater than a day (ie, 86400).`,
 				Type:     schema.TypeBool,
 				Optional: true,
 				ForceNew: true,
-				Description: `If set to true, the request will create a CryptoKey without any CryptoKeyVersions. 
+				Description: `If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
 You must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.`,
 			},
 			"version_template": {

@@ -203,8 +203,8 @@ For counter metrics, set this to INT64. Possible values: ["BOOL", "INT64", "DOUB
 						"display_name": {
 							Type:     schema.TypeString,
 							Optional: true,
-							Description: `A concise name for the metric, which can be displayed in user interfaces. Use sentence case 
-without an ending period, for example "Request count". This field is optional but it is 
+							Description: `A concise name for the metric, which can be displayed in user interfaces. Use sentence case
+without an ending period, for example "Request count". This field is optional but it is
 recommended to be set for any metrics associated with user-visible concepts, such as Quota.`,
 						},
 						"labels": {

@@ -64,14 +64,14 @@ https://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-struc
 							Type:     schema.TypeMap,
 							Optional: true,
 							ForceNew: true,
-							Description: `Labels that specify the resource that emits the monitoring data 
+							Description: `Labels that specify the resource that emits the monitoring data
 which is used for SLO reporting of this 'Service'.`,
 							Elem: &schema.Schema{Type: schema.TypeString},
 						},
 						"service_type": {
 							Type:     schema.TypeString,
 							Optional: true,
-							Description: `The type of service that this basic service defines, e.g. 
+							Description: `The type of service that this basic service defines, e.g.
 APP_ENGINE service type`,
 						},
 					},

@@ -96,7 +96,7 @@ rule should match the pattern: (^a-z?$).`,
 			"tls_inspection_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Description: `Flag to enable TLS inspection of traffic matching on. Can only be true if the 
+				Description: `Flag to enable TLS inspection of traffic matching on. Can only be true if the
 parent GatewaySecurityPolicy references a TLSInspectionConfig.`,
 			},
 			"create_time": {

@@ -53,7 +53,7 @@ func ResourceNetworkServicesGateway() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 				Description: `One or more port numbers (1-65535), on which the Gateway will receive traffic.
-The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are 
+The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are
 limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.`,
 				Elem: &schema.Schema{
 					Type: schema.TypeInt,
@@ -64,7 +64,7 @@ limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support mu
 				Required: true,
 				Description: `Immutable. Scope determines how configuration across multiple Gateway instances are merged.
 The configuration for multiple Gateway instances with the same scope will be merged as presented as
-a single coniguration to the proxy/load balancer. 
+a single coniguration to the proxy/load balancer.
 Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.`,
 			},
 			"type": {

@@ -56,10 +56,10 @@ func ResourceNetworkServicesMesh() *schema.Resource {
 			"interception_port": {
 				Type:     schema.TypeInt,
 				Optional: true,
-				Description: `Optional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the 
-specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to 
-be redirected to this port regardless of its actual ip:port destination. If unset, a port 
-'15001' is used as the interception port. This will is applicable only for sidecar proxy 
+				Description: `Optional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the
+specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to
+be redirected to this port regardless of its actual ip:port destination. If unset, a port
+'15001' is used as the interception port. This will is applicable only for sidecar proxy
 deployments.`,
 			},
 			"labels": {

@@ -52,7 +52,7 @@ func ResourceNetworkServicesTcpRoute() *schema.Resource {
 			"rules": {
 				Type:     schema.TypeList,
 				Required: true,
-				Description: `Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. 
+				Description: `Rules that define how traffic is routed and handled. At least one RouteRule must be supplied.
 If there are multiple rules then the action taken will be the first rule to match.`,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -96,14 +96,14 @@ If weights are unspecified for all services, then, traffic is distributed in equ
 						"matches": {
 							Type:     schema.TypeList,
 							Optional: true,
-							Description: `RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation. 
+							Description: `RouteMatch defines the predicate used to match requests to a given action. Multiple match types are "OR"ed for evaluation.
 If no routeMatch field is specified, this rule will unconditionally match traffic.`,
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"address": {
 										Type:     schema.TypeString,
 										Required: true,
-										Description: `Must be specified in the CIDR range format. A CIDR range consists of an IP Address and a prefix length to construct the subnet mask. 
+										Description: `Must be specified in the CIDR range format. A CIDR range consists of an IP Address and a prefix length to construct the subnet mask.
 By default, the prefix length is 32 (i.e. matches a single IP address). Only IPV4 addresses are supported. Examples: "10.0.0.1" - matches against this exact IP address. "10.0.0.0/8" - matches against any IP address within the 10.0.0.0 subnet and 255.255.255.0 mask. "0.0.0.0/0" - matches against any IP address'.`,
 									},
 									"port": {

@@ -169,7 +169,7 @@ subordinate CA certificates that are allowed. If this value is less than 0, the
 												"non_ca": {
 													Type:     schema.TypeBool,
 													Optional: true,
-													Description: `When true, the "CA" in Basic Constraints extension will be set to false. 
+													Description: `When true, the "CA" in Basic Constraints extension will be set to false.
 If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.`,
 												},
 												"zero_max_issuer_path_length": {

@@ -463,7 +463,7 @@ subordinate CA certificates that are allowed. If this value is less than 0, the
 													Type:     schema.TypeBool,
 													Optional: true,
 													ForceNew: true,
-													Description: `When true, the "CA" in Basic Constraints extension will be set to false. 
+													Description: `When true, the "CA" in Basic Constraints extension will be set to false.
 If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.`,
 												},
 												"zero_max_issuer_path_length": {
@@ -1375,7 +1375,7 @@ This is in RFC3339 text format.`,
 			"revocation_details": {
 				Type:     schema.TypeList,
 				Computed: true,
-				Description: `Output only. Details regarding the revocation of this Certificate. This Certificate is 
+				Description: `Output only. Details regarding the revocation of this Certificate. This Certificate is
 considered revoked if and only if this field is present.`,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{

@@ -240,7 +240,7 @@ requires setting 'zero_max_issuer_path_length = true'.`,
 													Type:     schema.TypeBool,
 													Optional: true,
 													ForceNew: true,
-													Description: `When true, the "CA" in Basic Constraints extension will be set to false. 
+													Description: `When true, the "CA" in Basic Constraints extension will be set to false.
 If both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.`,
 												},
 												"zero_max_issuer_path_length": {
@@ -700,7 +700,7 @@ and usability purposes only. The resource name is in the format
 						"pem_issuer_chain": {
 							Type:     schema.TypeList,
 							Optional: true,
-							Description: `Contains the PEM certificate chain for the issuers of this CertificateAuthority, 
+							Description: `Contains the PEM certificate chain for the issuers of this CertificateAuthority,
 but not pem certificate for this CA itself.`,
 							MaxItems: 1,
 							Elem: &schema.Resource{

@@ -148,7 +148,7 @@ permission to Acknowledge() messages on this subscription.`,
 Format is 'projects/{project}/topics/{topic}'.
 
 The Cloud Pub/Sub service account associated with the enclosing subscription's
-parent project (i.e., 
+parent project (i.e.,
 service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have
 permission to Publish() to this topic.
 
@@ -162,7 +162,7 @@ since messages published to a topic with no subscriptions are lost.`,
 							Description: `The maximum number of delivery attempts for any message. The value must be
 between 5 and 100.
 
-The number of delivery attempts is defined as 1 + (the sum of number of 
+The number of delivery attempts is defined as 1 + (the sum of number of
 NACKs and number of times the acknowledgement deadline has been exceeded for the message).
 
 A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that
@@ -227,9 +227,9 @@ Example - "3.5s".`,
 				Type:     schema.TypeString,
 				Optional: true,
 				ForceNew: true,
-				Description: `The subscription only delivers the messages that match the filter. 
+				Description: `The subscription only delivers the messages that match the filter.
 Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages
-by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, 
+by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,
 you can't modify the filter.`,
 			},
 			"labels": {
@@ -343,7 +343,7 @@ messageRetentionDuration window.`,
 				Optional: true,
 				Description: `A policy that specifies how Pub/Sub retries message delivery for this subscription.
 
-If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers. 
+If not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.
 RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message`,
 				MaxItems: 1,
 				Elem: &schema.Resource{
@@ -353,7 +353,7 @@ RetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded even
 							Computed:         true,
 							Optional:         true,
 							DiffSuppressFunc: DurationDiffSuppress,
-							Description: `The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. 
+							Description: `The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.
 A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".`,
 						},
 						"minimum_backoff": {

@@ -96,7 +96,7 @@ The following arguments are supported:
 * `session_duration` -
   (Optional)
   Duration that the Google Cloud access tokens, console sign-in sessions,
-  and `gcloud` sign-in sessions from this pool are valid.  
+  and `gcloud` sign-in sessions from this pool are valid.
   Must be greater than 15 minutes (900s) and less than 12 hours (43200s).
   If `sessionDuration` is not configured, minted credentials have a default duration of one hour (3600s).
   A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: "`3.5s`".

@@ -261,9 +261,9 @@ The following arguments are supported:
   The metadata xml document should satisfy the following constraints:
   1) Must contain an Identity Provider Entity ID.
   2) Must contain at least one non-expired signing key certificate.
-  3) For each signing key: 
-    a) Valid from should be no more than 7 days from now. 
-    b) Valid to should be no more than 10 years in the future. 
+  3) For each signing key:
+    a) Valid from should be no more than 7 days from now.
+    b) Valid to should be no more than 10 years in the future.
   4) Up to 3 IdP signing keys are allowed in the metadata xml.
   When updating the provider's metadata xml, at least one non-expired signing key
   must overlap with the existing metadata. This requirement is skipped if there are

@@ -24,9 +24,9 @@ programmatically via API. To convert it into an external brands
 please use the GCP Console.
 
 
-~> **Note:** Brands can only be created once for a Google Cloud 
-project and the underlying Google API doesn't not support DELETE or PATCH methods. 
-Destroying a Terraform-managed Brand will remove it from state 
+~> **Note:** Brands can only be created once for a Google Cloud
+project and the underlying Google API doesn't not support DELETE or PATCH methods.
+Destroying a Terraform-managed Brand will remove it from state
 but *will not delete it from Google Cloud.*
 
 

@@ -23,7 +23,7 @@ Identity Platform configuration for a Cloud project. Identity Platform is an
 end-to-end authentication system for third-party users to access apps
 and services.
 
-This entity is created only once during intialization and cannot be deleted, 
+This entity is created only once during intialization and cannot be deleted,
 individual Identity Providers may be disabled instead.  This resource may only
 be created in billing-enabled projects.
 

@@ -109,8 +109,8 @@ The following arguments are supported:
 
 * `password_required` -
   (Optional)
-  Whether a password is required for email auth or not. If true, both an email and 
-  password must be provided to sign in. If false, a user may sign in via either 
+  Whether a password is required for email auth or not. If true, both an email and
+  password must be provided to sign in. If false, a user may sign in via either
   email/password or email link.
 
 <a name="nested_phone_number"></a>The `phone_number` block supports:

@@ -133,7 +133,7 @@ The following arguments are supported:
 
 * `skip_initial_version_creation` -
   (Optional)
-  If set to true, the request will create a CryptoKey without any CryptoKeyVersions. 
+  If set to true, the request will create a CryptoKey without any CryptoKeyVersions.
   You must use the `google_kms_key_ring_import_job` resource to import the CryptoKeyVersion.
 
 

@@ -28,7 +28,7 @@ was wrapped with the `KeyRingImportJob`'s public key.
 
 ~> **Note:** KeyRingImportJobs cannot be deleted from Google Cloud Platform.
 Destroying a Terraform-managed KeyRingImportJob will remove it from state but
-*will not delete the resource from the project.* 
+*will not delete the resource from the project.*
 
 
 To get more information about KeyRingImportJob, see:

@@ -256,8 +256,8 @@ The following arguments are supported:
 
 * `display_name` -
   (Optional)
-  A concise name for the metric, which can be displayed in user interfaces. Use sentence case 
-  without an ending period, for example "Request count". This field is optional but it is 
+  A concise name for the metric, which can be displayed in user interfaces. Use sentence case
+  without an ending period, for example "Request count". This field is optional but it is
   recommended to be set for any metrics associated with user-visible concepts, such as Quota.
 
 

@@ -102,12 +102,12 @@ The following arguments are supported:
 
 * `service_type` -
   (Optional)
-  The type of service that this basic service defines, e.g. 
+  The type of service that this basic service defines, e.g.
   APP_ENGINE service type
 
 * `service_labels` -
   (Optional)
-  Labels that specify the resource that emits the monitoring data 
+  Labels that specify the resource that emits the monitoring data
   which is used for SLO reporting of this `Service`.
 
 ## Attributes Reference

@@ -138,7 +138,7 @@ The following arguments are supported:
 
 * `tls_inspection_enabled` -
   (Optional)
-  Flag to enable TLS inspection of traffic matching on. Can only be true if the 
+  Flag to enable TLS inspection of traffic matching on. Can only be true if the
   parent GatewaySecurityPolicy references a TLSInspectionConfig.
 
 * `project` - (Optional) The ID of the project in which the resource belongs.

@@ -83,14 +83,14 @@ The following arguments are supported:
 * `ports` -
   (Required)
   One or more port numbers (1-65535), on which the Gateway will receive traffic.
-  The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are 
+  The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are
   limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
 
 * `scope` -
   (Required)
   Immutable. Scope determines how configuration across multiple Gateway instances are merged.
   The configuration for multiple Gateway instances with the same scope will be merged as presented as
-  a single coniguration to the proxy/load balancer. 
+  a single coniguration to the proxy/load balancer.
   Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
 
 * `name` -