diff --git a/.pulumi-java-gen.version b/.pulumi-java-gen.version index 07feb82..47d04a5 100644 --- a/.pulumi-java-gen.version +++ b/.pulumi-java-gen.version @@ -1 +1 @@ -0.17.0 \ No newline at end of file +0.18.0 \ No newline at end of file diff --git a/provider/cmd/pulumi-resource-postgresql/schema.json b/provider/cmd/pulumi-resource-postgresql/schema.json index 4eaa071..d720844 100644 --- a/provider/cmd/pulumi-resource-postgresql/schema.json +++ b/provider/cmd/pulumi-resource-postgresql/schema.json @@ -59,6 +59,10 @@ "type": "string", "description": "AWS profile to use for IAM auth\n" }, + "awsRdsIamProviderRoleArn": { + "type": "string", + "description": "AWS IAM role to assume for IAM auth\n" + }, "awsRdsIamRegion": { "type": "string", "description": "AWS region to use for IAM auth\n" @@ -318,6 +322,10 @@ "type": "string", "description": "AWS profile to use for IAM auth\n" }, + "awsRdsIamProviderRoleArn": { + "type": "string", + "description": "AWS IAM role to assume for IAM auth\n" + }, "awsRdsIamRegion": { "type": "string", "description": "AWS region to use for IAM auth\n" @@ -403,6 +411,10 @@ "type": "string", "description": "AWS profile to use for IAM auth\n" }, + "awsRdsIamProviderRoleArn": { + "type": "string", + "description": "AWS IAM role to assume for IAM auth\n" + }, "awsRdsIamRegion": { "type": "string", "description": "AWS region to use for IAM auth\n" @@ -655,7 +667,7 @@ } }, "postgresql:index/defaultPrivileg:DefaultPrivileg": { - "description": "The ``postgresql.DefaultPrivileges`` resource creates and manages default privileges given to a user for a database schema.\n\n\u003e **Note:** This resource needs Postgresql version 9 or above.\n\n## Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst readOnlyTables = new postgresql.DefaultPrivileges(\"read_only_tables\", {\n role: \"test_role\",\n database: \"test_db\",\n schema: \"public\",\n owner: \"db_owner\",\n objectType: \"table\",\n privileges: [\"SELECT\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nread_only_tables = postgresql.DefaultPrivileges(\"read_only_tables\",\n role=\"test_role\",\n database=\"test_db\",\n schema=\"public\",\n owner=\"db_owner\",\n object_type=\"table\",\n privileges=[\"SELECT\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var readOnlyTables = new PostgreSql.DefaultPrivileges(\"read_only_tables\", new()\n {\n Role = \"test_role\",\n Database = \"test_db\",\n Schema = \"public\",\n Owner = \"db_owner\",\n ObjectType = \"table\",\n Privileges = new[]\n {\n \"SELECT\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"read_only_tables\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tRole: pulumi.String(\"test_role\"),\n\t\t\tDatabase: pulumi.String(\"test_db\"),\n\t\t\tSchema: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"db_owner\"),\n\t\t\tObjectType: pulumi.String(\"table\"),\n\t\t\tPrivileges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var readOnlyTables = new DefaultPrivileges(\"readOnlyTables\", DefaultPrivilegesArgs.builder()\n .role(\"test_role\")\n .database(\"test_db\")\n .schema(\"public\")\n .owner(\"db_owner\")\n .objectType(\"table\")\n .privileges(\"SELECT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n readOnlyTables:\n type: postgresql:DefaultPrivileges\n name: read_only_tables\n properties:\n role: test_role\n database: test_db\n schema: public\n owner: db_owner\n objectType: table\n privileges:\n - SELECT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Examples\n\nRevoke default privileges for functions for \"public\" role:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst revokePublic = new postgresql.DefaultPrivileges(\"revoke_public\", {\n database: exampleDb.name,\n role: \"public\",\n owner: \"object_owner\",\n objectType: \"function\",\n privileges: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nrevoke_public = postgresql.DefaultPrivileges(\"revoke_public\",\n database=example_db[\"name\"],\n role=\"public\",\n owner=\"object_owner\",\n object_type=\"function\",\n privileges=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var revokePublic = new PostgreSql.DefaultPrivileges(\"revoke_public\", new()\n {\n Database = exampleDb.Name,\n Role = \"public\",\n Owner = \"object_owner\",\n ObjectType = \"function\",\n Privileges = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"revoke_public\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tDatabase: pulumi.Any(exampleDb.Name),\n\t\t\tRole: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"object_owner\"),\n\t\t\tObjectType: pulumi.String(\"function\"),\n\t\t\tPrivileges: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var revokePublic = new DefaultPrivileges(\"revokePublic\", DefaultPrivilegesArgs.builder()\n .database(exampleDb.name())\n .role(\"public\")\n .owner(\"object_owner\")\n .objectType(\"function\")\n .privileges()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n revokePublic:\n type: postgresql:DefaultPrivileges\n name: revoke_public\n properties:\n database: ${exampleDb.name}\n role: public\n owner: object_owner\n objectType: function\n privileges: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The ``postgresql.DefaultPrivileges`` resource creates and manages default privileges given to a user for a database schema.\n\n\u003e **Note:** This resource needs Postgresql version 9 or above.\n\n## Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst readOnlyTables = new postgresql.DefaultPrivileges(\"read_only_tables\", {\n role: \"test_role\",\n database: \"test_db\",\n schema: \"public\",\n owner: \"db_owner\",\n objectType: \"table\",\n privileges: [\"SELECT\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nread_only_tables = postgresql.DefaultPrivileges(\"read_only_tables\",\n role=\"test_role\",\n database=\"test_db\",\n schema=\"public\",\n owner=\"db_owner\",\n object_type=\"table\",\n privileges=[\"SELECT\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var readOnlyTables = new PostgreSql.DefaultPrivileges(\"read_only_tables\", new()\n {\n Role = \"test_role\",\n Database = \"test_db\",\n Schema = \"public\",\n Owner = \"db_owner\",\n ObjectType = \"table\",\n Privileges = new[]\n {\n \"SELECT\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"read_only_tables\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tRole: pulumi.String(\"test_role\"),\n\t\t\tDatabase: pulumi.String(\"test_db\"),\n\t\t\tSchema: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"db_owner\"),\n\t\t\tObjectType: pulumi.String(\"table\"),\n\t\t\tPrivileges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var readOnlyTables = new DefaultPrivileges(\"readOnlyTables\", DefaultPrivilegesArgs.builder()\n .role(\"test_role\")\n .database(\"test_db\")\n .schema(\"public\")\n .owner(\"db_owner\")\n .objectType(\"table\")\n .privileges(\"SELECT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n readOnlyTables:\n type: postgresql:DefaultPrivileges\n name: read_only_tables\n properties:\n role: test_role\n database: test_db\n schema: public\n owner: db_owner\n objectType: table\n privileges:\n - SELECT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Examples\n\n### Grant default privileges for tables to \"current_role\" role:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst grantTablePrivileges = new postgresql.DefaultPrivileges(\"grant_table_privileges\", {\n database: exampleDb.name,\n role: \"current_role\",\n owner: \"owner_role\",\n schema: \"public\",\n objectType: \"table\",\n privileges: [\n \"SELECT\",\n \"INSERT\",\n \"UPDATE\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\ngrant_table_privileges = postgresql.DefaultPrivileges(\"grant_table_privileges\",\n database=example_db[\"name\"],\n role=\"current_role\",\n owner=\"owner_role\",\n schema=\"public\",\n object_type=\"table\",\n privileges=[\n \"SELECT\",\n \"INSERT\",\n \"UPDATE\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var grantTablePrivileges = new PostgreSql.DefaultPrivileges(\"grant_table_privileges\", new()\n {\n Database = exampleDb.Name,\n Role = \"current_role\",\n Owner = \"owner_role\",\n Schema = \"public\",\n ObjectType = \"table\",\n Privileges = new[]\n {\n \"SELECT\",\n \"INSERT\",\n \"UPDATE\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"grant_table_privileges\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tDatabase: pulumi.Any(exampleDb.Name),\n\t\t\tRole: pulumi.String(\"current_role\"),\n\t\t\tOwner: pulumi.String(\"owner_role\"),\n\t\t\tSchema: pulumi.String(\"public\"),\n\t\t\tObjectType: pulumi.String(\"table\"),\n\t\t\tPrivileges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t\tpulumi.String(\"INSERT\"),\n\t\t\t\tpulumi.String(\"UPDATE\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var grantTablePrivileges = new DefaultPrivileges(\"grantTablePrivileges\", DefaultPrivilegesArgs.builder()\n .database(exampleDb.name())\n .role(\"current_role\")\n .owner(\"owner_role\")\n .schema(\"public\")\n .objectType(\"table\")\n .privileges( \n \"SELECT\",\n \"INSERT\",\n \"UPDATE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n grantTablePrivileges:\n type: postgresql:DefaultPrivileges\n name: grant_table_privileges\n properties:\n database: ${exampleDb.name}\n role: current_role\n owner: owner_role\n schema: public\n objectType: table\n privileges:\n - SELECT\n - INSERT\n - UPDATE\n```\n\u003c!--End PulumiCodeChooser --\u003e\nWhenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.\n\n### Revoke default privileges for functions for \"public\" role:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst revokePublic = new postgresql.DefaultPrivileges(\"revoke_public\", {\n database: exampleDb.name,\n role: \"public\",\n owner: \"object_owner\",\n objectType: \"function\",\n privileges: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nrevoke_public = postgresql.DefaultPrivileges(\"revoke_public\",\n database=example_db[\"name\"],\n role=\"public\",\n owner=\"object_owner\",\n object_type=\"function\",\n privileges=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var revokePublic = new PostgreSql.DefaultPrivileges(\"revoke_public\", new()\n {\n Database = exampleDb.Name,\n Role = \"public\",\n Owner = \"object_owner\",\n ObjectType = \"function\",\n Privileges = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"revoke_public\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tDatabase: pulumi.Any(exampleDb.Name),\n\t\t\tRole: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"object_owner\"),\n\t\t\tObjectType: pulumi.String(\"function\"),\n\t\t\tPrivileges: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var revokePublic = new DefaultPrivileges(\"revokePublic\", DefaultPrivilegesArgs.builder()\n .database(exampleDb.name())\n .role(\"public\")\n .owner(\"object_owner\")\n .objectType(\"function\")\n .privileges()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n revokePublic:\n type: postgresql:DefaultPrivileges\n name: revoke_public\n properties:\n database: ${exampleDb.name}\n role: public\n owner: object_owner\n objectType: function\n privileges: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "database": { "type": "string", @@ -667,18 +679,18 @@ }, "owner": { "type": "string", - "description": "Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).\n" + "description": "Specifies the role that creates objects for which the default privileges will be applied.\n" }, "privileges": { "type": "array", "items": { "type": "string" }, - "description": "The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.\n" + "description": "List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.\n" }, "role": { "type": "string", - "description": "The name of the role to which grant default privileges on.\n" + "description": "The role that will automatically be granted the specified privileges on new objects created by the owner.\n" }, "schema": { "type": "string", @@ -709,7 +721,7 @@ }, "owner": { "type": "string", - "description": "Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).\n", + "description": "Specifies the role that creates objects for which the default privileges will be applied.\n", "willReplaceOnChanges": true }, "privileges": { @@ -717,11 +729,11 @@ "items": { "type": "string" }, - "description": "The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.\n" + "description": "List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.\n" }, "role": { "type": "string", - "description": "The name of the role to which grant default privileges on.\n", + "description": "The role that will automatically be granted the specified privileges on new objects created by the owner.\n", "willReplaceOnChanges": true }, "schema": { @@ -757,7 +769,7 @@ }, "owner": { "type": "string", - "description": "Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).\n", + "description": "Specifies the role that creates objects for which the default privileges will be applied.\n", "willReplaceOnChanges": true }, "privileges": { @@ -765,11 +777,11 @@ "items": { "type": "string" }, - "description": "The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.\n" + "description": "List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.\n" }, "role": { "type": "string", - "description": "The name of the role to which grant default privileges on.\n", + "description": "The role that will automatically be granted the specified privileges on new objects created by the owner.\n", "willReplaceOnChanges": true }, "schema": { @@ -788,7 +800,7 @@ "deprecationMessage": "postgresql.DefaultPrivileg has been deprecated in favor of postgresql.DefaultPrivileges" }, "postgresql:index/defaultPrivileges:DefaultPrivileges": { - "description": "The ``postgresql.DefaultPrivileges`` resource creates and manages default privileges given to a user for a database schema.\n\n\u003e **Note:** This resource needs Postgresql version 9 or above.\n\n## Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst readOnlyTables = new postgresql.DefaultPrivileges(\"read_only_tables\", {\n role: \"test_role\",\n database: \"test_db\",\n schema: \"public\",\n owner: \"db_owner\",\n objectType: \"table\",\n privileges: [\"SELECT\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nread_only_tables = postgresql.DefaultPrivileges(\"read_only_tables\",\n role=\"test_role\",\n database=\"test_db\",\n schema=\"public\",\n owner=\"db_owner\",\n object_type=\"table\",\n privileges=[\"SELECT\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var readOnlyTables = new PostgreSql.DefaultPrivileges(\"read_only_tables\", new()\n {\n Role = \"test_role\",\n Database = \"test_db\",\n Schema = \"public\",\n Owner = \"db_owner\",\n ObjectType = \"table\",\n Privileges = new[]\n {\n \"SELECT\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"read_only_tables\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tRole: pulumi.String(\"test_role\"),\n\t\t\tDatabase: pulumi.String(\"test_db\"),\n\t\t\tSchema: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"db_owner\"),\n\t\t\tObjectType: pulumi.String(\"table\"),\n\t\t\tPrivileges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var readOnlyTables = new DefaultPrivileges(\"readOnlyTables\", DefaultPrivilegesArgs.builder()\n .role(\"test_role\")\n .database(\"test_db\")\n .schema(\"public\")\n .owner(\"db_owner\")\n .objectType(\"table\")\n .privileges(\"SELECT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n readOnlyTables:\n type: postgresql:DefaultPrivileges\n name: read_only_tables\n properties:\n role: test_role\n database: test_db\n schema: public\n owner: db_owner\n objectType: table\n privileges:\n - SELECT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Examples\n\nRevoke default privileges for functions for \"public\" role:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst revokePublic = new postgresql.DefaultPrivileges(\"revoke_public\", {\n database: exampleDb.name,\n role: \"public\",\n owner: \"object_owner\",\n objectType: \"function\",\n privileges: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nrevoke_public = postgresql.DefaultPrivileges(\"revoke_public\",\n database=example_db[\"name\"],\n role=\"public\",\n owner=\"object_owner\",\n object_type=\"function\",\n privileges=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var revokePublic = new PostgreSql.DefaultPrivileges(\"revoke_public\", new()\n {\n Database = exampleDb.Name,\n Role = \"public\",\n Owner = \"object_owner\",\n ObjectType = \"function\",\n Privileges = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"revoke_public\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tDatabase: pulumi.Any(exampleDb.Name),\n\t\t\tRole: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"object_owner\"),\n\t\t\tObjectType: pulumi.String(\"function\"),\n\t\t\tPrivileges: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var revokePublic = new DefaultPrivileges(\"revokePublic\", DefaultPrivilegesArgs.builder()\n .database(exampleDb.name())\n .role(\"public\")\n .owner(\"object_owner\")\n .objectType(\"function\")\n .privileges()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n revokePublic:\n type: postgresql:DefaultPrivileges\n name: revoke_public\n properties:\n database: ${exampleDb.name}\n role: public\n owner: object_owner\n objectType: function\n privileges: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The ``postgresql.DefaultPrivileges`` resource creates and manages default privileges given to a user for a database schema.\n\n\u003e **Note:** This resource needs Postgresql version 9 or above.\n\n## Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst readOnlyTables = new postgresql.DefaultPrivileges(\"read_only_tables\", {\n role: \"test_role\",\n database: \"test_db\",\n schema: \"public\",\n owner: \"db_owner\",\n objectType: \"table\",\n privileges: [\"SELECT\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nread_only_tables = postgresql.DefaultPrivileges(\"read_only_tables\",\n role=\"test_role\",\n database=\"test_db\",\n schema=\"public\",\n owner=\"db_owner\",\n object_type=\"table\",\n privileges=[\"SELECT\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var readOnlyTables = new PostgreSql.DefaultPrivileges(\"read_only_tables\", new()\n {\n Role = \"test_role\",\n Database = \"test_db\",\n Schema = \"public\",\n Owner = \"db_owner\",\n ObjectType = \"table\",\n Privileges = new[]\n {\n \"SELECT\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"read_only_tables\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tRole: pulumi.String(\"test_role\"),\n\t\t\tDatabase: pulumi.String(\"test_db\"),\n\t\t\tSchema: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"db_owner\"),\n\t\t\tObjectType: pulumi.String(\"table\"),\n\t\t\tPrivileges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var readOnlyTables = new DefaultPrivileges(\"readOnlyTables\", DefaultPrivilegesArgs.builder()\n .role(\"test_role\")\n .database(\"test_db\")\n .schema(\"public\")\n .owner(\"db_owner\")\n .objectType(\"table\")\n .privileges(\"SELECT\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n readOnlyTables:\n type: postgresql:DefaultPrivileges\n name: read_only_tables\n properties:\n role: test_role\n database: test_db\n schema: public\n owner: db_owner\n objectType: table\n privileges:\n - SELECT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Examples\n\n### Grant default privileges for tables to \"current_role\" role:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst grantTablePrivileges = new postgresql.DefaultPrivileges(\"grant_table_privileges\", {\n database: exampleDb.name,\n role: \"current_role\",\n owner: \"owner_role\",\n schema: \"public\",\n objectType: \"table\",\n privileges: [\n \"SELECT\",\n \"INSERT\",\n \"UPDATE\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\ngrant_table_privileges = postgresql.DefaultPrivileges(\"grant_table_privileges\",\n database=example_db[\"name\"],\n role=\"current_role\",\n owner=\"owner_role\",\n schema=\"public\",\n object_type=\"table\",\n privileges=[\n \"SELECT\",\n \"INSERT\",\n \"UPDATE\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var grantTablePrivileges = new PostgreSql.DefaultPrivileges(\"grant_table_privileges\", new()\n {\n Database = exampleDb.Name,\n Role = \"current_role\",\n Owner = \"owner_role\",\n Schema = \"public\",\n ObjectType = \"table\",\n Privileges = new[]\n {\n \"SELECT\",\n \"INSERT\",\n \"UPDATE\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"grant_table_privileges\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tDatabase: pulumi.Any(exampleDb.Name),\n\t\t\tRole: pulumi.String(\"current_role\"),\n\t\t\tOwner: pulumi.String(\"owner_role\"),\n\t\t\tSchema: pulumi.String(\"public\"),\n\t\t\tObjectType: pulumi.String(\"table\"),\n\t\t\tPrivileges: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t\tpulumi.String(\"INSERT\"),\n\t\t\t\tpulumi.String(\"UPDATE\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var grantTablePrivileges = new DefaultPrivileges(\"grantTablePrivileges\", DefaultPrivilegesArgs.builder()\n .database(exampleDb.name())\n .role(\"current_role\")\n .owner(\"owner_role\")\n .schema(\"public\")\n .objectType(\"table\")\n .privileges( \n \"SELECT\",\n \"INSERT\",\n \"UPDATE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n grantTablePrivileges:\n type: postgresql:DefaultPrivileges\n name: grant_table_privileges\n properties:\n database: ${exampleDb.name}\n role: current_role\n owner: owner_role\n schema: public\n objectType: table\n privileges:\n - SELECT\n - INSERT\n - UPDATE\n```\n\u003c!--End PulumiCodeChooser --\u003e\nWhenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.\n\n### Revoke default privileges for functions for \"public\" role:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst revokePublic = new postgresql.DefaultPrivileges(\"revoke_public\", {\n database: exampleDb.name,\n role: \"public\",\n owner: \"object_owner\",\n objectType: \"function\",\n privileges: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nrevoke_public = postgresql.DefaultPrivileges(\"revoke_public\",\n database=example_db[\"name\"],\n role=\"public\",\n owner=\"object_owner\",\n object_type=\"function\",\n privileges=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var revokePublic = new PostgreSql.DefaultPrivileges(\"revoke_public\", new()\n {\n Database = exampleDb.Name,\n Role = \"public\",\n Owner = \"object_owner\",\n ObjectType = \"function\",\n Privileges = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := postgresql.NewDefaultPrivileges(ctx, \"revoke_public\", \u0026postgresql.DefaultPrivilegesArgs{\n\t\t\tDatabase: pulumi.Any(exampleDb.Name),\n\t\t\tRole: pulumi.String(\"public\"),\n\t\t\tOwner: pulumi.String(\"object_owner\"),\n\t\t\tObjectType: pulumi.String(\"function\"),\n\t\t\tPrivileges: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.DefaultPrivileges;\nimport com.pulumi.postgresql.DefaultPrivilegesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var revokePublic = new DefaultPrivileges(\"revokePublic\", DefaultPrivilegesArgs.builder()\n .database(exampleDb.name())\n .role(\"public\")\n .owner(\"object_owner\")\n .objectType(\"function\")\n .privileges()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n revokePublic:\n type: postgresql:DefaultPrivileges\n name: revoke_public\n properties:\n database: ${exampleDb.name}\n role: public\n owner: object_owner\n objectType: function\n privileges: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "database": { "type": "string", @@ -800,18 +812,18 @@ }, "owner": { "type": "string", - "description": "Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).\n" + "description": "Specifies the role that creates objects for which the default privileges will be applied.\n" }, "privileges": { "type": "array", "items": { "type": "string" }, - "description": "The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.\n" + "description": "List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.\n" }, "role": { "type": "string", - "description": "The name of the role to which grant default privileges on.\n" + "description": "The role that will automatically be granted the specified privileges on new objects created by the owner.\n" }, "schema": { "type": "string", @@ -842,7 +854,7 @@ }, "owner": { "type": "string", - "description": "Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).\n", + "description": "Specifies the role that creates objects for which the default privileges will be applied.\n", "willReplaceOnChanges": true }, "privileges": { @@ -850,11 +862,11 @@ "items": { "type": "string" }, - "description": "The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.\n" + "description": "List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.\n" }, "role": { "type": "string", - "description": "The name of the role to which grant default privileges on.\n", + "description": "The role that will automatically be granted the specified privileges on new objects created by the owner.\n", "willReplaceOnChanges": true }, "schema": { @@ -890,7 +902,7 @@ }, "owner": { "type": "string", - "description": "Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).\n", + "description": "Specifies the role that creates objects for which the default privileges will be applied.\n", "willReplaceOnChanges": true }, "privileges": { @@ -898,11 +910,11 @@ "items": { "type": "string" }, - "description": "The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.\n" + "description": "List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.\n" }, "role": { "type": "string", - "description": "The name of the role to which grant default privileges on.\n", + "description": "The role that will automatically be granted the specified privileges on new objects created by the owner.\n", "willReplaceOnChanges": true }, "schema": { @@ -1290,8 +1302,7 @@ "items": { "type": "string" }, - "description": "The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.\n", - "willReplaceOnChanges": true + "description": "The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.\n" }, "role": { "type": "string", @@ -1349,8 +1360,7 @@ "items": { "type": "string" }, - "description": "The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.\n", - "willReplaceOnChanges": true + "description": "The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.\n" }, "role": { "type": "string", @@ -2061,6 +2071,85 @@ "type": "object" } }, + "postgresql:index/securityLabel:SecurityLabel": { + "description": "The ``postgresql.SecurityLabel`` resource creates and manages security labels.\n\nSee [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html)\n\n\u003e **Note:** This resource needs Postgresql version 11 or above.\n\n## Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst myRole = new postgresql.Role(\"my_role\", {\n name: \"my_role\",\n login: true,\n});\nconst workload = new postgresql.SecurityLabel(\"workload\", {\n objectType: \"role\",\n objectName: myRole.name,\n labelProvider: \"pgaadauth\",\n label: \"aadauth,oid=00000000-0000-0000-0000-000000000000,type=service\",\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\nmy_role = postgresql.Role(\"my_role\",\n name=\"my_role\",\n login=True)\nworkload = postgresql.SecurityLabel(\"workload\",\n object_type=\"role\",\n object_name=my_role.name,\n label_provider=\"pgaadauth\",\n label=\"aadauth,oid=00000000-0000-0000-0000-000000000000,type=service\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myRole = new PostgreSql.Role(\"my_role\", new()\n {\n Name = \"my_role\",\n Login = true,\n });\n\n var workload = new PostgreSql.SecurityLabel(\"workload\", new()\n {\n ObjectType = \"role\",\n ObjectName = myRole.Name,\n LabelProvider = \"pgaadauth\",\n Label = \"aadauth,oid=00000000-0000-0000-0000-000000000000,type=service\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyRole, err := postgresql.NewRole(ctx, \"my_role\", \u0026postgresql.RoleArgs{\n\t\t\tName: pulumi.String(\"my_role\"),\n\t\t\tLogin: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = postgresql.NewSecurityLabel(ctx, \"workload\", \u0026postgresql.SecurityLabelArgs{\n\t\t\tObjectType: pulumi.String(\"role\"),\n\t\t\tObjectName: myRole.Name,\n\t\t\tLabelProvider: pulumi.String(\"pgaadauth\"),\n\t\t\tLabel: pulumi.String(\"aadauth,oid=00000000-0000-0000-0000-000000000000,type=service\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.Role;\nimport com.pulumi.postgresql.RoleArgs;\nimport com.pulumi.postgresql.SecurityLabel;\nimport com.pulumi.postgresql.SecurityLabelArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myRole = new Role(\"myRole\", RoleArgs.builder()\n .name(\"my_role\")\n .login(true)\n .build());\n\n var workload = new SecurityLabel(\"workload\", SecurityLabelArgs.builder()\n .objectType(\"role\")\n .objectName(myRole.name())\n .labelProvider(\"pgaadauth\")\n .label(\"aadauth,oid=00000000-0000-0000-0000-000000000000,type=service\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myRole:\n type: postgresql:Role\n name: my_role\n properties:\n name: my_role\n login: true\n workload:\n type: postgresql:SecurityLabel\n properties:\n objectType: role\n objectName: ${myRole.name}\n labelProvider: pgaadauth\n label: aadauth,oid=00000000-0000-0000-0000-000000000000,type=service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nSecurity label is an attribute that can be added multiple times, so no import is needed, simply apply again.\n\n", + "properties": { + "label": { + "type": "string", + "description": "The value of the security label.\n" + }, + "labelProvider": { + "type": "string", + "description": "The name of the provider with which this label is to be associated.\n" + }, + "objectName": { + "type": "string", + "description": "The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.\n" + }, + "objectType": { + "type": "string", + "description": "The PostgreSQL object type to apply this security label to.\n" + } + }, + "required": [ + "label", + "labelProvider", + "objectName", + "objectType" + ], + "inputProperties": { + "label": { + "type": "string", + "description": "The value of the security label.\n" + }, + "labelProvider": { + "type": "string", + "description": "The name of the provider with which this label is to be associated.\n", + "willReplaceOnChanges": true + }, + "objectName": { + "type": "string", + "description": "The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.\n", + "willReplaceOnChanges": true + }, + "objectType": { + "type": "string", + "description": "The PostgreSQL object type to apply this security label to.\n", + "willReplaceOnChanges": true + } + }, + "requiredInputs": [ + "label", + "labelProvider", + "objectName", + "objectType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityLabel resources.\n", + "properties": { + "label": { + "type": "string", + "description": "The value of the security label.\n" + }, + "labelProvider": { + "type": "string", + "description": "The name of the provider with which this label is to be associated.\n", + "willReplaceOnChanges": true + }, + "objectName": { + "type": "string", + "description": "The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.\n", + "willReplaceOnChanges": true + }, + "objectType": { + "type": "string", + "description": "The PostgreSQL object type to apply this security label to.\n", + "willReplaceOnChanges": true + } + }, + "type": "object" + } + }, "postgresql:index/server:Server": { "description": "The ``postgresql.Server`` resource creates and manages a foreign server on a PostgreSQL server.\n\n\n## Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst extPostgresFdw = new postgresql.Extension(\"ext_postgres_fdw\", {name: \"postgres_fdw\"});\nconst myserverPostgres = new postgresql.Server(\"myserver_postgres\", {\n serverName: \"myserver_postgres\",\n fdwName: \"postgres_fdw\",\n options: {\n host: \"foo\",\n dbname: \"foodb\",\n port: \"5432\",\n },\n}, {\n dependsOn: [extPostgresFdw],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\next_postgres_fdw = postgresql.Extension(\"ext_postgres_fdw\", name=\"postgres_fdw\")\nmyserver_postgres = postgresql.Server(\"myserver_postgres\",\n server_name=\"myserver_postgres\",\n fdw_name=\"postgres_fdw\",\n options={\n \"host\": \"foo\",\n \"dbname\": \"foodb\",\n \"port\": \"5432\",\n },\n opts = pulumi.ResourceOptions(depends_on=[ext_postgres_fdw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extPostgresFdw = new PostgreSql.Extension(\"ext_postgres_fdw\", new()\n {\n Name = \"postgres_fdw\",\n });\n\n var myserverPostgres = new PostgreSql.Server(\"myserver_postgres\", new()\n {\n ServerName = \"myserver_postgres\",\n FdwName = \"postgres_fdw\",\n Options = \n {\n { \"host\", \"foo\" },\n { \"dbname\", \"foodb\" },\n { \"port\", \"5432\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n extPostgresFdw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\textPostgresFdw, err := postgresql.NewExtension(ctx, \"ext_postgres_fdw\", \u0026postgresql.ExtensionArgs{\n\t\t\tName: pulumi.String(\"postgres_fdw\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = postgresql.NewServer(ctx, \"myserver_postgres\", \u0026postgresql.ServerArgs{\n\t\t\tServerName: pulumi.String(\"myserver_postgres\"),\n\t\t\tFdwName: pulumi.String(\"postgres_fdw\"),\n\t\t\tOptions: pulumi.StringMap{\n\t\t\t\t\"host\": pulumi.String(\"foo\"),\n\t\t\t\t\"dbname\": pulumi.String(\"foodb\"),\n\t\t\t\t\"port\": pulumi.String(\"5432\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\textPostgresFdw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.Extension;\nimport com.pulumi.postgresql.ExtensionArgs;\nimport com.pulumi.postgresql.Server;\nimport com.pulumi.postgresql.ServerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extPostgresFdw = new Extension(\"extPostgresFdw\", ExtensionArgs.builder()\n .name(\"postgres_fdw\")\n .build());\n\n var myserverPostgres = new Server(\"myserverPostgres\", ServerArgs.builder()\n .serverName(\"myserver_postgres\")\n .fdwName(\"postgres_fdw\")\n .options(Map.ofEntries(\n Map.entry(\"host\", \"foo\"),\n Map.entry(\"dbname\", \"foodb\"),\n Map.entry(\"port\", \"5432\")\n ))\n .build(), CustomResourceOptions.builder()\n .dependsOn(extPostgresFdw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extPostgresFdw:\n type: postgresql:Extension\n name: ext_postgres_fdw\n properties:\n name: postgres_fdw\n myserverPostgres:\n type: postgresql:Server\n name: myserver_postgres\n properties:\n serverName: myserver_postgres\n fdwName: postgres_fdw\n options:\n host: foo\n dbname: foodb\n port: '5432'\n options:\n dependson:\n - ${extPostgresFdw}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as postgresql from \"@pulumi/postgresql\";\n\nconst extFileFdw = new postgresql.Extension(\"ext_file_fdw\", {name: \"file_fdw\"});\nconst myserverFile = new postgresql.Server(\"myserver_file\", {\n serverName: \"myserver_file\",\n fdwName: \"file_fdw\",\n}, {\n dependsOn: [extFileFdw],\n});\n```\n```python\nimport pulumi\nimport pulumi_postgresql as postgresql\n\next_file_fdw = postgresql.Extension(\"ext_file_fdw\", name=\"file_fdw\")\nmyserver_file = postgresql.Server(\"myserver_file\",\n server_name=\"myserver_file\",\n fdw_name=\"file_fdw\",\n opts = pulumi.ResourceOptions(depends_on=[ext_file_fdw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing PostgreSql = Pulumi.PostgreSql;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extFileFdw = new PostgreSql.Extension(\"ext_file_fdw\", new()\n {\n Name = \"file_fdw\",\n });\n\n var myserverFile = new PostgreSql.Server(\"myserver_file\", new()\n {\n ServerName = \"myserver_file\",\n FdwName = \"file_fdw\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n extFileFdw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\textFileFdw, err := postgresql.NewExtension(ctx, \"ext_file_fdw\", \u0026postgresql.ExtensionArgs{\n\t\t\tName: pulumi.String(\"file_fdw\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = postgresql.NewServer(ctx, \"myserver_file\", \u0026postgresql.ServerArgs{\n\t\t\tServerName: pulumi.String(\"myserver_file\"),\n\t\t\tFdwName: pulumi.String(\"file_fdw\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\textFileFdw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.postgresql.Extension;\nimport com.pulumi.postgresql.ExtensionArgs;\nimport com.pulumi.postgresql.Server;\nimport com.pulumi.postgresql.ServerArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extFileFdw = new Extension(\"extFileFdw\", ExtensionArgs.builder()\n .name(\"file_fdw\")\n .build());\n\n var myserverFile = new Server(\"myserverFile\", ServerArgs.builder()\n .serverName(\"myserver_file\")\n .fdwName(\"file_fdw\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(extFileFdw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extFileFdw:\n type: postgresql:Extension\n name: ext_file_fdw\n properties:\n name: file_fdw\n myserverFile:\n type: postgresql:Server\n name: myserver_file\n properties:\n serverName: myserver_file\n fdwName: file_fdw\n options:\n dependson:\n - ${extFileFdw}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { diff --git a/sdk/dotnet/Config/Config.cs b/sdk/dotnet/Config/Config.cs index ce2ade4..ae0f703 100644 --- a/sdk/dotnet/Config/Config.cs +++ b/sdk/dotnet/Config/Config.cs @@ -53,6 +53,16 @@ public static string? AwsRdsIamProfile set => _awsRdsIamProfile.Set(value); } + private static readonly __Value _awsRdsIamProviderRoleArn = new __Value(() => __config.Get("awsRdsIamProviderRoleArn")); + /// + /// AWS IAM role to assume for IAM auth + /// + public static string? AwsRdsIamProviderRoleArn + { + get => _awsRdsIamProviderRoleArn.Get(); + set => _awsRdsIamProviderRoleArn.Set(value); + } + private static readonly __Value _awsRdsIamRegion = new __Value(() => __config.Get("awsRdsIamRegion")); /// /// AWS region to use for IAM auth diff --git a/sdk/dotnet/DefaultPrivileg.cs b/sdk/dotnet/DefaultPrivileg.cs index 3d885ee..702fa91 100644 --- a/sdk/dotnet/DefaultPrivileg.cs +++ b/sdk/dotnet/DefaultPrivileg.cs @@ -42,7 +42,36 @@ namespace Pulumi.PostgreSql /// /// ## Examples /// - /// Revoke default privileges for functions for "public" role: + /// ### Grant default privileges for tables to "current_role" role: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using PostgreSql = Pulumi.PostgreSql; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var grantTablePrivileges = new PostgreSql.DefaultPrivileges("grant_table_privileges", new() + /// { + /// Database = exampleDb.Name, + /// Role = "current_role", + /// Owner = "owner_role", + /// Schema = "public", + /// ObjectType = "table", + /// Privileges = new[] + /// { + /// "SELECT", + /// "INSERT", + /// "UPDATE", + /// }, + /// }); + /// + /// }); + /// ``` + /// Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table. + /// + /// ### Revoke default privileges for functions for "public" role: /// /// ```csharp /// using System.Collections.Generic; @@ -81,19 +110,19 @@ public partial class DefaultPrivileg : global::Pulumi.CustomResource public Output ObjectType { get; private set; } = null!; /// - /// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + /// Specifies the role that creates objects for which the default privileges will be applied. /// [Output("owner")] public Output Owner { get; private set; } = null!; /// - /// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + /// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. /// [Output("privileges")] public Output> Privileges { get; private set; } = null!; /// - /// The name of the role to which grant default privileges on. + /// The role that will automatically be granted the specified privileges on new objects created by the owner. /// [Output("role")] public Output Role { get; private set; } = null!; @@ -169,7 +198,7 @@ public sealed class DefaultPrivilegArgs : global::Pulumi.ResourceArgs public Input ObjectType { get; set; } = null!; /// - /// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + /// Specifies the role that creates objects for which the default privileges will be applied. /// [Input("owner", required: true)] public Input Owner { get; set; } = null!; @@ -178,7 +207,7 @@ public sealed class DefaultPrivilegArgs : global::Pulumi.ResourceArgs private InputList? _privileges; /// - /// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + /// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. /// public InputList Privileges { @@ -187,7 +216,7 @@ public InputList Privileges } /// - /// The name of the role to which grant default privileges on. + /// The role that will automatically be granted the specified privileges on new objects created by the owner. /// [Input("role", required: true)] public Input Role { get; set; } = null!; @@ -225,7 +254,7 @@ public sealed class DefaultPrivilegState : global::Pulumi.ResourceArgs public Input? ObjectType { get; set; } /// - /// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + /// Specifies the role that creates objects for which the default privileges will be applied. /// [Input("owner")] public Input? Owner { get; set; } @@ -234,7 +263,7 @@ public sealed class DefaultPrivilegState : global::Pulumi.ResourceArgs private InputList? _privileges; /// - /// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + /// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. /// public InputList Privileges { @@ -243,7 +272,7 @@ public InputList Privileges } /// - /// The name of the role to which grant default privileges on. + /// The role that will automatically be granted the specified privileges on new objects created by the owner. /// [Input("role")] public Input? Role { get; set; } diff --git a/sdk/dotnet/DefaultPrivileges.cs b/sdk/dotnet/DefaultPrivileges.cs index 02dd173..011fdd8 100644 --- a/sdk/dotnet/DefaultPrivileges.cs +++ b/sdk/dotnet/DefaultPrivileges.cs @@ -42,7 +42,36 @@ namespace Pulumi.PostgreSql /// /// ## Examples /// - /// Revoke default privileges for functions for "public" role: + /// ### Grant default privileges for tables to "current_role" role: + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using PostgreSql = Pulumi.PostgreSql; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var grantTablePrivileges = new PostgreSql.DefaultPrivileges("grant_table_privileges", new() + /// { + /// Database = exampleDb.Name, + /// Role = "current_role", + /// Owner = "owner_role", + /// Schema = "public", + /// ObjectType = "table", + /// Privileges = new[] + /// { + /// "SELECT", + /// "INSERT", + /// "UPDATE", + /// }, + /// }); + /// + /// }); + /// ``` + /// Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table. + /// + /// ### Revoke default privileges for functions for "public" role: /// /// ```csharp /// using System.Collections.Generic; @@ -80,19 +109,19 @@ public partial class DefaultPrivileges : global::Pulumi.CustomResource public Output ObjectType { get; private set; } = null!; /// - /// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + /// Specifies the role that creates objects for which the default privileges will be applied. /// [Output("owner")] public Output Owner { get; private set; } = null!; /// - /// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + /// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. /// [Output("privileges")] public Output> Privileges { get; private set; } = null!; /// - /// The name of the role to which grant default privileges on. + /// The role that will automatically be granted the specified privileges on new objects created by the owner. /// [Output("role")] public Output Role { get; private set; } = null!; @@ -172,7 +201,7 @@ public sealed class DefaultPrivilegesArgs : global::Pulumi.ResourceArgs public Input ObjectType { get; set; } = null!; /// - /// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + /// Specifies the role that creates objects for which the default privileges will be applied. /// [Input("owner", required: true)] public Input Owner { get; set; } = null!; @@ -181,7 +210,7 @@ public sealed class DefaultPrivilegesArgs : global::Pulumi.ResourceArgs private InputList? _privileges; /// - /// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + /// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. /// public InputList Privileges { @@ -190,7 +219,7 @@ public InputList Privileges } /// - /// The name of the role to which grant default privileges on. + /// The role that will automatically be granted the specified privileges on new objects created by the owner. /// [Input("role", required: true)] public Input Role { get; set; } = null!; @@ -228,7 +257,7 @@ public sealed class DefaultPrivilegesState : global::Pulumi.ResourceArgs public Input? ObjectType { get; set; } /// - /// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + /// Specifies the role that creates objects for which the default privileges will be applied. /// [Input("owner")] public Input? Owner { get; set; } @@ -237,7 +266,7 @@ public sealed class DefaultPrivilegesState : global::Pulumi.ResourceArgs private InputList? _privileges; /// - /// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + /// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. /// public InputList Privileges { @@ -246,7 +275,7 @@ public InputList Privileges } /// - /// The name of the role to which grant default privileges on. + /// The role that will automatically be granted the specified privileges on new objects created by the owner. /// [Input("role")] public Input? Role { get; set; } diff --git a/sdk/dotnet/Provider.cs b/sdk/dotnet/Provider.cs index 15b35f1..fa3c7cb 100644 --- a/sdk/dotnet/Provider.cs +++ b/sdk/dotnet/Provider.cs @@ -24,6 +24,12 @@ public partial class Provider : global::Pulumi.ProviderResource [Output("awsRdsIamProfile")] public Output AwsRdsIamProfile { get; private set; } = null!; + /// + /// AWS IAM role to assume for IAM auth + /// + [Output("awsRdsIamProviderRoleArn")] + public Output AwsRdsIamProviderRoleArn { get; private set; } = null!; + /// /// AWS region to use for IAM auth /// @@ -139,6 +145,12 @@ public sealed class ProviderArgs : global::Pulumi.ResourceArgs [Input("awsRdsIamProfile")] public Input? AwsRdsIamProfile { get; set; } + /// + /// AWS IAM role to assume for IAM auth + /// + [Input("awsRdsIamProviderRoleArn")] + public Input? AwsRdsIamProviderRoleArn { get; set; } + /// /// AWS region to use for IAM auth /// diff --git a/sdk/dotnet/SecurityLabel.cs b/sdk/dotnet/SecurityLabel.cs new file mode 100644 index 0000000..ef58db1 --- /dev/null +++ b/sdk/dotnet/SecurityLabel.cs @@ -0,0 +1,184 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.PostgreSql +{ + /// + /// The ``postgresql.SecurityLabel`` resource creates and manages security labels. + /// + /// See [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html) + /// + /// > **Note:** This resource needs Postgresql version 11 or above. + /// + /// ## Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using PostgreSql = Pulumi.PostgreSql; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var myRole = new PostgreSql.Role("my_role", new() + /// { + /// Name = "my_role", + /// Login = true, + /// }); + /// + /// var workload = new PostgreSql.SecurityLabel("workload", new() + /// { + /// ObjectType = "role", + /// ObjectName = myRole.Name, + /// LabelProvider = "pgaadauth", + /// Label = "aadauth,oid=00000000-0000-0000-0000-000000000000,type=service", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// Security label is an attribute that can be added multiple times, so no import is needed, simply apply again. + /// + [PostgreSqlResourceType("postgresql:index/securityLabel:SecurityLabel")] + public partial class SecurityLabel : global::Pulumi.CustomResource + { + /// + /// The value of the security label. + /// + [Output("label")] + public Output Label { get; private set; } = null!; + + /// + /// The name of the provider with which this label is to be associated. + /// + [Output("labelProvider")] + public Output LabelProvider { get; private set; } = null!; + + /// + /// The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + /// + [Output("objectName")] + public Output ObjectName { get; private set; } = null!; + + /// + /// The PostgreSQL object type to apply this security label to. + /// + [Output("objectType")] + public Output ObjectType { get; private set; } = null!; + + + /// + /// Create a SecurityLabel resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SecurityLabel(string name, SecurityLabelArgs args, CustomResourceOptions? options = null) + : base("postgresql:index/securityLabel:SecurityLabel", name, args ?? new SecurityLabelArgs(), MakeResourceOptions(options, "")) + { + } + + private SecurityLabel(string name, Input id, SecurityLabelState? state = null, CustomResourceOptions? options = null) + : base("postgresql:index/securityLabel:SecurityLabel", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SecurityLabel resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SecurityLabel Get(string name, Input id, SecurityLabelState? state = null, CustomResourceOptions? options = null) + { + return new SecurityLabel(name, id, state, options); + } + } + + public sealed class SecurityLabelArgs : global::Pulumi.ResourceArgs + { + /// + /// The value of the security label. + /// + [Input("label", required: true)] + public Input Label { get; set; } = null!; + + /// + /// The name of the provider with which this label is to be associated. + /// + [Input("labelProvider", required: true)] + public Input LabelProvider { get; set; } = null!; + + /// + /// The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + /// + [Input("objectName", required: true)] + public Input ObjectName { get; set; } = null!; + + /// + /// The PostgreSQL object type to apply this security label to. + /// + [Input("objectType", required: true)] + public Input ObjectType { get; set; } = null!; + + public SecurityLabelArgs() + { + } + public static new SecurityLabelArgs Empty => new SecurityLabelArgs(); + } + + public sealed class SecurityLabelState : global::Pulumi.ResourceArgs + { + /// + /// The value of the security label. + /// + [Input("label")] + public Input? Label { get; set; } + + /// + /// The name of the provider with which this label is to be associated. + /// + [Input("labelProvider")] + public Input? LabelProvider { get; set; } + + /// + /// The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + /// + [Input("objectName")] + public Input? ObjectName { get; set; } + + /// + /// The PostgreSQL object type to apply this security label to. + /// + [Input("objectType")] + public Input? ObjectType { get; set; } + + public SecurityLabelState() + { + } + public static new SecurityLabelState Empty => new SecurityLabelState(); + } +} diff --git a/sdk/go/postgresql/config/config.go b/sdk/go/postgresql/config/config.go index e141165..54054cb 100644 --- a/sdk/go/postgresql/config/config.go +++ b/sdk/go/postgresql/config/config.go @@ -22,6 +22,11 @@ func GetAwsRdsIamProfile(ctx *pulumi.Context) string { return config.Get(ctx, "postgresql:awsRdsIamProfile") } +// AWS IAM role to assume for IAM auth +func GetAwsRdsIamProviderRoleArn(ctx *pulumi.Context) string { + return config.Get(ctx, "postgresql:awsRdsIamProviderRoleArn") +} + // AWS region to use for IAM auth func GetAwsRdsIamRegion(ctx *pulumi.Context) string { return config.Get(ctx, "postgresql:awsRdsIamRegion") diff --git a/sdk/go/postgresql/defaultPrivileg.go b/sdk/go/postgresql/defaultPrivileg.go index f5eb7a7..6057196 100644 --- a/sdk/go/postgresql/defaultPrivileg.go +++ b/sdk/go/postgresql/defaultPrivileg.go @@ -51,7 +51,43 @@ import ( // // ## Examples // -// Revoke default privileges for functions for "public" role: +// ### Grant default privileges for tables to "currentRole" role: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := postgresql.NewDefaultPrivileges(ctx, "grant_table_privileges", &postgresql.DefaultPrivilegesArgs{ +// Database: pulumi.Any(exampleDb.Name), +// Role: pulumi.String("current_role"), +// Owner: pulumi.String("owner_role"), +// Schema: pulumi.String("public"), +// ObjectType: pulumi.String("table"), +// Privileges: pulumi.StringArray{ +// pulumi.String("SELECT"), +// pulumi.String("INSERT"), +// pulumi.String("UPDATE"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// Whenever the `ownerRole` creates a new table in the `public` schema, the `currentRole` is automatically granted SELECT, INSERT, and UPDATE privileges on that table. +// +// ### Revoke default privileges for functions for "public" role: // // ```go // package main @@ -89,11 +125,11 @@ type DefaultPrivileg struct { Database pulumi.StringOutput `pulumi:"database"` // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType pulumi.StringOutput `pulumi:"objectType"` - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner pulumi.StringOutput `pulumi:"owner"` - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges pulumi.StringArrayOutput `pulumi:"privileges"` - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role pulumi.StringOutput `pulumi:"role"` // The database schema to set default privileges for this role. Schema pulumi.StringPtrOutput `pulumi:"schema"` @@ -150,11 +186,11 @@ type defaultPrivilegState struct { Database *string `pulumi:"database"` // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType *string `pulumi:"objectType"` - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner *string `pulumi:"owner"` - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges []string `pulumi:"privileges"` - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role *string `pulumi:"role"` // The database schema to set default privileges for this role. Schema *string `pulumi:"schema"` @@ -167,11 +203,11 @@ type DefaultPrivilegState struct { Database pulumi.StringPtrInput // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType pulumi.StringPtrInput - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner pulumi.StringPtrInput - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges pulumi.StringArrayInput - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role pulumi.StringPtrInput // The database schema to set default privileges for this role. Schema pulumi.StringPtrInput @@ -188,11 +224,11 @@ type defaultPrivilegArgs struct { Database string `pulumi:"database"` // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType string `pulumi:"objectType"` - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner string `pulumi:"owner"` - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges []string `pulumi:"privileges"` - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role string `pulumi:"role"` // The database schema to set default privileges for this role. Schema *string `pulumi:"schema"` @@ -206,11 +242,11 @@ type DefaultPrivilegArgs struct { Database pulumi.StringInput // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType pulumi.StringInput - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner pulumi.StringInput - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges pulumi.StringArrayInput - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role pulumi.StringInput // The database schema to set default privileges for this role. Schema pulumi.StringPtrInput @@ -315,17 +351,17 @@ func (o DefaultPrivilegOutput) ObjectType() pulumi.StringOutput { return o.ApplyT(func(v *DefaultPrivileg) pulumi.StringOutput { return v.ObjectType }).(pulumi.StringOutput) } -// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). +// Specifies the role that creates objects for which the default privileges will be applied. func (o DefaultPrivilegOutput) Owner() pulumi.StringOutput { return o.ApplyT(func(v *DefaultPrivileg) pulumi.StringOutput { return v.Owner }).(pulumi.StringOutput) } -// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. +// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. func (o DefaultPrivilegOutput) Privileges() pulumi.StringArrayOutput { return o.ApplyT(func(v *DefaultPrivileg) pulumi.StringArrayOutput { return v.Privileges }).(pulumi.StringArrayOutput) } -// The name of the role to which grant default privileges on. +// The role that will automatically be granted the specified privileges on new objects created by the owner. func (o DefaultPrivilegOutput) Role() pulumi.StringOutput { return o.ApplyT(func(v *DefaultPrivileg) pulumi.StringOutput { return v.Role }).(pulumi.StringOutput) } diff --git a/sdk/go/postgresql/defaultPrivileges.go b/sdk/go/postgresql/defaultPrivileges.go index b452ed5..611e489 100644 --- a/sdk/go/postgresql/defaultPrivileges.go +++ b/sdk/go/postgresql/defaultPrivileges.go @@ -51,7 +51,43 @@ import ( // // ## Examples // -// Revoke default privileges for functions for "public" role: +// ### Grant default privileges for tables to "currentRole" role: +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := postgresql.NewDefaultPrivileges(ctx, "grant_table_privileges", &postgresql.DefaultPrivilegesArgs{ +// Database: pulumi.Any(exampleDb.Name), +// Role: pulumi.String("current_role"), +// Owner: pulumi.String("owner_role"), +// Schema: pulumi.String("public"), +// ObjectType: pulumi.String("table"), +// Privileges: pulumi.StringArray{ +// pulumi.String("SELECT"), +// pulumi.String("INSERT"), +// pulumi.String("UPDATE"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// Whenever the `ownerRole` creates a new table in the `public` schema, the `currentRole` is automatically granted SELECT, INSERT, and UPDATE privileges on that table. +// +// ### Revoke default privileges for functions for "public" role: // // ```go // package main @@ -87,11 +123,11 @@ type DefaultPrivileges struct { Database pulumi.StringOutput `pulumi:"database"` // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType pulumi.StringOutput `pulumi:"objectType"` - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner pulumi.StringOutput `pulumi:"owner"` - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges pulumi.StringArrayOutput `pulumi:"privileges"` - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role pulumi.StringOutput `pulumi:"role"` // The database schema to set default privileges for this role. Schema pulumi.StringPtrOutput `pulumi:"schema"` @@ -154,11 +190,11 @@ type defaultPrivilegesState struct { Database *string `pulumi:"database"` // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType *string `pulumi:"objectType"` - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner *string `pulumi:"owner"` - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges []string `pulumi:"privileges"` - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role *string `pulumi:"role"` // The database schema to set default privileges for this role. Schema *string `pulumi:"schema"` @@ -171,11 +207,11 @@ type DefaultPrivilegesState struct { Database pulumi.StringPtrInput // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType pulumi.StringPtrInput - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner pulumi.StringPtrInput - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges pulumi.StringArrayInput - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role pulumi.StringPtrInput // The database schema to set default privileges for this role. Schema pulumi.StringPtrInput @@ -192,11 +228,11 @@ type defaultPrivilegesArgs struct { Database string `pulumi:"database"` // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType string `pulumi:"objectType"` - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner string `pulumi:"owner"` - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges []string `pulumi:"privileges"` - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role string `pulumi:"role"` // The database schema to set default privileges for this role. Schema *string `pulumi:"schema"` @@ -210,11 +246,11 @@ type DefaultPrivilegesArgs struct { Database pulumi.StringInput // The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema). ObjectType pulumi.StringInput - // Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). + // Specifies the role that creates objects for which the default privileges will be applied. Owner pulumi.StringInput - // The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. + // List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. Privileges pulumi.StringArrayInput - // The name of the role to which grant default privileges on. + // The role that will automatically be granted the specified privileges on new objects created by the owner. Role pulumi.StringInput // The database schema to set default privileges for this role. Schema pulumi.StringPtrInput @@ -319,17 +355,17 @@ func (o DefaultPrivilegesOutput) ObjectType() pulumi.StringOutput { return o.ApplyT(func(v *DefaultPrivileges) pulumi.StringOutput { return v.ObjectType }).(pulumi.StringOutput) } -// Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of). +// Specifies the role that creates objects for which the default privileges will be applied. func (o DefaultPrivilegesOutput) Owner() pulumi.StringOutput { return o.ApplyT(func(v *DefaultPrivileges) pulumi.StringOutput { return v.Owner }).(pulumi.StringOutput) } -// The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role. +// List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role. func (o DefaultPrivilegesOutput) Privileges() pulumi.StringArrayOutput { return o.ApplyT(func(v *DefaultPrivileges) pulumi.StringArrayOutput { return v.Privileges }).(pulumi.StringArrayOutput) } -// The name of the role to which grant default privileges on. +// The role that will automatically be granted the specified privileges on new objects created by the owner. func (o DefaultPrivilegesOutput) Role() pulumi.StringOutput { return o.ApplyT(func(v *DefaultPrivileges) pulumi.StringOutput { return v.Role }).(pulumi.StringOutput) } diff --git a/sdk/go/postgresql/init.go b/sdk/go/postgresql/init.go index 624a10a..843978d 100644 --- a/sdk/go/postgresql/init.go +++ b/sdk/go/postgresql/init.go @@ -45,6 +45,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &Role{} case "postgresql:index/schema:Schema": r = &Schema{} + case "postgresql:index/securityLabel:SecurityLabel": + r = &SecurityLabel{} case "postgresql:index/server:Server": r = &Server{} case "postgresql:index/subscription:Subscription": @@ -142,6 +144,11 @@ func init() { "index/schema", &module{version}, ) + pulumi.RegisterResourceModule( + "postgresql", + "index/securityLabel", + &module{version}, + ) pulumi.RegisterResourceModule( "postgresql", "index/server", diff --git a/sdk/go/postgresql/provider.go b/sdk/go/postgresql/provider.go index 51bb0a8..e79e038 100644 --- a/sdk/go/postgresql/provider.go +++ b/sdk/go/postgresql/provider.go @@ -20,6 +20,8 @@ type Provider struct { // AWS profile to use for IAM auth AwsRdsIamProfile pulumi.StringPtrOutput `pulumi:"awsRdsIamProfile"` + // AWS IAM role to assume for IAM auth + AwsRdsIamProviderRoleArn pulumi.StringPtrOutput `pulumi:"awsRdsIamProviderRoleArn"` // AWS region to use for IAM auth AwsRdsIamRegion pulumi.StringPtrOutput `pulumi:"awsRdsIamRegion"` AzureTenantId pulumi.StringPtrOutput `pulumi:"azureTenantId"` @@ -86,6 +88,8 @@ type providerArgs struct { AwsRdsIamAuth *bool `pulumi:"awsRdsIamAuth"` // AWS profile to use for IAM auth AwsRdsIamProfile *string `pulumi:"awsRdsIamProfile"` + // AWS IAM role to assume for IAM auth + AwsRdsIamProviderRoleArn *string `pulumi:"awsRdsIamProviderRoleArn"` // AWS region to use for IAM auth AwsRdsIamRegion *string `pulumi:"awsRdsIamRegion"` // Use MS Azure identity OAuth token (see: @@ -134,6 +138,8 @@ type ProviderArgs struct { AwsRdsIamAuth pulumi.BoolPtrInput // AWS profile to use for IAM auth AwsRdsIamProfile pulumi.StringPtrInput + // AWS IAM role to assume for IAM auth + AwsRdsIamProviderRoleArn pulumi.StringPtrInput // AWS region to use for IAM auth AwsRdsIamRegion pulumi.StringPtrInput // Use MS Azure identity OAuth token (see: @@ -217,6 +223,11 @@ func (o ProviderOutput) AwsRdsIamProfile() pulumi.StringPtrOutput { return o.ApplyT(func(v *Provider) pulumi.StringPtrOutput { return v.AwsRdsIamProfile }).(pulumi.StringPtrOutput) } +// AWS IAM role to assume for IAM auth +func (o ProviderOutput) AwsRdsIamProviderRoleArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Provider) pulumi.StringPtrOutput { return v.AwsRdsIamProviderRoleArn }).(pulumi.StringPtrOutput) +} + // AWS region to use for IAM auth func (o ProviderOutput) AwsRdsIamRegion() pulumi.StringPtrOutput { return o.ApplyT(func(v *Provider) pulumi.StringPtrOutput { return v.AwsRdsIamRegion }).(pulumi.StringPtrOutput) diff --git a/sdk/go/postgresql/securityLabel.go b/sdk/go/postgresql/securityLabel.go new file mode 100644 index 0000000..733e83b --- /dev/null +++ b/sdk/go/postgresql/securityLabel.go @@ -0,0 +1,317 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package postgresql + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// The “SecurityLabel“ resource creates and manages security labels. +// +// See [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html) +// +// > **Note:** This resource needs Postgresql version 11 or above. +// +// ## Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// myRole, err := postgresql.NewRole(ctx, "my_role", &postgresql.RoleArgs{ +// Name: pulumi.String("my_role"), +// Login: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = postgresql.NewSecurityLabel(ctx, "workload", &postgresql.SecurityLabelArgs{ +// ObjectType: pulumi.String("role"), +// ObjectName: myRole.Name, +// LabelProvider: pulumi.String("pgaadauth"), +// Label: pulumi.String("aadauth,oid=00000000-0000-0000-0000-000000000000,type=service"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// Security label is an attribute that can be added multiple times, so no import is needed, simply apply again. +type SecurityLabel struct { + pulumi.CustomResourceState + + // The value of the security label. + Label pulumi.StringOutput `pulumi:"label"` + // The name of the provider with which this label is to be associated. + LabelProvider pulumi.StringOutput `pulumi:"labelProvider"` + // The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + ObjectName pulumi.StringOutput `pulumi:"objectName"` + // The PostgreSQL object type to apply this security label to. + ObjectType pulumi.StringOutput `pulumi:"objectType"` +} + +// NewSecurityLabel registers a new resource with the given unique name, arguments, and options. +func NewSecurityLabel(ctx *pulumi.Context, + name string, args *SecurityLabelArgs, opts ...pulumi.ResourceOption) (*SecurityLabel, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Label == nil { + return nil, errors.New("invalid value for required argument 'Label'") + } + if args.LabelProvider == nil { + return nil, errors.New("invalid value for required argument 'LabelProvider'") + } + if args.ObjectName == nil { + return nil, errors.New("invalid value for required argument 'ObjectName'") + } + if args.ObjectType == nil { + return nil, errors.New("invalid value for required argument 'ObjectType'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource SecurityLabel + err := ctx.RegisterResource("postgresql:index/securityLabel:SecurityLabel", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSecurityLabel gets an existing SecurityLabel resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSecurityLabel(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SecurityLabelState, opts ...pulumi.ResourceOption) (*SecurityLabel, error) { + var resource SecurityLabel + err := ctx.ReadResource("postgresql:index/securityLabel:SecurityLabel", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SecurityLabel resources. +type securityLabelState struct { + // The value of the security label. + Label *string `pulumi:"label"` + // The name of the provider with which this label is to be associated. + LabelProvider *string `pulumi:"labelProvider"` + // The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + ObjectName *string `pulumi:"objectName"` + // The PostgreSQL object type to apply this security label to. + ObjectType *string `pulumi:"objectType"` +} + +type SecurityLabelState struct { + // The value of the security label. + Label pulumi.StringPtrInput + // The name of the provider with which this label is to be associated. + LabelProvider pulumi.StringPtrInput + // The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + ObjectName pulumi.StringPtrInput + // The PostgreSQL object type to apply this security label to. + ObjectType pulumi.StringPtrInput +} + +func (SecurityLabelState) ElementType() reflect.Type { + return reflect.TypeOf((*securityLabelState)(nil)).Elem() +} + +type securityLabelArgs struct { + // The value of the security label. + Label string `pulumi:"label"` + // The name of the provider with which this label is to be associated. + LabelProvider string `pulumi:"labelProvider"` + // The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + ObjectName string `pulumi:"objectName"` + // The PostgreSQL object type to apply this security label to. + ObjectType string `pulumi:"objectType"` +} + +// The set of arguments for constructing a SecurityLabel resource. +type SecurityLabelArgs struct { + // The value of the security label. + Label pulumi.StringInput + // The name of the provider with which this label is to be associated. + LabelProvider pulumi.StringInput + // The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. + ObjectName pulumi.StringInput + // The PostgreSQL object type to apply this security label to. + ObjectType pulumi.StringInput +} + +func (SecurityLabelArgs) ElementType() reflect.Type { + return reflect.TypeOf((*securityLabelArgs)(nil)).Elem() +} + +type SecurityLabelInput interface { + pulumi.Input + + ToSecurityLabelOutput() SecurityLabelOutput + ToSecurityLabelOutputWithContext(ctx context.Context) SecurityLabelOutput +} + +func (*SecurityLabel) ElementType() reflect.Type { + return reflect.TypeOf((**SecurityLabel)(nil)).Elem() +} + +func (i *SecurityLabel) ToSecurityLabelOutput() SecurityLabelOutput { + return i.ToSecurityLabelOutputWithContext(context.Background()) +} + +func (i *SecurityLabel) ToSecurityLabelOutputWithContext(ctx context.Context) SecurityLabelOutput { + return pulumi.ToOutputWithContext(ctx, i).(SecurityLabelOutput) +} + +// SecurityLabelArrayInput is an input type that accepts SecurityLabelArray and SecurityLabelArrayOutput values. +// You can construct a concrete instance of `SecurityLabelArrayInput` via: +// +// SecurityLabelArray{ SecurityLabelArgs{...} } +type SecurityLabelArrayInput interface { + pulumi.Input + + ToSecurityLabelArrayOutput() SecurityLabelArrayOutput + ToSecurityLabelArrayOutputWithContext(context.Context) SecurityLabelArrayOutput +} + +type SecurityLabelArray []SecurityLabelInput + +func (SecurityLabelArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SecurityLabel)(nil)).Elem() +} + +func (i SecurityLabelArray) ToSecurityLabelArrayOutput() SecurityLabelArrayOutput { + return i.ToSecurityLabelArrayOutputWithContext(context.Background()) +} + +func (i SecurityLabelArray) ToSecurityLabelArrayOutputWithContext(ctx context.Context) SecurityLabelArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SecurityLabelArrayOutput) +} + +// SecurityLabelMapInput is an input type that accepts SecurityLabelMap and SecurityLabelMapOutput values. +// You can construct a concrete instance of `SecurityLabelMapInput` via: +// +// SecurityLabelMap{ "key": SecurityLabelArgs{...} } +type SecurityLabelMapInput interface { + pulumi.Input + + ToSecurityLabelMapOutput() SecurityLabelMapOutput + ToSecurityLabelMapOutputWithContext(context.Context) SecurityLabelMapOutput +} + +type SecurityLabelMap map[string]SecurityLabelInput + +func (SecurityLabelMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SecurityLabel)(nil)).Elem() +} + +func (i SecurityLabelMap) ToSecurityLabelMapOutput() SecurityLabelMapOutput { + return i.ToSecurityLabelMapOutputWithContext(context.Background()) +} + +func (i SecurityLabelMap) ToSecurityLabelMapOutputWithContext(ctx context.Context) SecurityLabelMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SecurityLabelMapOutput) +} + +type SecurityLabelOutput struct{ *pulumi.OutputState } + +func (SecurityLabelOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SecurityLabel)(nil)).Elem() +} + +func (o SecurityLabelOutput) ToSecurityLabelOutput() SecurityLabelOutput { + return o +} + +func (o SecurityLabelOutput) ToSecurityLabelOutputWithContext(ctx context.Context) SecurityLabelOutput { + return o +} + +// The value of the security label. +func (o SecurityLabelOutput) Label() pulumi.StringOutput { + return o.ApplyT(func(v *SecurityLabel) pulumi.StringOutput { return v.Label }).(pulumi.StringOutput) +} + +// The name of the provider with which this label is to be associated. +func (o SecurityLabelOutput) LabelProvider() pulumi.StringOutput { + return o.ApplyT(func(v *SecurityLabel) pulumi.StringOutput { return v.LabelProvider }).(pulumi.StringOutput) +} + +// The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified. +func (o SecurityLabelOutput) ObjectName() pulumi.StringOutput { + return o.ApplyT(func(v *SecurityLabel) pulumi.StringOutput { return v.ObjectName }).(pulumi.StringOutput) +} + +// The PostgreSQL object type to apply this security label to. +func (o SecurityLabelOutput) ObjectType() pulumi.StringOutput { + return o.ApplyT(func(v *SecurityLabel) pulumi.StringOutput { return v.ObjectType }).(pulumi.StringOutput) +} + +type SecurityLabelArrayOutput struct{ *pulumi.OutputState } + +func (SecurityLabelArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SecurityLabel)(nil)).Elem() +} + +func (o SecurityLabelArrayOutput) ToSecurityLabelArrayOutput() SecurityLabelArrayOutput { + return o +} + +func (o SecurityLabelArrayOutput) ToSecurityLabelArrayOutputWithContext(ctx context.Context) SecurityLabelArrayOutput { + return o +} + +func (o SecurityLabelArrayOutput) Index(i pulumi.IntInput) SecurityLabelOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SecurityLabel { + return vs[0].([]*SecurityLabel)[vs[1].(int)] + }).(SecurityLabelOutput) +} + +type SecurityLabelMapOutput struct{ *pulumi.OutputState } + +func (SecurityLabelMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SecurityLabel)(nil)).Elem() +} + +func (o SecurityLabelMapOutput) ToSecurityLabelMapOutput() SecurityLabelMapOutput { + return o +} + +func (o SecurityLabelMapOutput) ToSecurityLabelMapOutputWithContext(ctx context.Context) SecurityLabelMapOutput { + return o +} + +func (o SecurityLabelMapOutput) MapIndex(k pulumi.StringInput) SecurityLabelOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SecurityLabel { + return vs[0].(map[string]*SecurityLabel)[vs[1].(string)] + }).(SecurityLabelOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SecurityLabelInput)(nil)).Elem(), &SecurityLabel{}) + pulumi.RegisterInputType(reflect.TypeOf((*SecurityLabelArrayInput)(nil)).Elem(), SecurityLabelArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SecurityLabelMapInput)(nil)).Elem(), SecurityLabelMap{}) + pulumi.RegisterOutputType(SecurityLabelOutput{}) + pulumi.RegisterOutputType(SecurityLabelArrayOutput{}) + pulumi.RegisterOutputType(SecurityLabelMapOutput{}) +} diff --git a/sdk/java/build.gradle b/sdk/java/build.gradle index 31c4f17..66cec23 100644 --- a/sdk/java/build.gradle +++ b/sdk/java/build.gradle @@ -5,7 +5,7 @@ plugins { id("signing") id("java-library") id("maven-publish") - id("io.github.gradle-nexus.publish-plugin") version "1.1.0" + id("io.github.gradle-nexus.publish-plugin") version "2.0.0" } group = "com.pulumi" @@ -44,7 +44,7 @@ repositories { dependencies { implementation("com.google.code.findbugs:jsr305:3.0.2") implementation("com.google.code.gson:gson:2.8.9") - implementation("com.pulumi:pulumi:0.17.0") + implementation("com.pulumi:pulumi:0.18.0") } task sourcesJar(type: Jar) { diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/Config.java b/sdk/java/src/main/java/com/pulumi/postgresql/Config.java index d476840..60ec00c 100644 --- a/sdk/java/src/main/java/com/pulumi/postgresql/Config.java +++ b/sdk/java/src/main/java/com/pulumi/postgresql/Config.java @@ -28,6 +28,13 @@ public Optional awsRdsIamAuth() { public Optional awsRdsIamProfile() { return Codegen.stringProp("awsRdsIamProfile").config(config).get(); } +/** + * AWS IAM role to assume for IAM auth + * + */ + public Optional awsRdsIamProviderRoleArn() { + return Codegen.stringProp("awsRdsIamProviderRoleArn").config(config).get(); + } /** * AWS region to use for IAM auth * diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileg.java b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileg.java index dcde02f..bfed40e 100644 --- a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileg.java +++ b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileg.java @@ -63,7 +63,51 @@ * * ## Examples * - * Revoke default privileges for functions for "public" role: + * ### Grant default privileges for tables to "current_role" role: + * + * <!--Start PulumiCodeChooser --> + * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.postgresql.DefaultPrivileges;
+ * import com.pulumi.postgresql.DefaultPrivilegesArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var grantTablePrivileges = new DefaultPrivileges("grantTablePrivileges", DefaultPrivilegesArgs.builder()
+ *             .database(exampleDb.name())
+ *             .role("current_role")
+ *             .owner("owner_role")
+ *             .schema("public")
+ *             .objectType("table")
+ *             .privileges(            
+ *                 "SELECT",
+ *                 "INSERT",
+ *                 "UPDATE")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ *
+ * <!--End PulumiCodeChooser --> + * Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table. + * + * ### Revoke default privileges for functions for "public" role: * * <!--Start PulumiCodeChooser --> * 
@@ -138,42 +182,42 @@ public Output objectType() {
         return this.objectType;
     }
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     @Export(name="owner", refs={String.class}, tree="[0]")
     private Output owner;
 
     /**
-     * @return Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * @return Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     public Output owner() {
         return this.owner;
     }
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     @Export(name="privileges", refs={List.class,String.class}, tree="[0,1]")
     private Output> privileges;
 
     /**
-     * @return The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * @return List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     public Output> privileges() {
         return this.privileges;
     }
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     @Export(name="role", refs={String.class}, tree="[0]")
     private Output role;
 
     /**
-     * @return The name of the role to which grant default privileges on.
+     * @return The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     public Output role() {
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegArgs.java b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegArgs.java
index 3473892..6abe02a 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegArgs.java
@@ -49,14 +49,14 @@ public Output objectType() {
     }
 
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     @Import(name="owner", required=true)
     private Output owner;
 
     /**
-     * @return Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * @return Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     public Output owner() {
@@ -64,14 +64,14 @@ public Output owner() {
     }
 
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     @Import(name="privileges", required=true)
     private Output> privileges;
 
     /**
-     * @return The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * @return List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     public Output> privileges() {
@@ -79,14 +79,14 @@ public Output> privileges() {
     }
 
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     @Import(name="role", required=true)
     private Output role;
 
     /**
-     * @return The name of the role to which grant default privileges on.
+     * @return The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     public Output role() {
@@ -196,7 +196,7 @@ public Builder objectType(String objectType) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -207,7 +207,7 @@ public Builder owner(Output owner) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -217,7 +217,7 @@ public Builder owner(String owner) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -228,7 +228,7 @@ public Builder privileges(Output> privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -238,7 +238,7 @@ public Builder privileges(List privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -248,7 +248,7 @@ public Builder privileges(String... privileges) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
@@ -259,7 +259,7 @@ public Builder role(Output role) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileges.java b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileges.java
index 4424559..087c514 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileges.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivileges.java
@@ -64,7 +64,51 @@
  * 
  * ## Examples
  * 
- * Revoke default privileges for functions for "public" role:
+ * ### Grant default privileges for tables to "current_role" role:
+ * 
+ * <!--Start PulumiCodeChooser -->
+ * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.postgresql.DefaultPrivileges;
+ * import com.pulumi.postgresql.DefaultPrivilegesArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var grantTablePrivileges = new DefaultPrivileges("grantTablePrivileges", DefaultPrivilegesArgs.builder()
+ *             .database(exampleDb.name())
+ *             .role("current_role")
+ *             .owner("owner_role")
+ *             .schema("public")
+ *             .objectType("table")
+ *             .privileges(            
+ *                 "SELECT",
+ *                 "INSERT",
+ *                 "UPDATE")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 

+ * <!--End PulumiCodeChooser -->
+ * Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+ * 
+ * ### Revoke default privileges for functions for "public" role:
  * 
  * <!--Start PulumiCodeChooser -->
  * 
@@ -135,42 +179,42 @@ public Output objectType() {
         return this.objectType;
     }
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     @Export(name="owner", refs={String.class}, tree="[0]")
     private Output owner;
 
     /**
-     * @return Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * @return Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     public Output owner() {
         return this.owner;
     }
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     @Export(name="privileges", refs={List.class,String.class}, tree="[0,1]")
     private Output> privileges;
 
     /**
-     * @return The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * @return List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     public Output> privileges() {
         return this.privileges;
     }
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     @Export(name="role", refs={String.class}, tree="[0]")
     private Output role;
 
     /**
-     * @return The name of the role to which grant default privileges on.
+     * @return The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     public Output role() {
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegesArgs.java b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegesArgs.java
index d48c932..7b212cd 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegesArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/DefaultPrivilegesArgs.java
@@ -49,14 +49,14 @@ public Output objectType() {
     }
 
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     @Import(name="owner", required=true)
     private Output owner;
 
     /**
-     * @return Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * @return Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     public Output owner() {
@@ -64,14 +64,14 @@ public Output owner() {
     }
 
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     @Import(name="privileges", required=true)
     private Output> privileges;
 
     /**
-     * @return The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * @return List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     public Output> privileges() {
@@ -79,14 +79,14 @@ public Output> privileges() {
     }
 
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     @Import(name="role", required=true)
     private Output role;
 
     /**
-     * @return The name of the role to which grant default privileges on.
+     * @return The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     public Output role() {
@@ -196,7 +196,7 @@ public Builder objectType(String objectType) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -207,7 +207,7 @@ public Builder owner(Output owner) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -217,7 +217,7 @@ public Builder owner(String owner) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -228,7 +228,7 @@ public Builder privileges(Output> privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -238,7 +238,7 @@ public Builder privileges(List privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -248,7 +248,7 @@ public Builder privileges(String... privileges) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
@@ -259,7 +259,7 @@ public Builder role(Output role) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/Provider.java b/sdk/java/src/main/java/com/pulumi/postgresql/Provider.java
index 7b3d07f..fd361ce 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/Provider.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/Provider.java
@@ -37,6 +37,20 @@ public class Provider extends com.pulumi.resources.ProviderResource {
     public Output> awsRdsIamProfile() {
         return Codegen.optional(this.awsRdsIamProfile);
     }
+    /**
+     * AWS IAM role to assume for IAM auth
+     * 
+     */
+    @Export(name="awsRdsIamProviderRoleArn", refs={String.class}, tree="[0]")
+    private Output awsRdsIamProviderRoleArn;
+
+    /**
+     * @return AWS IAM role to assume for IAM auth
+     * 
+     */
+    public Output> awsRdsIamProviderRoleArn() {
+        return Codegen.optional(this.awsRdsIamProviderRoleArn);
+    }
     /**
      * AWS region to use for IAM auth
      * 
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/ProviderArgs.java b/sdk/java/src/main/java/com/pulumi/postgresql/ProviderArgs.java
index c4703fd..8e35dfa 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/ProviderArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/ProviderArgs.java
@@ -51,6 +51,21 @@ public Optional> awsRdsIamProfile() {
         return Optional.ofNullable(this.awsRdsIamProfile);
     }
 
+    /**
+     * AWS IAM role to assume for IAM auth
+     * 
+     */
+    @Import(name="awsRdsIamProviderRoleArn")
+    private @Nullable Output awsRdsIamProviderRoleArn;
+
+    /**
+     * @return AWS IAM role to assume for IAM auth
+     * 
+     */
+    public Optional> awsRdsIamProviderRoleArn() {
+        return Optional.ofNullable(this.awsRdsIamProviderRoleArn);
+    }
+
     /**
      * AWS region to use for IAM auth
      * 
@@ -335,6 +350,7 @@ private ProviderArgs() {}
     private ProviderArgs(ProviderArgs $) {
         this.awsRdsIamAuth = $.awsRdsIamAuth;
         this.awsRdsIamProfile = $.awsRdsIamProfile;
+        this.awsRdsIamProviderRoleArn = $.awsRdsIamProviderRoleArn;
         this.awsRdsIamRegion = $.awsRdsIamRegion;
         this.azureIdentityAuth = $.azureIdentityAuth;
         this.azureTenantId = $.azureTenantId;
@@ -418,6 +434,27 @@ public Builder awsRdsIamProfile(String awsRdsIamProfile) {
             return awsRdsIamProfile(Output.of(awsRdsIamProfile));
         }
 
+        /**
+         * @param awsRdsIamProviderRoleArn AWS IAM role to assume for IAM auth
+         * 
+         * @return builder
+         * 
+         */
+        public Builder awsRdsIamProviderRoleArn(@Nullable Output awsRdsIamProviderRoleArn) {
+            $.awsRdsIamProviderRoleArn = awsRdsIamProviderRoleArn;
+            return this;
+        }
+
+        /**
+         * @param awsRdsIamProviderRoleArn AWS IAM role to assume for IAM auth
+         * 
+         * @return builder
+         * 
+         */
+        public Builder awsRdsIamProviderRoleArn(String awsRdsIamProviderRoleArn) {
+            return awsRdsIamProviderRoleArn(Output.of(awsRdsIamProviderRoleArn));
+        }
+
         /**
          * @param awsRdsIamRegion AWS region to use for IAM auth
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/SecurityLabel.java b/sdk/java/src/main/java/com/pulumi/postgresql/SecurityLabel.java
new file mode 100644
index 0000000..9f2ca03
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/SecurityLabel.java
@@ -0,0 +1,187 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.postgresql;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import com.pulumi.postgresql.SecurityLabelArgs;
+import com.pulumi.postgresql.Utilities;
+import com.pulumi.postgresql.inputs.SecurityLabelState;
+import java.lang.String;
+import javax.annotation.Nullable;
+
+/**
+ * The ``postgresql.SecurityLabel`` resource creates and manages security labels.
+ * 
+ * See [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html)
+ * 
+ * > **Note:** This resource needs Postgresql version 11 or above.
+ * 
+ * ## Usage
+ * 
+ * <!--Start PulumiCodeChooser -->
+ * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.postgresql.Role;
+ * import com.pulumi.postgresql.RoleArgs;
+ * import com.pulumi.postgresql.SecurityLabel;
+ * import com.pulumi.postgresql.SecurityLabelArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         var myRole = new Role("myRole", RoleArgs.builder()
+ *             .name("my_role")
+ *             .login(true)
+ *             .build());
+ * 
+ *         var workload = new SecurityLabel("workload", SecurityLabelArgs.builder()
+ *             .objectType("role")
+ *             .objectName(myRole.name())
+ *             .labelProvider("pgaadauth")
+ *             .label("aadauth,oid=00000000-0000-0000-0000-000000000000,type=service")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 

+ * <!--End PulumiCodeChooser -->
+ * 
+ * ## Import
+ * 
+ * Security label is an attribute that can be added multiple times, so no import is needed, simply apply again.
+ * 
+ */
+@ResourceType(type="postgresql:index/securityLabel:SecurityLabel")
+public class SecurityLabel extends com.pulumi.resources.CustomResource {
+    /**
+     * The value of the security label.
+     * 
+     */
+    @Export(name="label", refs={String.class}, tree="[0]")
+    private Output label;
+
+    /**
+     * @return The value of the security label.
+     * 
+     */
+    public Output label() {
+        return this.label;
+    }
+    /**
+     * The name of the provider with which this label is to be associated.
+     * 
+     */
+    @Export(name="labelProvider", refs={String.class}, tree="[0]")
+    private Output labelProvider;
+
+    /**
+     * @return The name of the provider with which this label is to be associated.
+     * 
+     */
+    public Output labelProvider() {
+        return this.labelProvider;
+    }
+    /**
+     * The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     * 
+     */
+    @Export(name="objectName", refs={String.class}, tree="[0]")
+    private Output objectName;
+
+    /**
+     * @return The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     * 
+     */
+    public Output objectName() {
+        return this.objectName;
+    }
+    /**
+     * The PostgreSQL object type to apply this security label to.
+     * 
+     */
+    @Export(name="objectType", refs={String.class}, tree="[0]")
+    private Output objectType;
+
+    /**
+     * @return The PostgreSQL object type to apply this security label to.
+     * 
+     */
+    public Output objectType() {
+        return this.objectType;
+    }
+
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     */
+    public SecurityLabel(java.lang.String name) {
+        this(name, SecurityLabelArgs.Empty);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     */
+    public SecurityLabel(java.lang.String name, SecurityLabelArgs args) {
+        this(name, args, null);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param options A bag of options that control this resource's behavior.
+     */
+    public SecurityLabel(java.lang.String name, SecurityLabelArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("postgresql:index/securityLabel:SecurityLabel", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
+    }
+
+    private SecurityLabel(java.lang.String name, Output id, @Nullable SecurityLabelState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("postgresql:index/securityLabel:SecurityLabel", name, state, makeResourceOptions(options, id), false);
+    }
+
+    private static SecurityLabelArgs makeArgs(SecurityLabelArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        if (options != null && options.getUrn().isPresent()) {
+            return null;
+        }
+        return args == null ? SecurityLabelArgs.Empty : args;
+    }
+
+    private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
+        var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
+            .version(Utilities.getVersion())
+            .build();
+        return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
+    }
+
+    /**
+     * Get an existing Host resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state
+     * @param options Optional settings to control the behavior of the CustomResource.
+     */
+    public static SecurityLabel get(java.lang.String name, Output id, @Nullable SecurityLabelState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        return new SecurityLabel(name, id, state, options);
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/SecurityLabelArgs.java b/sdk/java/src/main/java/com/pulumi/postgresql/SecurityLabelArgs.java
new file mode 100644
index 0000000..31669a0
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/SecurityLabelArgs.java
@@ -0,0 +1,205 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.postgresql;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+
+
+public final class SecurityLabelArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final SecurityLabelArgs Empty = new SecurityLabelArgs();
+
+    /**
+     * The value of the security label.
+     * 
+     */
+    @Import(name="label", required=true)
+    private Output label;
+
+    /**
+     * @return The value of the security label.
+     * 
+     */
+    public Output label() {
+        return this.label;
+    }
+
+    /**
+     * The name of the provider with which this label is to be associated.
+     * 
+     */
+    @Import(name="labelProvider", required=true)
+    private Output labelProvider;
+
+    /**
+     * @return The name of the provider with which this label is to be associated.
+     * 
+     */
+    public Output labelProvider() {
+        return this.labelProvider;
+    }
+
+    /**
+     * The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     * 
+     */
+    @Import(name="objectName", required=true)
+    private Output objectName;
+
+    /**
+     * @return The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     * 
+     */
+    public Output objectName() {
+        return this.objectName;
+    }
+
+    /**
+     * The PostgreSQL object type to apply this security label to.
+     * 
+     */
+    @Import(name="objectType", required=true)
+    private Output objectType;
+
+    /**
+     * @return The PostgreSQL object type to apply this security label to.
+     * 
+     */
+    public Output objectType() {
+        return this.objectType;
+    }
+
+    private SecurityLabelArgs() {}
+
+    private SecurityLabelArgs(SecurityLabelArgs $) {
+        this.label = $.label;
+        this.labelProvider = $.labelProvider;
+        this.objectName = $.objectName;
+        this.objectType = $.objectType;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SecurityLabelArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SecurityLabelArgs $;
+
+        public Builder() {
+            $ = new SecurityLabelArgs();
+        }
+
+        public Builder(SecurityLabelArgs defaults) {
+            $ = new SecurityLabelArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param label The value of the security label.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder label(Output label) {
+            $.label = label;
+            return this;
+        }
+
+        /**
+         * @param label The value of the security label.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder label(String label) {
+            return label(Output.of(label));
+        }
+
+        /**
+         * @param labelProvider The name of the provider with which this label is to be associated.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder labelProvider(Output labelProvider) {
+            $.labelProvider = labelProvider;
+            return this;
+        }
+
+        /**
+         * @param labelProvider The name of the provider with which this label is to be associated.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder labelProvider(String labelProvider) {
+            return labelProvider(Output.of(labelProvider));
+        }
+
+        /**
+         * @param objectName The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectName(Output objectName) {
+            $.objectName = objectName;
+            return this;
+        }
+
+        /**
+         * @param objectName The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectName(String objectName) {
+            return objectName(Output.of(objectName));
+        }
+
+        /**
+         * @param objectType The PostgreSQL object type to apply this security label to.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectType(Output objectType) {
+            $.objectType = objectType;
+            return this;
+        }
+
+        /**
+         * @param objectType The PostgreSQL object type to apply this security label to.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectType(String objectType) {
+            return objectType(Output.of(objectType));
+        }
+
+        public SecurityLabelArgs build() {
+            if ($.label == null) {
+                throw new MissingRequiredPropertyException("SecurityLabelArgs", "label");
+            }
+            if ($.labelProvider == null) {
+                throw new MissingRequiredPropertyException("SecurityLabelArgs", "labelProvider");
+            }
+            if ($.objectName == null) {
+                throw new MissingRequiredPropertyException("SecurityLabelArgs", "objectName");
+            }
+            if ($.objectType == null) {
+                throw new MissingRequiredPropertyException("SecurityLabelArgs", "objectType");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegState.java b/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegState.java
index a46d34e..c7860bd 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegState.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegState.java
@@ -48,14 +48,14 @@ public Optional> objectType() {
     }
 
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     @Import(name="owner")
     private @Nullable Output owner;
 
     /**
-     * @return Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * @return Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     public Optional> owner() {
@@ -63,14 +63,14 @@ public Optional> owner() {
     }
 
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     @Import(name="privileges")
     private @Nullable Output> privileges;
 
     /**
-     * @return The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * @return List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     public Optional>> privileges() {
@@ -78,14 +78,14 @@ public Optional>> privileges() {
     }
 
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     @Import(name="role")
     private @Nullable Output role;
 
     /**
-     * @return The name of the role to which grant default privileges on.
+     * @return The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     public Optional> role() {
@@ -195,7 +195,7 @@ public Builder objectType(String objectType) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -206,7 +206,7 @@ public Builder owner(@Nullable Output owner) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -216,7 +216,7 @@ public Builder owner(String owner) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -227,7 +227,7 @@ public Builder privileges(@Nullable Output> privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -237,7 +237,7 @@ public Builder privileges(List privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -247,7 +247,7 @@ public Builder privileges(String... privileges) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
@@ -258,7 +258,7 @@ public Builder role(@Nullable Output role) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegesState.java b/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegesState.java
index f5af087..e89271c 100644
--- a/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegesState.java
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/inputs/DefaultPrivilegesState.java
@@ -48,14 +48,14 @@ public Optional> objectType() {
     }
 
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     @Import(name="owner")
     private @Nullable Output owner;
 
     /**
-     * @return Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * @return Specifies the role that creates objects for which the default privileges will be applied.
      * 
      */
     public Optional> owner() {
@@ -63,14 +63,14 @@ public Optional> owner() {
     }
 
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     @Import(name="privileges")
     private @Nullable Output> privileges;
 
     /**
-     * @return The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * @return List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      * 
      */
     public Optional>> privileges() {
@@ -78,14 +78,14 @@ public Optional>> privileges() {
     }
 
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     @Import(name="role")
     private @Nullable Output role;
 
     /**
-     * @return The name of the role to which grant default privileges on.
+     * @return The role that will automatically be granted the specified privileges on new objects created by the owner.
      * 
      */
     public Optional> role() {
@@ -195,7 +195,7 @@ public Builder objectType(String objectType) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -206,7 +206,7 @@ public Builder owner(@Nullable Output owner) {
         }
 
         /**
-         * @param owner Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+         * @param owner Specifies the role that creates objects for which the default privileges will be applied.
          * 
          * @return builder
          * 
@@ -216,7 +216,7 @@ public Builder owner(String owner) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -227,7 +227,7 @@ public Builder privileges(@Nullable Output> privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -237,7 +237,7 @@ public Builder privileges(List privileges) {
         }
 
         /**
-         * @param privileges The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+         * @param privileges List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
          * 
          * @return builder
          * 
@@ -247,7 +247,7 @@ public Builder privileges(String... privileges) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
@@ -258,7 +258,7 @@ public Builder role(@Nullable Output role) {
         }
 
         /**
-         * @param role The name of the role to which grant default privileges on.
+         * @param role The role that will automatically be granted the specified privileges on new objects created by the owner.
          * 
          * @return builder
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/postgresql/inputs/SecurityLabelState.java b/sdk/java/src/main/java/com/pulumi/postgresql/inputs/SecurityLabelState.java
new file mode 100644
index 0000000..d7b3464
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/postgresql/inputs/SecurityLabelState.java
@@ -0,0 +1,194 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.postgresql.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SecurityLabelState extends com.pulumi.resources.ResourceArgs {
+
+    public static final SecurityLabelState Empty = new SecurityLabelState();
+
+    /**
+     * The value of the security label.
+     * 
+     */
+    @Import(name="label")
+    private @Nullable Output label;
+
+    /**
+     * @return The value of the security label.
+     * 
+     */
+    public Optional> label() {
+        return Optional.ofNullable(this.label);
+    }
+
+    /**
+     * The name of the provider with which this label is to be associated.
+     * 
+     */
+    @Import(name="labelProvider")
+    private @Nullable Output labelProvider;
+
+    /**
+     * @return The name of the provider with which this label is to be associated.
+     * 
+     */
+    public Optional> labelProvider() {
+        return Optional.ofNullable(this.labelProvider);
+    }
+
+    /**
+     * The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     * 
+     */
+    @Import(name="objectName")
+    private @Nullable Output objectName;
+
+    /**
+     * @return The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     * 
+     */
+    public Optional> objectName() {
+        return Optional.ofNullable(this.objectName);
+    }
+
+    /**
+     * The PostgreSQL object type to apply this security label to.
+     * 
+     */
+    @Import(name="objectType")
+    private @Nullable Output objectType;
+
+    /**
+     * @return The PostgreSQL object type to apply this security label to.
+     * 
+     */
+    public Optional> objectType() {
+        return Optional.ofNullable(this.objectType);
+    }
+
+    private SecurityLabelState() {}
+
+    private SecurityLabelState(SecurityLabelState $) {
+        this.label = $.label;
+        this.labelProvider = $.labelProvider;
+        this.objectName = $.objectName;
+        this.objectType = $.objectType;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SecurityLabelState defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SecurityLabelState $;
+
+        public Builder() {
+            $ = new SecurityLabelState();
+        }
+
+        public Builder(SecurityLabelState defaults) {
+            $ = new SecurityLabelState(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param label The value of the security label.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder label(@Nullable Output label) {
+            $.label = label;
+            return this;
+        }
+
+        /**
+         * @param label The value of the security label.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder label(String label) {
+            return label(Output.of(label));
+        }
+
+        /**
+         * @param labelProvider The name of the provider with which this label is to be associated.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder labelProvider(@Nullable Output labelProvider) {
+            $.labelProvider = labelProvider;
+            return this;
+        }
+
+        /**
+         * @param labelProvider The name of the provider with which this label is to be associated.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder labelProvider(String labelProvider) {
+            return labelProvider(Output.of(labelProvider));
+        }
+
+        /**
+         * @param objectName The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectName(@Nullable Output objectName) {
+            $.objectName = objectName;
+            return this;
+        }
+
+        /**
+         * @param objectName The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectName(String objectName) {
+            return objectName(Output.of(objectName));
+        }
+
+        /**
+         * @param objectType The PostgreSQL object type to apply this security label to.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectType(@Nullable Output objectType) {
+            $.objectType = objectType;
+            return this;
+        }
+
+        /**
+         * @param objectType The PostgreSQL object type to apply this security label to.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder objectType(String objectType) {
+            return objectType(Output.of(objectType));
+        }
+
+        public SecurityLabelState build() {
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/nodejs/config/vars.ts b/sdk/nodejs/config/vars.ts
index 5e17f44..cddc0ce 100644
--- a/sdk/nodejs/config/vars.ts
+++ b/sdk/nodejs/config/vars.ts
@@ -32,6 +32,17 @@ Object.defineProperty(exports, "awsRdsIamProfile", {
     enumerable: true,
 });
 
+/**
+ * AWS IAM role to assume for IAM auth
+ */
+export declare const awsRdsIamProviderRoleArn: string | undefined;
+Object.defineProperty(exports, "awsRdsIamProviderRoleArn", {
+    get() {
+        return __config.get("awsRdsIamProviderRoleArn");
+    },
+    enumerable: true,
+});
+
 /**
  * AWS region to use for IAM auth
  */
diff --git a/sdk/nodejs/defaultPrivileg.ts b/sdk/nodejs/defaultPrivileg.ts
index dc94e78..468f031 100644
--- a/sdk/nodejs/defaultPrivileg.ts
+++ b/sdk/nodejs/defaultPrivileg.ts
@@ -27,7 +27,28 @@ import * as utilities from "./utilities";
  *
  * ## Examples
  *
- * Revoke default privileges for functions for "public" role:
+ * ### Grant default privileges for tables to "currentRole" role:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as postgresql from "@pulumi/postgresql";
+ *
+ * const grantTablePrivileges = new postgresql.DefaultPrivileges("grant_table_privileges", {
+ *     database: exampleDb.name,
+ *     role: "current_role",
+ *     owner: "owner_role",
+ *     schema: "public",
+ *     objectType: "table",
+ *     privileges: [
+ *         "SELECT",
+ *         "INSERT",
+ *         "UPDATE",
+ *     ],
+ * });
+ * ```
+ * Whenever the `ownerRole` creates a new table in the `public` schema, the `currentRole` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+ *
+ * ### Revoke default privileges for functions for "public" role:
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -82,15 +103,15 @@ export class DefaultPrivileg extends pulumi.CustomResource {
      */
     public readonly objectType!: pulumi.Output;
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      */
     public readonly owner!: pulumi.Output;
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      */
     public readonly privileges!: pulumi.Output;
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      */
     public readonly role!: pulumi.Output;
     /**
@@ -168,15 +189,15 @@ export interface DefaultPrivilegState {
      */
     objectType?: pulumi.Input;
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      */
     owner?: pulumi.Input;
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      */
     privileges?: pulumi.Input[]>;
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      */
     role?: pulumi.Input;
     /**
@@ -202,15 +223,15 @@ export interface DefaultPrivilegArgs {
      */
     objectType: pulumi.Input;
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      */
     owner: pulumi.Input;
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      */
     privileges: pulumi.Input[]>;
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      */
     role: pulumi.Input;
     /**
diff --git a/sdk/nodejs/defaultPrivileges.ts b/sdk/nodejs/defaultPrivileges.ts
index 838b8de..af11f54 100644
--- a/sdk/nodejs/defaultPrivileges.ts
+++ b/sdk/nodejs/defaultPrivileges.ts
@@ -27,7 +27,28 @@ import * as utilities from "./utilities";
  *
  * ## Examples
  *
- * Revoke default privileges for functions for "public" role:
+ * ### Grant default privileges for tables to "currentRole" role:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as postgresql from "@pulumi/postgresql";
+ *
+ * const grantTablePrivileges = new postgresql.DefaultPrivileges("grant_table_privileges", {
+ *     database: exampleDb.name,
+ *     role: "current_role",
+ *     owner: "owner_role",
+ *     schema: "public",
+ *     objectType: "table",
+ *     privileges: [
+ *         "SELECT",
+ *         "INSERT",
+ *         "UPDATE",
+ *     ],
+ * });
+ * ```
+ * Whenever the `ownerRole` creates a new table in the `public` schema, the `currentRole` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+ *
+ * ### Revoke default privileges for functions for "public" role:
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -79,15 +100,15 @@ export class DefaultPrivileges extends pulumi.CustomResource {
      */
     public readonly objectType!: pulumi.Output;
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      */
     public readonly owner!: pulumi.Output;
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      */
     public readonly privileges!: pulumi.Output;
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      */
     public readonly role!: pulumi.Output;
     /**
@@ -164,15 +185,15 @@ export interface DefaultPrivilegesState {
      */
     objectType?: pulumi.Input;
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      */
     owner?: pulumi.Input;
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      */
     privileges?: pulumi.Input[]>;
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      */
     role?: pulumi.Input;
     /**
@@ -198,15 +219,15 @@ export interface DefaultPrivilegesArgs {
      */
     objectType: pulumi.Input;
     /**
-     * Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+     * Specifies the role that creates objects for which the default privileges will be applied.
      */
     owner: pulumi.Input;
     /**
-     * The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+     * List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
      */
     privileges: pulumi.Input[]>;
     /**
-     * The name of the role to which grant default privileges on.
+     * The role that will automatically be granted the specified privileges on new objects created by the owner.
      */
     role: pulumi.Input;
     /**
diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts
index 91bf732..fb255ca 100644
--- a/sdk/nodejs/index.ts
+++ b/sdk/nodejs/index.ts
@@ -85,6 +85,11 @@ export type Schema = import("./schema").Schema;
 export const Schema: typeof import("./schema").Schema = null as any;
 utilities.lazyLoad(exports, ["Schema"], () => require("./schema"));
 
+export { SecurityLabelArgs, SecurityLabelState } from "./securityLabel";
+export type SecurityLabel = import("./securityLabel").SecurityLabel;
+export const SecurityLabel: typeof import("./securityLabel").SecurityLabel = null as any;
+utilities.lazyLoad(exports, ["SecurityLabel"], () => require("./securityLabel"));
+
 export { ServerArgs, ServerState } from "./server";
 export type Server = import("./server").Server;
 export const Server: typeof import("./server").Server = null as any;
@@ -138,6 +143,8 @@ const _module = {
                 return new Role(name, undefined, { urn })
             case "postgresql:index/schema:Schema":
                 return new Schema(name, undefined, { urn })
+            case "postgresql:index/securityLabel:SecurityLabel":
+                return new SecurityLabel(name, undefined, { urn })
             case "postgresql:index/server:Server":
                 return new Server(name, undefined, { urn })
             case "postgresql:index/subscription:Subscription":
@@ -161,6 +168,7 @@ pulumi.runtime.registerResourceModule("postgresql", "index/publication", _module
 pulumi.runtime.registerResourceModule("postgresql", "index/replicationSlot", _module)
 pulumi.runtime.registerResourceModule("postgresql", "index/role", _module)
 pulumi.runtime.registerResourceModule("postgresql", "index/schema", _module)
+pulumi.runtime.registerResourceModule("postgresql", "index/securityLabel", _module)
 pulumi.runtime.registerResourceModule("postgresql", "index/server", _module)
 pulumi.runtime.registerResourceModule("postgresql", "index/subscription", _module)
 pulumi.runtime.registerResourceModule("postgresql", "index/userMapping", _module)
diff --git a/sdk/nodejs/provider.ts b/sdk/nodejs/provider.ts
index 30a00f0..9d25078 100644
--- a/sdk/nodejs/provider.ts
+++ b/sdk/nodejs/provider.ts
@@ -31,6 +31,10 @@ export class Provider extends pulumi.ProviderResource {
      * AWS profile to use for IAM auth
      */
     public readonly awsRdsIamProfile!: pulumi.Output;
+    /**
+     * AWS IAM role to assume for IAM auth
+     */
+    public readonly awsRdsIamProviderRoleArn!: pulumi.Output;
     /**
      * AWS region to use for IAM auth
      */
@@ -92,6 +96,7 @@ export class Provider extends pulumi.ProviderResource {
         {
             resourceInputs["awsRdsIamAuth"] = pulumi.output(args ? args.awsRdsIamAuth : undefined).apply(JSON.stringify);
             resourceInputs["awsRdsIamProfile"] = args ? args.awsRdsIamProfile : undefined;
+            resourceInputs["awsRdsIamProviderRoleArn"] = args ? args.awsRdsIamProviderRoleArn : undefined;
             resourceInputs["awsRdsIamRegion"] = args ? args.awsRdsIamRegion : undefined;
             resourceInputs["azureIdentityAuth"] = pulumi.output(args ? args.azureIdentityAuth : undefined).apply(JSON.stringify);
             resourceInputs["azureTenantId"] = args ? args.azureTenantId : undefined;
@@ -132,6 +137,10 @@ export interface ProviderArgs {
      * AWS profile to use for IAM auth
      */
     awsRdsIamProfile?: pulumi.Input;
+    /**
+     * AWS IAM role to assume for IAM auth
+     */
+    awsRdsIamProviderRoleArn?: pulumi.Input;
     /**
      * AWS region to use for IAM auth
      */
diff --git a/sdk/nodejs/securityLabel.ts b/sdk/nodejs/securityLabel.ts
new file mode 100644
index 0000000..9c9b687
--- /dev/null
+++ b/sdk/nodejs/securityLabel.ts
@@ -0,0 +1,164 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as utilities from "./utilities";
+
+/**
+ * The ``postgresql.SecurityLabel`` resource creates and manages security labels.
+ *
+ * See [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html)
+ *
+ * > **Note:** This resource needs Postgresql version 11 or above.
+ *
+ * ## Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as postgresql from "@pulumi/postgresql";
+ *
+ * const myRole = new postgresql.Role("my_role", {
+ *     name: "my_role",
+ *     login: true,
+ * });
+ * const workload = new postgresql.SecurityLabel("workload", {
+ *     objectType: "role",
+ *     objectName: myRole.name,
+ *     labelProvider: "pgaadauth",
+ *     label: "aadauth,oid=00000000-0000-0000-0000-000000000000,type=service",
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Security label is an attribute that can be added multiple times, so no import is needed, simply apply again.
+ */
+export class SecurityLabel extends pulumi.CustomResource {
+    /**
+     * Get an existing SecurityLabel resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    public static get(name: string, id: pulumi.Input, state?: SecurityLabelState, opts?: pulumi.CustomResourceOptions): SecurityLabel {
+        return new SecurityLabel(name, state, { ...opts, id: id });
+    }
+
+    /** @internal */
+    public static readonly __pulumiType = 'postgresql:index/securityLabel:SecurityLabel';
+
+    /**
+     * Returns true if the given object is an instance of SecurityLabel.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    public static isInstance(obj: any): obj is SecurityLabel {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === SecurityLabel.__pulumiType;
+    }
+
+    /**
+     * The value of the security label.
+     */
+    public readonly label!: pulumi.Output;
+    /**
+     * The name of the provider with which this label is to be associated.
+     */
+    public readonly labelProvider!: pulumi.Output;
+    /**
+     * The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     */
+    public readonly objectName!: pulumi.Output;
+    /**
+     * The PostgreSQL object type to apply this security label to.
+     */
+    public readonly objectType!: pulumi.Output;
+
+    /**
+     * Create a SecurityLabel resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: SecurityLabelArgs, opts?: pulumi.CustomResourceOptions)
+    constructor(name: string, argsOrState?: SecurityLabelArgs | SecurityLabelState, opts?: pulumi.CustomResourceOptions) {
+        let resourceInputs: pulumi.Inputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState as SecurityLabelState | undefined;
+            resourceInputs["label"] = state ? state.label : undefined;
+            resourceInputs["labelProvider"] = state ? state.labelProvider : undefined;
+            resourceInputs["objectName"] = state ? state.objectName : undefined;
+            resourceInputs["objectType"] = state ? state.objectType : undefined;
+        } else {
+            const args = argsOrState as SecurityLabelArgs | undefined;
+            if ((!args || args.label === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'label'");
+            }
+            if ((!args || args.labelProvider === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'labelProvider'");
+            }
+            if ((!args || args.objectName === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'objectName'");
+            }
+            if ((!args || args.objectType === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'objectType'");
+            }
+            resourceInputs["label"] = args ? args.label : undefined;
+            resourceInputs["labelProvider"] = args ? args.labelProvider : undefined;
+            resourceInputs["objectName"] = args ? args.objectName : undefined;
+            resourceInputs["objectType"] = args ? args.objectType : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(SecurityLabel.__pulumiType, name, resourceInputs, opts);
+    }
+}
+
+/**
+ * Input properties used for looking up and filtering SecurityLabel resources.
+ */
+export interface SecurityLabelState {
+    /**
+     * The value of the security label.
+     */
+    label?: pulumi.Input;
+    /**
+     * The name of the provider with which this label is to be associated.
+     */
+    labelProvider?: pulumi.Input;
+    /**
+     * The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     */
+    objectName?: pulumi.Input;
+    /**
+     * The PostgreSQL object type to apply this security label to.
+     */
+    objectType?: pulumi.Input;
+}
+
+/**
+ * The set of arguments for constructing a SecurityLabel resource.
+ */
+export interface SecurityLabelArgs {
+    /**
+     * The value of the security label.
+     */
+    label: pulumi.Input;
+    /**
+     * The name of the provider with which this label is to be associated.
+     */
+    labelProvider: pulumi.Input;
+    /**
+     * The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+     */
+    objectName: pulumi.Input;
+    /**
+     * The PostgreSQL object type to apply this security label to.
+     */
+    objectType: pulumi.Input;
+}
diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json
index 69dc0fd..932a077 100644
--- a/sdk/nodejs/tsconfig.json
+++ b/sdk/nodejs/tsconfig.json
@@ -32,6 +32,7 @@
         "replicationSlot.ts",
         "role.ts",
         "schema.ts",
+        "securityLabel.ts",
         "server.ts",
         "subscription.ts",
         "types/index.ts",
diff --git a/sdk/python/pulumi_postgresql/__init__.py b/sdk/python/pulumi_postgresql/__init__.py
index 53a24bf..5c14df4 100644
--- a/sdk/python/pulumi_postgresql/__init__.py
+++ b/sdk/python/pulumi_postgresql/__init__.py
@@ -21,6 +21,7 @@
 from .replication_slot import *
 from .role import *
 from .schema import *
+from .security_label import *
 from .server import *
 from .subscription import *
 from .user_mapping import *
@@ -133,6 +134,14 @@
    "postgresql:index/schema:Schema": "Schema"
   }
  },
+ {
+  "pkg": "postgresql",
+  "mod": "index/securityLabel",
+  "fqn": "pulumi_postgresql",
+  "classes": {
+   "postgresql:index/securityLabel:SecurityLabel": "SecurityLabel"
+  }
+ },
  {
   "pkg": "postgresql",
   "mod": "index/server",
diff --git a/sdk/python/pulumi_postgresql/config/__init__.pyi b/sdk/python/pulumi_postgresql/config/__init__.pyi
index 18a1431..830ef8a 100644
--- a/sdk/python/pulumi_postgresql/config/__init__.pyi
+++ b/sdk/python/pulumi_postgresql/config/__init__.pyi
@@ -26,6 +26,11 @@ awsRdsIamProfile: Optional[str]
 AWS profile to use for IAM auth
 """
 
+awsRdsIamProviderRoleArn: Optional[str]
+"""
+AWS IAM role to assume for IAM auth
+"""
+
 awsRdsIamRegion: Optional[str]
 """
 AWS region to use for IAM auth
diff --git a/sdk/python/pulumi_postgresql/config/vars.py b/sdk/python/pulumi_postgresql/config/vars.py
index 3725c8c..9955a37 100644
--- a/sdk/python/pulumi_postgresql/config/vars.py
+++ b/sdk/python/pulumi_postgresql/config/vars.py
@@ -36,6 +36,13 @@ def aws_rds_iam_profile(self) -> Optional[str]:
         """
         return __config__.get('awsRdsIamProfile')
 
+    @property
+    def aws_rds_iam_provider_role_arn(self) -> Optional[str]:
+        """
+        AWS IAM role to assume for IAM auth
+        """
+        return __config__.get('awsRdsIamProviderRoleArn')
+
     @property
     def aws_rds_iam_region(self) -> Optional[str]:
         """
diff --git a/sdk/python/pulumi_postgresql/default_privileg.py b/sdk/python/pulumi_postgresql/default_privileg.py
index b14cccf..3a0bee5 100644
--- a/sdk/python/pulumi_postgresql/default_privileg.py
+++ b/sdk/python/pulumi_postgresql/default_privileg.py
@@ -30,9 +30,9 @@ def __init__(__self__, *,
         The set of arguments for constructing a DefaultPrivileg resource.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -74,7 +74,7 @@ def object_type(self, value: pulumi.Input[str]):
     @pulumi.getter
     def owner(self) -> pulumi.Input[str]:
         """
-        Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+        Specifies the role that creates objects for which the default privileges will be applied.
         """
         return pulumi.get(self, "owner")
 
@@ -86,7 +86,7 @@ def owner(self, value: pulumi.Input[str]):
     @pulumi.getter
     def privileges(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
         """
-        The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+        List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
         """
         return pulumi.get(self, "privileges")
 
@@ -98,7 +98,7 @@ def privileges(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
     @pulumi.getter
     def role(self) -> pulumi.Input[str]:
         """
-        The name of the role to which grant default privileges on.
+        The role that will automatically be granted the specified privileges on new objects created by the owner.
         """
         return pulumi.get(self, "role")
 
@@ -145,9 +145,9 @@ def __init__(__self__, *,
         Input properties used for looking up and filtering DefaultPrivileg resources.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -194,7 +194,7 @@ def object_type(self, value: Optional[pulumi.Input[str]]):
     @pulumi.getter
     def owner(self) -> Optional[pulumi.Input[str]]:
         """
-        Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+        Specifies the role that creates objects for which the default privileges will be applied.
         """
         return pulumi.get(self, "owner")
 
@@ -206,7 +206,7 @@ def owner(self, value: Optional[pulumi.Input[str]]):
     @pulumi.getter
     def privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+        List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
         """
         return pulumi.get(self, "privileges")
 
@@ -218,7 +218,7 @@ def privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]])
     @pulumi.getter
     def role(self) -> Optional[pulumi.Input[str]]:
         """
-        The name of the role to which grant default privileges on.
+        The role that will automatically be granted the specified privileges on new objects created by the owner.
         """
         return pulumi.get(self, "role")
 
@@ -291,7 +291,27 @@ def __init__(__self__,
 
         ## Examples
 
-        Revoke default privileges for functions for "public" role:
+        ### Grant default privileges for tables to "current_role" role:
+
+        ```python
+        import pulumi
+        import pulumi_postgresql as postgresql
+
+        grant_table_privileges = postgresql.DefaultPrivileges("grant_table_privileges",
+            database=example_db["name"],
+            role="current_role",
+            owner="owner_role",
+            schema="public",
+            object_type="table",
+            privileges=[
+                "SELECT",
+                "INSERT",
+                "UPDATE",
+            ])
+        ```
+        Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+
+        ### Revoke default privileges for functions for "public" role:
 
         ```python
         import pulumi
@@ -309,9 +329,9 @@ def __init__(__self__,
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -343,7 +363,27 @@ def __init__(__self__,
 
         ## Examples
 
-        Revoke default privileges for functions for "public" role:
+        ### Grant default privileges for tables to "current_role" role:
+
+        ```python
+        import pulumi
+        import pulumi_postgresql as postgresql
+
+        grant_table_privileges = postgresql.DefaultPrivileges("grant_table_privileges",
+            database=example_db["name"],
+            role="current_role",
+            owner="owner_role",
+            schema="public",
+            object_type="table",
+            privileges=[
+                "SELECT",
+                "INSERT",
+                "UPDATE",
+            ])
+        ```
+        Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+
+        ### Revoke default privileges for functions for "public" role:
 
         ```python
         import pulumi
@@ -432,9 +472,9 @@ def get(resource_name: str,
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -471,7 +511,7 @@ def object_type(self) -> pulumi.Output[str]:
     @pulumi.getter
     def owner(self) -> pulumi.Output[str]:
         """
-        Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+        Specifies the role that creates objects for which the default privileges will be applied.
         """
         return pulumi.get(self, "owner")
 
@@ -479,7 +519,7 @@ def owner(self) -> pulumi.Output[str]:
     @pulumi.getter
     def privileges(self) -> pulumi.Output[Sequence[str]]:
         """
-        The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+        List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
         """
         return pulumi.get(self, "privileges")
 
@@ -487,7 +527,7 @@ def privileges(self) -> pulumi.Output[Sequence[str]]:
     @pulumi.getter
     def role(self) -> pulumi.Output[str]:
         """
-        The name of the role to which grant default privileges on.
+        The role that will automatically be granted the specified privileges on new objects created by the owner.
         """
         return pulumi.get(self, "role")
 
diff --git a/sdk/python/pulumi_postgresql/default_privileges.py b/sdk/python/pulumi_postgresql/default_privileges.py
index 312a80f..7f5c252 100644
--- a/sdk/python/pulumi_postgresql/default_privileges.py
+++ b/sdk/python/pulumi_postgresql/default_privileges.py
@@ -30,9 +30,9 @@ def __init__(__self__, *,
         The set of arguments for constructing a DefaultPrivileges resource.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -74,7 +74,7 @@ def object_type(self, value: pulumi.Input[str]):
     @pulumi.getter
     def owner(self) -> pulumi.Input[str]:
         """
-        Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+        Specifies the role that creates objects for which the default privileges will be applied.
         """
         return pulumi.get(self, "owner")
 
@@ -86,7 +86,7 @@ def owner(self, value: pulumi.Input[str]):
     @pulumi.getter
     def privileges(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
         """
-        The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+        List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
         """
         return pulumi.get(self, "privileges")
 
@@ -98,7 +98,7 @@ def privileges(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
     @pulumi.getter
     def role(self) -> pulumi.Input[str]:
         """
-        The name of the role to which grant default privileges on.
+        The role that will automatically be granted the specified privileges on new objects created by the owner.
         """
         return pulumi.get(self, "role")
 
@@ -145,9 +145,9 @@ def __init__(__self__, *,
         Input properties used for looking up and filtering DefaultPrivileges resources.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -194,7 +194,7 @@ def object_type(self, value: Optional[pulumi.Input[str]]):
     @pulumi.getter
     def owner(self) -> Optional[pulumi.Input[str]]:
         """
-        Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+        Specifies the role that creates objects for which the default privileges will be applied.
         """
         return pulumi.get(self, "owner")
 
@@ -206,7 +206,7 @@ def owner(self, value: Optional[pulumi.Input[str]]):
     @pulumi.getter
     def privileges(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+        List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
         """
         return pulumi.get(self, "privileges")
 
@@ -218,7 +218,7 @@ def privileges(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]])
     @pulumi.getter
     def role(self) -> Optional[pulumi.Input[str]]:
         """
-        The name of the role to which grant default privileges on.
+        The role that will automatically be granted the specified privileges on new objects created by the owner.
         """
         return pulumi.get(self, "role")
 
@@ -286,7 +286,27 @@ def __init__(__self__,
 
         ## Examples
 
-        Revoke default privileges for functions for "public" role:
+        ### Grant default privileges for tables to "current_role" role:
+
+        ```python
+        import pulumi
+        import pulumi_postgresql as postgresql
+
+        grant_table_privileges = postgresql.DefaultPrivileges("grant_table_privileges",
+            database=example_db["name"],
+            role="current_role",
+            owner="owner_role",
+            schema="public",
+            object_type="table",
+            privileges=[
+                "SELECT",
+                "INSERT",
+                "UPDATE",
+            ])
+        ```
+        Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+
+        ### Revoke default privileges for functions for "public" role:
 
         ```python
         import pulumi
@@ -304,9 +324,9 @@ def __init__(__self__,
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -338,7 +358,27 @@ def __init__(__self__,
 
         ## Examples
 
-        Revoke default privileges for functions for "public" role:
+        ### Grant default privileges for tables to "current_role" role:
+
+        ```python
+        import pulumi
+        import pulumi_postgresql as postgresql
+
+        grant_table_privileges = postgresql.DefaultPrivileges("grant_table_privileges",
+            database=example_db["name"],
+            role="current_role",
+            owner="owner_role",
+            schema="public",
+            object_type="table",
+            privileges=[
+                "SELECT",
+                "INSERT",
+                "UPDATE",
+            ])
+        ```
+        Whenever the `owner_role` creates a new table in the `public` schema, the `current_role` is automatically granted SELECT, INSERT, and UPDATE privileges on that table.
+
+        ### Revoke default privileges for functions for "public" role:
 
         ```python
         import pulumi
@@ -428,9 +468,9 @@ def get(resource_name: str,
         :param pulumi.ResourceOptions opts: Options for the resource.
         :param pulumi.Input[str] database: The database to grant default privileges for this role.
         :param pulumi.Input[str] object_type: The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, type, schema).
-        :param pulumi.Input[str] owner: Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
-        :param pulumi.Input[str] role: The name of the role to which grant default privileges on.
+        :param pulumi.Input[str] owner: Specifies the role that creates objects for which the default privileges will be applied.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] privileges: List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+        :param pulumi.Input[str] role: The role that will automatically be granted the specified privileges on new objects created by the owner.
         :param pulumi.Input[str] schema: The database schema to set default privileges for this role.
         :param pulumi.Input[bool] with_grant_option: Permit the grant recipient to grant it to others
         """
@@ -467,7 +507,7 @@ def object_type(self) -> pulumi.Output[str]:
     @pulumi.getter
     def owner(self) -> pulumi.Output[str]:
         """
-        Role for which apply default privileges (You can change default privileges only for objects that will be created by yourself or by roles that you are a member of).
+        Specifies the role that creates objects for which the default privileges will be applied.
         """
         return pulumi.get(self, "owner")
 
@@ -475,7 +515,7 @@ def owner(self) -> pulumi.Output[str]:
     @pulumi.getter
     def privileges(self) -> pulumi.Output[Sequence[str]]:
         """
-        The list of privileges to apply as default privileges. An empty list could be provided to revoke all default privileges for this role.
+        List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
         """
         return pulumi.get(self, "privileges")
 
@@ -483,7 +523,7 @@ def privileges(self) -> pulumi.Output[Sequence[str]]:
     @pulumi.getter
     def role(self) -> pulumi.Output[str]:
         """
-        The name of the role to which grant default privileges on.
+        The role that will automatically be granted the specified privileges on new objects created by the owner.
         """
         return pulumi.get(self, "role")
 
diff --git a/sdk/python/pulumi_postgresql/provider.py b/sdk/python/pulumi_postgresql/provider.py
index 5c689c6..3104d04 100644
--- a/sdk/python/pulumi_postgresql/provider.py
+++ b/sdk/python/pulumi_postgresql/provider.py
@@ -22,6 +22,7 @@ class ProviderArgs:
     def __init__(__self__, *,
                  aws_rds_iam_auth: Optional[pulumi.Input[bool]] = None,
                  aws_rds_iam_profile: Optional[pulumi.Input[str]] = None,
+                 aws_rds_iam_provider_role_arn: Optional[pulumi.Input[str]] = None,
                  aws_rds_iam_region: Optional[pulumi.Input[str]] = None,
                  azure_identity_auth: Optional[pulumi.Input[bool]] = None,
                  azure_tenant_id: Optional[pulumi.Input[str]] = None,
@@ -46,6 +47,7 @@ def __init__(__self__, *,
         :param pulumi.Input[bool] aws_rds_iam_auth: Use rds_iam instead of password authentication (see:
                https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html)
         :param pulumi.Input[str] aws_rds_iam_profile: AWS profile to use for IAM auth
+        :param pulumi.Input[str] aws_rds_iam_provider_role_arn: AWS IAM role to assume for IAM auth
         :param pulumi.Input[str] aws_rds_iam_region: AWS region to use for IAM auth
         :param pulumi.Input[bool] azure_identity_auth: Use MS Azure identity OAuth token (see:
                https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication)
@@ -70,6 +72,8 @@ def __init__(__self__, *,
             pulumi.set(__self__, "aws_rds_iam_auth", aws_rds_iam_auth)
         if aws_rds_iam_profile is not None:
             pulumi.set(__self__, "aws_rds_iam_profile", aws_rds_iam_profile)
+        if aws_rds_iam_provider_role_arn is not None:
+            pulumi.set(__self__, "aws_rds_iam_provider_role_arn", aws_rds_iam_provider_role_arn)
         if aws_rds_iam_region is not None:
             pulumi.set(__self__, "aws_rds_iam_region", aws_rds_iam_region)
         if azure_identity_auth is not None:
@@ -141,6 +145,18 @@ def aws_rds_iam_profile(self) -> Optional[pulumi.Input[str]]:
     def aws_rds_iam_profile(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "aws_rds_iam_profile", value)
 
+    @property
+    @pulumi.getter(name="awsRdsIamProviderRoleArn")
+    def aws_rds_iam_provider_role_arn(self) -> Optional[pulumi.Input[str]]:
+        """
+        AWS IAM role to assume for IAM auth
+        """
+        return pulumi.get(self, "aws_rds_iam_provider_role_arn")
+
+    @aws_rds_iam_provider_role_arn.setter
+    def aws_rds_iam_provider_role_arn(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "aws_rds_iam_provider_role_arn", value)
+
     @property
     @pulumi.getter(name="awsRdsIamRegion")
     def aws_rds_iam_region(self) -> Optional[pulumi.Input[str]]:
@@ -372,6 +388,7 @@ def __init__(__self__,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  aws_rds_iam_auth: Optional[pulumi.Input[bool]] = None,
                  aws_rds_iam_profile: Optional[pulumi.Input[str]] = None,
+                 aws_rds_iam_provider_role_arn: Optional[pulumi.Input[str]] = None,
                  aws_rds_iam_region: Optional[pulumi.Input[str]] = None,
                  azure_identity_auth: Optional[pulumi.Input[bool]] = None,
                  azure_tenant_id: Optional[pulumi.Input[str]] = None,
@@ -403,6 +420,7 @@ def __init__(__self__,
         :param pulumi.Input[bool] aws_rds_iam_auth: Use rds_iam instead of password authentication (see:
                https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html)
         :param pulumi.Input[str] aws_rds_iam_profile: AWS profile to use for IAM auth
+        :param pulumi.Input[str] aws_rds_iam_provider_role_arn: AWS IAM role to assume for IAM auth
         :param pulumi.Input[str] aws_rds_iam_region: AWS region to use for IAM auth
         :param pulumi.Input[bool] azure_identity_auth: Use MS Azure identity OAuth token (see:
                https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication)
@@ -452,6 +470,7 @@ def _internal_init(__self__,
                  opts: Optional[pulumi.ResourceOptions] = None,
                  aws_rds_iam_auth: Optional[pulumi.Input[bool]] = None,
                  aws_rds_iam_profile: Optional[pulumi.Input[str]] = None,
+                 aws_rds_iam_provider_role_arn: Optional[pulumi.Input[str]] = None,
                  aws_rds_iam_region: Optional[pulumi.Input[str]] = None,
                  azure_identity_auth: Optional[pulumi.Input[bool]] = None,
                  azure_tenant_id: Optional[pulumi.Input[str]] = None,
@@ -482,6 +501,7 @@ def _internal_init(__self__,
 
             __props__.__dict__["aws_rds_iam_auth"] = pulumi.Output.from_input(aws_rds_iam_auth).apply(pulumi.runtime.to_json) if aws_rds_iam_auth is not None else None
             __props__.__dict__["aws_rds_iam_profile"] = aws_rds_iam_profile
+            __props__.__dict__["aws_rds_iam_provider_role_arn"] = aws_rds_iam_provider_role_arn
             __props__.__dict__["aws_rds_iam_region"] = aws_rds_iam_region
             __props__.__dict__["azure_identity_auth"] = pulumi.Output.from_input(azure_identity_auth).apply(pulumi.runtime.to_json) if azure_identity_auth is not None else None
             __props__.__dict__["azure_tenant_id"] = azure_tenant_id
@@ -521,6 +541,14 @@ def aws_rds_iam_profile(self) -> pulumi.Output[Optional[str]]:
         """
         return pulumi.get(self, "aws_rds_iam_profile")
 
+    @property
+    @pulumi.getter(name="awsRdsIamProviderRoleArn")
+    def aws_rds_iam_provider_role_arn(self) -> pulumi.Output[Optional[str]]:
+        """
+        AWS IAM role to assume for IAM auth
+        """
+        return pulumi.get(self, "aws_rds_iam_provider_role_arn")
+
     @property
     @pulumi.getter(name="awsRdsIamRegion")
     def aws_rds_iam_region(self) -> pulumi.Output[Optional[str]]:
diff --git a/sdk/python/pulumi_postgresql/security_label.py b/sdk/python/pulumi_postgresql/security_label.py
new file mode 100644
index 0000000..77f8eb1
--- /dev/null
+++ b/sdk/python/pulumi_postgresql/security_label.py
@@ -0,0 +1,343 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+
+__all__ = ['SecurityLabelArgs', 'SecurityLabel']
+
+@pulumi.input_type
+class SecurityLabelArgs:
+    def __init__(__self__, *,
+                 label: pulumi.Input[str],
+                 label_provider: pulumi.Input[str],
+                 object_name: pulumi.Input[str],
+                 object_type: pulumi.Input[str]):
+        """
+        The set of arguments for constructing a SecurityLabel resource.
+        :param pulumi.Input[str] label: The value of the security label.
+        :param pulumi.Input[str] label_provider: The name of the provider with which this label is to be associated.
+        :param pulumi.Input[str] object_name: The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        :param pulumi.Input[str] object_type: The PostgreSQL object type to apply this security label to.
+        """
+        pulumi.set(__self__, "label", label)
+        pulumi.set(__self__, "label_provider", label_provider)
+        pulumi.set(__self__, "object_name", object_name)
+        pulumi.set(__self__, "object_type", object_type)
+
+    @property
+    @pulumi.getter
+    def label(self) -> pulumi.Input[str]:
+        """
+        The value of the security label.
+        """
+        return pulumi.get(self, "label")
+
+    @label.setter
+    def label(self, value: pulumi.Input[str]):
+        pulumi.set(self, "label", value)
+
+    @property
+    @pulumi.getter(name="labelProvider")
+    def label_provider(self) -> pulumi.Input[str]:
+        """
+        The name of the provider with which this label is to be associated.
+        """
+        return pulumi.get(self, "label_provider")
+
+    @label_provider.setter
+    def label_provider(self, value: pulumi.Input[str]):
+        pulumi.set(self, "label_provider", value)
+
+    @property
+    @pulumi.getter(name="objectName")
+    def object_name(self) -> pulumi.Input[str]:
+        """
+        The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        """
+        return pulumi.get(self, "object_name")
+
+    @object_name.setter
+    def object_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "object_name", value)
+
+    @property
+    @pulumi.getter(name="objectType")
+    def object_type(self) -> pulumi.Input[str]:
+        """
+        The PostgreSQL object type to apply this security label to.
+        """
+        return pulumi.get(self, "object_type")
+
+    @object_type.setter
+    def object_type(self, value: pulumi.Input[str]):
+        pulumi.set(self, "object_type", value)
+
+
+@pulumi.input_type
+class _SecurityLabelState:
+    def __init__(__self__, *,
+                 label: Optional[pulumi.Input[str]] = None,
+                 label_provider: Optional[pulumi.Input[str]] = None,
+                 object_name: Optional[pulumi.Input[str]] = None,
+                 object_type: Optional[pulumi.Input[str]] = None):
+        """
+        Input properties used for looking up and filtering SecurityLabel resources.
+        :param pulumi.Input[str] label: The value of the security label.
+        :param pulumi.Input[str] label_provider: The name of the provider with which this label is to be associated.
+        :param pulumi.Input[str] object_name: The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        :param pulumi.Input[str] object_type: The PostgreSQL object type to apply this security label to.
+        """
+        if label is not None:
+            pulumi.set(__self__, "label", label)
+        if label_provider is not None:
+            pulumi.set(__self__, "label_provider", label_provider)
+        if object_name is not None:
+            pulumi.set(__self__, "object_name", object_name)
+        if object_type is not None:
+            pulumi.set(__self__, "object_type", object_type)
+
+    @property
+    @pulumi.getter
+    def label(self) -> Optional[pulumi.Input[str]]:
+        """
+        The value of the security label.
+        """
+        return pulumi.get(self, "label")
+
+    @label.setter
+    def label(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "label", value)
+
+    @property
+    @pulumi.getter(name="labelProvider")
+    def label_provider(self) -> Optional[pulumi.Input[str]]:
+        """
+        The name of the provider with which this label is to be associated.
+        """
+        return pulumi.get(self, "label_provider")
+
+    @label_provider.setter
+    def label_provider(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "label_provider", value)
+
+    @property
+    @pulumi.getter(name="objectName")
+    def object_name(self) -> Optional[pulumi.Input[str]]:
+        """
+        The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        """
+        return pulumi.get(self, "object_name")
+
+    @object_name.setter
+    def object_name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "object_name", value)
+
+    @property
+    @pulumi.getter(name="objectType")
+    def object_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The PostgreSQL object type to apply this security label to.
+        """
+        return pulumi.get(self, "object_type")
+
+    @object_type.setter
+    def object_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "object_type", value)
+
+
+class SecurityLabel(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 label: Optional[pulumi.Input[str]] = None,
+                 label_provider: Optional[pulumi.Input[str]] = None,
+                 object_name: Optional[pulumi.Input[str]] = None,
+                 object_type: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        The ``SecurityLabel`` resource creates and manages security labels.
+
+        See [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html)
+
+        > **Note:** This resource needs Postgresql version 11 or above.
+
+        ## Usage
+
+        ```python
+        import pulumi
+        import pulumi_postgresql as postgresql
+
+        my_role = postgresql.Role("my_role",
+            name="my_role",
+            login=True)
+        workload = postgresql.SecurityLabel("workload",
+            object_type="role",
+            object_name=my_role.name,
+            label_provider="pgaadauth",
+            label="aadauth,oid=00000000-0000-0000-0000-000000000000,type=service")
+        ```
+
+        ## Import
+
+        Security label is an attribute that can be added multiple times, so no import is needed, simply apply again.
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[str] label: The value of the security label.
+        :param pulumi.Input[str] label_provider: The name of the provider with which this label is to be associated.
+        :param pulumi.Input[str] object_name: The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        :param pulumi.Input[str] object_type: The PostgreSQL object type to apply this security label to.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SecurityLabelArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        The ``SecurityLabel`` resource creates and manages security labels.
+
+        See [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-security-label.html)
+
+        > **Note:** This resource needs Postgresql version 11 or above.
+
+        ## Usage
+
+        ```python
+        import pulumi
+        import pulumi_postgresql as postgresql
+
+        my_role = postgresql.Role("my_role",
+            name="my_role",
+            login=True)
+        workload = postgresql.SecurityLabel("workload",
+            object_type="role",
+            object_name=my_role.name,
+            label_provider="pgaadauth",
+            label="aadauth,oid=00000000-0000-0000-0000-000000000000,type=service")
+        ```
+
+        ## Import
+
+        Security label is an attribute that can be added multiple times, so no import is needed, simply apply again.
+
+        :param str resource_name: The name of the resource.
+        :param SecurityLabelArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SecurityLabelArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 label: Optional[pulumi.Input[str]] = None,
+                 label_provider: Optional[pulumi.Input[str]] = None,
+                 object_name: Optional[pulumi.Input[str]] = None,
+                 object_type: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SecurityLabelArgs.__new__(SecurityLabelArgs)
+
+            if label is None and not opts.urn:
+                raise TypeError("Missing required property 'label'")
+            __props__.__dict__["label"] = label
+            if label_provider is None and not opts.urn:
+                raise TypeError("Missing required property 'label_provider'")
+            __props__.__dict__["label_provider"] = label_provider
+            if object_name is None and not opts.urn:
+                raise TypeError("Missing required property 'object_name'")
+            __props__.__dict__["object_name"] = object_name
+            if object_type is None and not opts.urn:
+                raise TypeError("Missing required property 'object_type'")
+            __props__.__dict__["object_type"] = object_type
+        super(SecurityLabel, __self__).__init__(
+            'postgresql:index/securityLabel:SecurityLabel',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            label: Optional[pulumi.Input[str]] = None,
+            label_provider: Optional[pulumi.Input[str]] = None,
+            object_name: Optional[pulumi.Input[str]] = None,
+            object_type: Optional[pulumi.Input[str]] = None) -> 'SecurityLabel':
+        """
+        Get an existing SecurityLabel resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[str] label: The value of the security label.
+        :param pulumi.Input[str] label_provider: The name of the provider with which this label is to be associated.
+        :param pulumi.Input[str] object_name: The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        :param pulumi.Input[str] object_type: The PostgreSQL object type to apply this security label to.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _SecurityLabelState.__new__(_SecurityLabelState)
+
+        __props__.__dict__["label"] = label
+        __props__.__dict__["label_provider"] = label_provider
+        __props__.__dict__["object_name"] = object_name
+        __props__.__dict__["object_type"] = object_type
+        return SecurityLabel(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def label(self) -> pulumi.Output[str]:
+        """
+        The value of the security label.
+        """
+        return pulumi.get(self, "label")
+
+    @property
+    @pulumi.getter(name="labelProvider")
+    def label_provider(self) -> pulumi.Output[str]:
+        """
+        The name of the provider with which this label is to be associated.
+        """
+        return pulumi.get(self, "label_provider")
+
+    @property
+    @pulumi.getter(name="objectName")
+    def object_name(self) -> pulumi.Output[str]:
+        """
+        The name of the object to be labeled. Names of objects that reside in schemas (tables, functions, etc.) can be schema-qualified.
+        """
+        return pulumi.get(self, "object_name")
+
+    @property
+    @pulumi.getter(name="objectType")
+    def object_type(self) -> pulumi.Output[str]:
+        """
+        The PostgreSQL object type to apply this security label to.
+        """
+        return pulumi.get(self, "object_type")
+
diff --git a/upstream b/upstream
index 7120473..a9e6984 160000
--- a/upstream
+++ b/upstream
@@ -1 +1 @@
-Subproject commit 71204736b16ca8c21dc6c08828e005144eed53a5
+Subproject commit a9e69846e287e3ba35404bf74ad0a24095767149