rubrikinc · johan3141592 · Nov 10, 2025 · Oct 21, 2025 · Nov 7, 2025 · Nov 10, 2025
@@ -25,10 +25,6 @@ ID, the RSC cloud account ID or the name.
 data "polaris_aws_account" "account" {
   name = "example"
 }
-
-output "cloud_account_id" {
-  value = data.polaris_aws_account.account.id
-}
 ```
 
 <!-- schema generated by tfplugindocs -->

@@ -15,7 +15,7 @@ AWS archival location. An archival location is looked up using either the ID or
 ## Example Usage
 
 ```terraform
-# Using the archival location ID.
+# Using the ID.
 data "polaris_aws_archival_location" "location" {
   id = "db34f042-79ea-48b1-bab8-c40dfbf2ab82"
 }

@@ -45,11 +45,11 @@ data "polaris_azure_archival_location" "archival_location" {
 
 - `connection_status` (String) Connection status of the cloud native archival location.
 - `container_name` (String) Azure storage container name.
-- `customer_managed_key` (Set of Object) Customer managed storage encryption. Specify the regions and their respective encryption details. For other regions, data will be encrypted using platform managed keys. (see [below for nested schema](#nestedatt--customer_managed_key))
+- `customer_managed_key` (Set of Object) Customer managed storage encryption. For `SPECIFIC_REGION`, a customer managed key for the specified region will be returned. For `SOURCE_REGION`, a customer managed key for each specified region will be returned, for other regions, data will be encrypted using platform managed keys. (see [below for nested schema](#nestedatt--customer_managed_key))
 - `location_template` (String) RSC location template. If a storage account region was specified, it will be `SPECIFIC_REGION`, otherwise `SOURCE_REGION`.
 - `redundancy` (String) Azure storage redundancy. Possible values are `GRS`, `GZRS`, `LRS`, `RA_GRS`, `RA_GZRS` and `ZRS`. Default value is `LRS`.
 - `storage_account_name_prefix` (String) Azure storage account name prefix. The storage account name prefix cannot be longer than 14 characters and can only consist of numbers and lower case letters.
-- `storage_account_region` (String) Azure region to store the snapshots in. If not specified, the snapshots will be stored in the same region as the workload.
+- `storage_account_region` (String) Azure region to store the snapshots in (`SPECIFIC_REGION`). If not specified, the snapshots will be stored in the same region as the workload (`SOURCE_REGION`).
 - `storage_account_tags` (Map of String) Azure storage account tags. Each tag will be added to the storage account created by RSC.
 - `storage_tier` (String) Azure storage tier. Possible values are `COOL` and `HOT`. Default value is `COOL`.
 
@@ -59,5 +59,5 @@ data "polaris_azure_archival_location" "archival_location" {
 Read-Only:
 
 - `name` (String) Key name.
-- `region` (String) The region in which the key will be used. Regions without customer managed keys will use platform managed keys.
+- `region` (String) The region in which the key will be used.
 - `vault_name` (String) Key vault name.
@@ -4,14 +4,14 @@ page_title: "polaris_azure_permissions Data Source - terraform-provider-polaris"
 subcategory: ""
 description: |-
   The polaris_azure_permissions data source is used to access information about
-  the permissions required by RSC for a specified RSC feature.
-  The polaris_azure_permissions data source can be used with the permissions
-  field of the polaris_azure_subscription resource and the
-  azurerm_role_definition resource to automatically update the permissions of
-  roles and notify RSC about the updated permissions.
+  the permissions required by RSC for an RSC feature.
+  The polaris_azure_permissions data source can be used with the
+  azurerm_role_definition resource and the permissions field of the
+  polaris_azure_subscription resource to automatically update the permissions
+  of roles and notify RSC about the updated.
   Permission Groups
   Following is a list of features and their applicable permission groups. These
-  are used when specifying the feature set.
+  are used when specifying the feature.
   AZURE_SQL_DB_PROTECTION
   BASIC - Represents the basic set of permissions required to onboard the
   feature.RECOVERY - Represents the set of permissions required for all recovery
@@ -46,6 +46,8 @@ description: |-
   feature.PRIVATE_ENDPOINTS - Represents the set of permissions required for usage
   of private endpoints.CUSTOMER_MANAGED_BASIC - Represents the permissions required to enable
   customer-managed Exocompute feature.
+  -> Note: When permission groups are specified, the BASIC permission group
+  is always required .
   -> Note: To better fit the RSC Azure permission model where each RSC feature
   have two Azure roles, the features field has been deprecated and replaced
   with the feature field.
@@ -63,16 +65,16 @@ description: |-
 # polaris_azure_permissions (Data Source)
 
 The `polaris_azure_permissions` data source is used to access information about
-the permissions required by RSC for a specified RSC feature. 
+the permissions required by RSC for an RSC feature.
 
-The `polaris_azure_permissions` data source can be used with the `permissions`
-field of the `polaris_azure_subscription` resource and the
-`azurerm_role_definition` resource to automatically update the permissions of
-roles and notify RSC about the updated permissions.
+The `polaris_azure_permissions` data source can be used with the
+`azurerm_role_definition` resource and the `permissions` field of the
+`polaris_azure_subscription` resource to automatically update the permissions
+of roles and notify RSC about the updated.
 
 ## Permission Groups
 Following is a list of features and their applicable permission groups. These
-are used when specifying the feature set.
+are used when specifying the feature.
 
 `AZURE_SQL_DB_PROTECTION`
   * `BASIC` - Represents the basic set of permissions required to onboard the
@@ -128,6 +130,9 @@ are used when specifying the feature set.
   * `CUSTOMER_MANAGED_BASIC` - Represents the permissions required to enable
     customer-managed Exocompute feature.
 
+-> **Note:** When permission groups are specified, the `BASIC` permission group
+   is always required .
+
 -> **Note:** To better fit the RSC Azure permission model where each RSC feature
    have two Azure roles, the `features` field has been deprecated and replaced
    with the `feature` field.
@@ -188,7 +193,7 @@ resource "polaris_azure_subscription" "subscription" {
 
 ### Optional
 
-- `feature` (String) RSC feature. Note that the feature name must be given in the `EXAMPLE_FEATURE_NAME` style. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`,  `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_BLOB_PROTECTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`.
+- `feature` (String) RSC feature. Note that the feature must be given in the `EXAMPLE_FEATURE_NAME` style. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`,  `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_BLOB_PROTECTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`.
 - `features` (Set of String, Deprecated) RSC features. Possible values are `AZURE_SQL_DB_PROTECTION`, `AZURE_SQL_MI_PROTECTION`, `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_ARCHIVAL_ENCRYPTION`, `CLOUD_NATIVE_BLOB_PROTECTION`, `CLOUD_NATIVE_PROTECTION` and `EXOCOMPUTE`. **Deprecated:** use `feature` instead.
 - `permission_groups` (Set of String) Permission groups for the RSC feature. Possible values are `BASIC`, `EXPORT_AND_RESTORE`, `FILE_LEVEL_RECOVERY`, `SNAPSHOT_PRIVATE_ACCESS`, `PRIVATE_ENDPOINTS`, `CUSTOMER_MANAGED_BASIC`, `ENCRYPTION`, `SQL_ARCHIVAL`, `RECOVERY` and `BACKUP_V2`.
 

@@ -3,22 +3,22 @@
 page_title: "polaris_azure_subscription Data Source - terraform-provider-polaris"
 subcategory: ""
 description: |-
-  The polaris_azure_subscription data source is used to access information about an
-  Azure subscription added to RSC. An Azure subscription is looked up using either the
-  Azure subscription ID or the name. When looking up an Azure subscription using the
-  subscription name, the tenant domain can be used to specify in which tenant to look
-  for the name.
+  The polaris_azure_subscription data source is used to access information
+  about an Azure subscription added to RSC. An Azure subscription is looked up
+  using either the Azure subscription ID, the RSC cloud account ID, or the name.
+  When looking up an Azure subscription using the subscription name, the tenant
+  domain can be used to specify in which tenant to look for the name.
   -> Note: The subscription name is the name of the Azure subscription as it appears
   in RSC.
 ---
 
 # polaris_azure_subscription (Data Source)
 
-The `polaris_azure_subscription` data source is used to access information about an
-Azure subscription added to RSC. An Azure subscription is looked up using either the
-Azure subscription ID or the name. When looking up an Azure subscription using the
-subscription name, the tenant domain can be used to specify in which tenant to look
-for the name.
+The `polaris_azure_subscription` data source is used to access information
+about an Azure subscription added to RSC. An Azure subscription is looked up
+using either the Azure subscription ID, the RSC cloud account ID, or the name.
+When looking up an Azure subscription using the subscription name, the tenant
+domain can be used to specify in which tenant to look for the name.
 
 -> **Note:** The subscription name is the name of the Azure subscription as it appears
    in RSC.
@@ -29,21 +29,14 @@ for the name.
 data "polaris_azure_subscription" "subscription" {
   name = "example"
 }
-
-output "cloud_account_id" {
-  value = data.polaris_azure_subscription.subscription.id
-}
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
 ### Optional
 
+- `id` (String) RSC cloud account ID (UUID).
 - `name` (String) Azure subscription name.
 - `subscription_id` (String) Azure subscription ID.
 - `tenant_domain` (String) Azure tenant primary domain.
-
-### Read-Only
-
-- `id` (String) RSC cloud account ID (UUID).
@@ -0,0 +1,61 @@
+---
+page_title: "polaris_gcp_archival_location Data Source - terraform-provider-polaris"
+subcategory: ""
+description: |-
+
+The `polaris_gcp_archival_location` data source is used to access information
+about a GCP archival location. An archival location is looked up using either
+the ID or the name.
+
+---
+
+# polaris_gcp_archival_location (Data Source)
+
+
+The `polaris_gcp_archival_location` data source is used to access information
+about a GCP archival location. An archival location is looked up using either
+the ID or the name.
+
+
+
+## Example Usage
+
+```terraform
+# Using the ID.
+data "polaris_gcp_archival_location" "location" {
+  id = "9e90a8bb-0578-43dc-9330-57f86a9ae1e6"
+}
+
+# Using the name.
+data "polaris_gcp_archival_location" "location" {
+  name = "my-archival-location"
+}
+```
+
+
+## Schema
+
+### Optional
+
+- `id` (String) Cloud native archival location ID (UUID).
+- `name` (String) Name of the cloud native archival location.
+
+### Read-Only
+
+- `bucket_labels` (Map of String) GCP bucket labels.
+- `bucket_prefix` (String) GCP bucket prefix. Note, `rubrik-` will always be prepended to the prefix.
+- `cloud_account_id` (String) RSC cloud account ID (UUID).
+- `connection_status` (String) Connection status of the archival location.
+- `customer_managed_key` (Set of Object) Customer managed storage encryption. For `SPECIFIC_REGION`, a customer managed key for the specified region will be returned. For `SOURCE_REGION`, a customer managed key for each specified region will be returned, for other regions, data will be encrypted using platform managed keys. (see [below for nested schema](#nestedatt--customer_managed_key))
+- `location_template` (String) RSC location template. If a region was specified, it will be `SPECIFIC_REGION`, otherwise `SOURCE_REGION`.
+- `region` (String) GCP region to store the snapshots in (`SPECIFIC_REGION`). If not specified, the snapshots will be stored in the same region as the workload (`SOURCE_REGION`).
+- `storage_class` (String) GCP bucket storage class. Possible values are `ARCHIVE`, `COLDLINE`, `NEARLINE`, `STANDARD` and `DURABLE_REDUCED_AVAILABILITY`.
+
+<a id="nestedatt--customer_managed_key"></a>
+### Nested Schema for `customer_managed_key`
+
+Read-Only:
+
+- `name` (String) Key name
+- `region` (String) The region in which the key will be used.
+- `ring_name` (String) Key ring name.
@@ -3,32 +3,109 @@
 page_title: "polaris_gcp_permissions Data Source - terraform-provider-polaris"
 subcategory: ""
 description: |-
-
+  The polaris_gcp_permissions data source is used to access information about
+  the permissions required by RSC for an RSC feature.
+  The polaris_gcp_permissions data source can be used with the
+  google_project_iam_custom_role resource and the permissions field of the
+  polaris_gcp_project resource to automatically update the permissions of roles
+  and notify RSC about the updated.
+  Permission Groups
+  Following is a list of features and their applicable permission groups. These
+  are used when specifying the feature.
+  CLOUD_NATIVE_ARCHIVAL
+  BASIC - Represents the basic set of permissions required to onboard the
+  feature.ENCRYPTION - Represents the set of permissions required for encryption
+  operation.
+  CLOUD_NATIVE_PROTECTION
+  BASIC - Represents the basic set of permissions required to onboard the
+  feature.EXPORT_AND_RESTORE - Represents the set of permissions required for export
+  and restore operations.FILE_LEVEL_RECOVERY - Represents the set of permissions required for
+  file-level recovery operations.
+  GCP_SHARED_VPC_HOST
+  BASIC - Represents the basic set of permissions required to onboard the
+  feature.
+  EXOCOMPUTE
+  BASIC - Represents the basic set of permissions required to onboard the
+  feature.
+  -> Note: When permission groups are specified, the BASIC permission group
+  is always required .
+  -> Note: Due to backward compatibility, the features field allow the
+  feature names to be given in 3 different styles: EXAMPLE_FEATURE_NAME,
+  example-feature-name or example_feature_name. The recommended style is
+  EXAMPLE_FEATURE_NAME as it is what the RSC API itself uses.
 ---
 
 # polaris_gcp_permissions (Data Source)
 
+The `polaris_gcp_permissions` data source is used to access information about
+the permissions required by RSC for an RSC feature.
 
+The `polaris_gcp_permissions` data source can be used with the
+`google_project_iam_custom_role` resource and the `permissions` field of the
+`polaris_gcp_project` resource to automatically update the permissions of roles
+and notify RSC about the updated.
+
+## Permission Groups
+Following is a list of features and their applicable permission groups. These
+are used when specifying the feature.
+
+`CLOUD_NATIVE_ARCHIVAL`
+  * `BASIC` - Represents the basic set of permissions required to onboard the
+    feature.
+  * `ENCRYPTION` - Represents the set of permissions required for encryption
+    operation.
+
+`CLOUD_NATIVE_PROTECTION`
+  * `BASIC` - Represents the basic set of permissions required to onboard the
+    feature.
+  * `EXPORT_AND_RESTORE` - Represents the set of permissions required for export
+    and restore operations.
+  * `FILE_LEVEL_RECOVERY` - Represents the set of permissions required for
+    file-level recovery operations.
+
+`GCP_SHARED_VPC_HOST`
+  * `BASIC` - Represents the basic set of permissions required to onboard the
+    feature.
+
+`EXOCOMPUTE`
+  * `BASIC` - Represents the basic set of permissions required to onboard the
+    feature.
+
+-> **Note:** When permission groups are specified, the `BASIC` permission group
+   is always required .
+
+-> **Note:** Due to backward compatibility, the `features` field allow the
+   feature names to be given in 3 different styles: `EXAMPLE_FEATURE_NAME`,
+   `example-feature-name` or `example_feature_name`. The recommended style is
+   `EXAMPLE_FEATURE_NAME` as it is what the RSC API itself uses.
 
 ## Example Usage
 
 ```terraform
-data "polaris_gcp_permissions" "default" {
-  features = [
-    "CLOUD_NATIVE_PROTECTION",
+data "polaris_gcp_permissions" "cloud_native_archival" {
+  feature = "CLOUD_NATIVE_ARCHIVAL"
+  permission_groups = [
+    "BASIC",
+    "ENCRYPTION",
   ]
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
+### Optional
 
-- `features` (Set of String) Enabled features.
+- `feature` (String) RSC feature. Note that the feature must be given in the `EXAMPLE_FEATURE_NAME` style. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `GCP_SHARED_VPC_HOST` and `EXOCOMPUTE`.
+- `features` (Set of String, Deprecated) RSC features. Possible values are `CLOUD_NATIVE_ARCHIVAL`, `CLOUD_NATIVE_PROTECTION`, `GCP_SHARED_VPC_HOST` and `EXOCOMPUTE`. **Deprecated:** use `feature` instead.
+- `permission_groups` (Set of String) Permission groups for the RSC feature. Possible values are `BASIC`, `ENCRYPTION`, `EXPORT_AND_RESTORE` and `FILE_LEVEL_RECOVERY`.
 
 ### Read-Only
 
-- `hash` (String) SHA-256 hash of the permissions, can be used to detect changes to the permissions.
-- `id` (String) The ID of this resource.
-- `permissions` (List of String) Permissions required for the features enabled.
+- `conditions` (Set of String) Conditions for the permissions with conditions.
+- `hash` (String, Deprecated) SHA-256 hash of the permissions, can be used to detect changes to the permissions. **Deprecated:** use `id` instead.
+- `id` (String) SHA-256 hash of the required permissions, will be updated as the required permissions changes.
+- `permissions` (List of String, Deprecated) Permissions required for the set of RSC features. Includes permissions with conditions. **Deprecated:** use `with_conditions` and `without_conditions` instead.
+- `services` (Set of String) GCP services required for the RSC feature.
+- `with_conditions` (Set of String) Permissions with conditions required for the RSC feature.
+- `without_conditions` (Set of String) Permissions without conditions required for the RSC feature.